Trojaner-Board - Malwarebytes Anti-Malware -hat mir geholfen!

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Malwarebytes Anti-Malware -hat mir geholfen! (https://www.trojaner-board.de/94253-malwarebytes-anti-malware-hat-mir-geholfen.html)

Malwarebytes Anti-Malware -hat mir geholfen!

Hoffe bin nun im richtigen Thema:
Servus Leute und da guru,
ich habe mir gestern den HDD low eingefangen und dachte schon jetzt is alles i. A.
Habe aber bei euch im Forum die Anleitung über rkill.com gelesen und alles wie beschrieben gemacht! Und siehe da der Schmarren is nun weg -schon mal danke-

Hier noch der Report von Anti-Malware:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5406

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

28.12.2010 14:14:17
mbam-log-2010-12-28 (14-14-17).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 172156
Laufzeit: 8 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3135468 (Rogue.FakeHDD) -> Value: 3135468 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\dokumente und einstellungen\Markus\startmenü\programme\HDD Low (Rogue.HDDLow) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\dokumente und einstellungen\Markus\lokale einstellungen\Temp\3135468.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Markus\Desktop\HDD Low.lnk (Rogue.HDDLow) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Markus\startmenü\programme\HDD Low\HDD Low.lnk (Rogue.HDDLow) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Markus\startmenü\programme\HDD Low\uninstall hdd low.lnk (Rogue.HDDLow) -> Quarantined and deleted successfully.

Hier noch das Ergebnis von OTLOTL Logfile:

Code:

OTL logfile created on: 28.12.2010 14:48:19 - Run 1

OTL by OldTimer - Version 3.2.18.0 Folder = C:\Dokumente und Einstellungen\Markus\Eigene Dateien\Downloads

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

511,00 Mb Total Physical Memory | 171,00 Mb Available Physical Memory | 33,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 53,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 228,52 Gb Total Space | 153,41 Gb Free Space | 67,13% Space Free | Partition Type: NTFS

Drive D: | 2,05 Gb Total Space | 1,65 Gb Free Space | 80,60% Space Free | Partition Type: FAT32

Drive J: | 596,02 Gb Total Space | 586,59 Gb Free Space | 98,42% Space Free | Partition Type: FAT32

 

Computer Name: NAME-30M291G2YF | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\Markus\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)

PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)

PRC - C:\Programme\Scansoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)

PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)

PRC - C:\Programme\pdf24\PDF24Updater.exe ()

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)

PRC - C:\WINDOWS\system32\carpserv.exe (Conexant Systems, Inc.)

PRC - C:\Programme\Office\OUTLOOK.EXE (Microsoft Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\Markus\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)

MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (x10nets) -- File not found

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (mfefire) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)

SRV - (mfevtp) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)

SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV - (McShield) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mcshield.exe ()

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (McAfee SiteAdvisor Service) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

SRV - (McProxy) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNASvc) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNaiAnn) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (mcmscsvc) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McMPFSvc) -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)

SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)

SRV - (SerialKeys) -- C:\WINDOWS\system32\skeys.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)

DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)

DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)

DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)

DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)

DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (cpuz132) -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (aucapi) -- C:\WINDOWS\system32\drivers\aucapi.sys (Auerswald GmbH & Co.KG )

DRV - (auusb) -- C:\WINDOWS\system32\drivers\auusb.sys (Auerswald GmbH & Co.KG )

DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (ADM851X) -- C:\WINDOWS\system32\drivers\ADM851X.SYS (Infineon Technologies AG)

DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)

DRV - (ATITUNEP) ATI WDM TV Tuner (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atintuxx.sys (ATI Technologies Inc.)

DRV - (ATIXSAudio) -- C:\WINDOWS\system32\drivers\atinxsxx.sys (ATI Technologies Inc.)

DRV - (atinrvxx) -- C:\WINDOWS\system32\drivers\atinrvxx.sys (ATI Technologies Inc.)

DRV - (TTDec) ATI WDM Teletext Decoder (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atinttxx.sys (ATI Technologies Inc.)

DRV - (ativraxx) -- C:\WINDOWS\system32\drivers\atinraxx.sys (ATI Technologies Inc.)

DRV - (MVDCODEC) ATI WDM Specialized MVD Codec (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atinmdxx.sys (ATI Technologies Inc.)

DRV - (U3sHlpDr) -- C:\WINDOWS\system32\drivers\U3sHlpDr.sys ()

DRV - (actser) -- C:\WINDOWS\system32\drivers\actser.sys (Siemens AG)

DRV - (kbeepm) -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\kbeepm.sys ()

DRV - (W8100PCI) -- C:\WINDOWS\system32\drivers\mrv8k51.sys (Marvell Semiconductor, Inc)

DRV - (ATI Remote Wonder II) -- C:\WINDOWS\system32\drivers\atirwvd.sys (Jungo)

DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)

DRV - (SCR33X USB Smart Card Reader) -- C:\WINDOWS\system32\drivers\SCR33X2K.sys (SCM Microsystems Inc.)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)

DRV - (IMT0521) -- C:\WINDOWS\system32\drivers\IMT0521.sys (Inmax Technology Corp.)

DRV - (X10UIF) -- C:\WINDOWS\system32\drivers\x10uif.sys (X10 Wireless Technology, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems, Inc.)

DRV - (ASNDIS5) -- C:\WINDOWS\system32\ASNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (BrUsbScn) Brother MFC-Scannertreiber (USB) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys (Brother Industries Ltd.)

DRV - (BrSerWDM) Brother-Treiber (seriell) -- C:\WINDOWS\system32\drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.donaualtheimer-rapsoel.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Secure Search"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.raps-kuchen.de/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2

FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Programme\McAfee\SiteAdvisor [2010.12.14 20:32:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.15 21:22:51 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.29 10:51:53 | 000,000,000 | ---D | M]

 

[2009.12.30 15:44:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Mozilla\Extensions

[2010.12.27 21:39:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Mozilla\Firefox\Profiles\h2ut9aca.default\extensions

[2009.12.30 20:45:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Mozilla\Firefox\Profiles\h2ut9aca.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.01.02 18:10:43 | 000,002,238 | ---- | M] () -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Mozilla\Firefox\Profiles\h2ut9aca.default\searchplugins\askcom.xml

[2010.12.27 21:39:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.06.20 12:14:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.10.13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll

[2010.06.20 12:13:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.09.23 12:49:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.09.23 12:49:17 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.09.23 12:49:17 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.08.29 17:08:34 | 000,002,027 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

[2010.09.23 12:49:17 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.09.23 12:49:17 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2003.04.02 13:00:00 | 000,000,820 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (metaspinner media GmbH) - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\Programme\klickTel\eBay Startcenter\IEButtonKlickTelEBayInterface.dll ()

O2 - BHO: (no name) - {74A0AC27-3753-4080-B94E-557CC43E9E8B} - No CLSID value found.

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20101115212251.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)

O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [BrMfcWnd] C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [CARPService] C:\WINDOWS\System32\carpserv.exe (Conexant Systems, Inc.)

O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [IndexSearch] C:\Programme\Scansoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [Norton] C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe ()

O4 - HKLM..\Run: [OEM-Reset] File not found

O4 - HKLM..\Run: [PaperPort PTD] C:\Programme\Scansoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\PDF24Updater.exe ()

O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()

O4 - HKLM..\Run: [PPort11reminder] C:\Programme\Scansoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [] File not found

O4 - HKCU..\Run: [aHvFmtjxlhgIe.exe] C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Temp\aHvFmtjxlhgIe.exe (msql software)

O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SmartUI.lnk = C:\Programme\Scansoft\PaperPort\SmartUI\SmartUI.exe File not found

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VR-NetWorld Auftragsprüfung.lnk = C:\Programme\VR-NetWorld\VRToolCheckOrder.exe (VR-NetWorld Software)

O4 - Startup: C:\Dokumente und Einstellungen\Markus\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]

O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL (ATI Technologies Inc.)

O9 - Extra Button: Preispiraten - {94A15285-AAE6-44E8-B2D7-4A2C6CDA9185} - Reg Error: Value error. File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)

O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,90/mcinsctl.cab (McAfee.com Operating System Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004.04.15 01:30:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004.01.15 10:25:14 | 000,000,053 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]

O32 - AutoRun File - [2004.01.20 15:50:52 | 000,020,480 | ---- | M] (TARGA GmbH) - D:\AUTORUN.EXE -- [ FAT32 ]

O32 - AutoRun File - [2003.03.21 12:00:56 | 000,000,000 | RH-D | M] - J:\AUTORUN -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010.12.28 13:49:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Malwarebytes

[2010.12.28 13:49:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.12.28 13:49:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2010.12.28 13:49:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.12.28 13:49:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.12.28 10:40:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\PackageAware

[2010.12.28 09:54:49 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Markus\Recent

[2007.10.12 09:26:32 | 007,721,936 | ---- | C] (geek Software GmbH ) -- C:\Programme\PDF_Creator.exe

[2007.08.02 15:24:14 | 015,732,984 | ---- | C] (Google ) -- C:\Programme\Google_Earth_BZXW.exe

[2006.03.30 10:59:24 | 009,996,144 | ---- | C] (Skype Software S.A. ) -- C:\Programme\SkypeSetup.exe

[2005.09.01 20:51:16 | 006,415,389 | ---- | C] (InstallShield Software Corporation) -- C:\Programme\pci_de_smartrecovery.exe

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010.12.28 14:20:04 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\kemr.sys

[2010.12.28 14:20:03 | 000,000,505 | ---- | M] () -- C:\WINDOWS\brwmark.ini

[2010.12.28 14:01:03 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010.12.28 13:49:41 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.12.28 09:06:19 | 000,001,575 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Center.lnk

[2010.12.28 09:05:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.12.28 09:05:45 | 535,613,440 | -HS- | M] () -- C:\hiberfil.sys

[2010.12.27 22:33:27 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010.12.27 19:06:13 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010.12.27 14:51:10 | 000,041,022 | ---- | M] () -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\wklnhst.dat

[2010.12.25 20:55:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010.12.28 14:20:04 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\kemr.sys

[2010.12.28 13:49:41 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.07.01 21:29:23 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2010.07.01 21:26:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL

[2010.07.01 21:26:39 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI

[2010.07.01 21:26:26 | 000,000,091 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini

[2010.07.01 21:26:23 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll

[2010.07.01 21:21:20 | 000,033,499 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2010.03.28 17:22:14 | 000,000,102 | ---- | C] () -- C:\WINDOWS\telephon.ini

[2009.07.15 17:06:36 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini

[2009.07.15 17:06:35 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini

[2009.06.17 13:59:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\EAN-ILN.INI

[2009.06.04 12:42:58 | 000,000,340 | ---- | C] () -- C:\WINDOWS\Barcode.ini

[2009.02.15 14:12:22 | 000,000,566 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini

[2009.02.15 14:12:17 | 000,000,505 | ---- | C] () -- C:\WINDOWS\brwmark.ini

[2009.02.15 14:12:17 | 000,000,078 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2009.02.15 14:11:05 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\brfxdial.dll

[2009.02.15 13:42:22 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2008.06.30 17:58:14 | 000,315,444 | ---- | C] () -- C:\WINDOWS\System32\isdnapi32.dll

[2008.06.30 17:58:14 | 000,055,856 | ---- | C] () -- C:\WINDOWS\System32\AuerCapiJNINative.dll

[2008.06.27 10:54:05 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll

[2008.02.14 09:44:08 | 000,055,856 | ---- | C] () -- C:\WINDOWS\System32\aucapjni.dll

[2007.03.04 12:37:37 | 000,003,372 | ---- | C] () -- C:\WINDOWS\tm.ini

[2006.11.12 11:25:45 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI

[2006.11.12 11:23:56 | 000,000,053 | ---- | C] () -- C:\WINDOWS\phbase.ini

[2006.11.12 11:23:25 | 000,001,337 | ---- | C] () -- C:\WINDOWS\pstudio.ini

[2006.11.12 11:23:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini

[2006.11.12 11:23:24 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini

[2006.02.19 15:00:08 | 000,000,056 | ---- | C] () -- C:\WINDOWS\ui.INI

[2006.02.19 12:56:10 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2006.02.19 12:51:14 | 000,282,679 | ---- | C] () -- C:\WINDOWS\System32\dnt27.dll

[2006.02.19 12:51:14 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27.dll

[2006.02.19 12:51:14 | 000,073,785 | ---- | C] () -- C:\WINDOWS\System32\dntvm27.dll

[2006.02.10 20:00:15 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI

[2006.02.10 20:00:12 | 000,000,144 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI

[2006.01.23 13:29:51 | 000,000,020 | ---- | C] () -- C:\WINDOWS\eplan.ini

[2005.09.01 21:21:26 | 001,353,703 | ---- | C] () -- C:\Programme\photorescuepro_setup.exe

[2005.09.01 21:14:07 | 001,039,067 | ---- | C] () -- C:\Programme\wrar350d.exe

[2005.09.01 21:10:34 | 000,752,905 | ---- | C] () -- C:\Programme\prdemo.zip

[2005.09.01 20:51:35 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

[2005.09.01 20:19:01 | 000,730,847 | ---- | C] () -- C:\Programme\freeundelete.exe

[2005.08.07 17:34:00 | 000,000,099 | ---- | C] () -- C:\WINDOWS\KTEL.INI

[2005.08.07 17:11:41 | 000,030,793 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll

[2005.08.07 17:11:38 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll

[2005.08.07 17:11:38 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll

[2005.06.19 12:10:35 | 002,656,584 | ---- | C] () -- C:\Programme\SmartInstall_30.exe

[2005.05.16 20:32:21 | 000,041,022 | ---- | C] () -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\wklnhst.dat

[2005.05.16 13:09:14 | 000,016,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005.01.11 09:55:11 | 002,042,584 | ---- | C] () -- C:\Programme\uploader14.exe

[2004.11.24 20:30:09 | 000,002,654 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI

[2004.09.01 16:02:11 | 000,000,385 | ---- | C] () -- C:\WINDOWS\BkcEmu.ini

[2004.06.29 21:24:02 | 000,007,551 | ---- | C] () -- C:\WINDOWS\System32\drivers\U3sHlpDr.sys

[2004.05.23 12:23:49 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2004.05.16 12:05:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI

[2004.05.16 11:51:37 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2004.04.16 08:41:11 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2004.04.15 13:23:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004.04.15 12:53:21 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2004.04.15 06:12:28 | 000,001,130 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004.04.14 17:27:43 | 000,005,282 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004.04.14 17:09:40 | 000,001,643 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI

[2004.04.14 16:59:15 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

[2004.04.14 16:35:05 | 000,000,857 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004.04.14 16:33:14 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004.04.14 16:19:39 | 000,000,894 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2004.01.28 10:42:06 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll

[2004.01.28 10:42:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

[2004.01.28 10:42:06 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini

[2004.01.28 02:55:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

[2002.08.08 10:20:40 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll

[2002.01.08 16:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

[1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Markus\Eigene Dateien\Board2.jpg:SummaryInformation

@Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Markus\Eigene Dateien\Board.jpg:SummaryInformation

 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL Extras logfile created on: 28.12.2010 14:48:19 - Run 1

OTL by OldTimer - Version 3.2.18.0 Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

511,00 Mb Total Physical Memory | 171,00 Mb Available Physical Memory | 33,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 53,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 228,52 Gb Total Space | 153,41 Gb Free Space | 67,13% Space Free | Partition Type: NTFS

Drive D: | 2,05 Gb Total Space | 1,65 Gb Free Space | 80,60% Space Free | Partition Type: FAT32

Drive J: | 596,02 Gb Total Space | 586,59 Gb Free Space | 98,42% Space Free | Partition Type: FAT32

 

Computer Name: NAME-30M291G2YF | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Programme\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Programme\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Search Archives...] -- "C:\Programme\Aladdin Systems\StuffIt 7.0.2\ArchiveSearch\archivesearch.exe" -dir "%L" (Aladdin Systems)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\AGFEO\Tk-Suite-Basic-2\tkserver\tkmedia.exe" = C:\Programme\AGFEO\Tk-Suite-Basic-2\tkserver\tkmedia.exe:*:Disabled:tkmedia -- File not found

"C:\Programme\AGFEO\Tk-Suite-Basic-2\tkserver\tksock.exe" = C:\Programme\AGFEO\Tk-Suite-Basic-2\tkserver\tksock.exe:*:Disabled:tksock -- File not found

"C:\Programme\McAfee\MBK\McAfeeDataBackup.exe" = C:\Programme\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup -- File not found

"C:\Programme\FTP Commander\Ftpcomm.exe" = C:\Programme\FTP Commander\Ftpcomm.exe:*:Enabled:Ftpcomm -- (Internetsoft)

"C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe" = C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found

"E:\fsetup.exe" = E:\fsetup.exe:*:Enabled:AVM FSetup Application -- File not found

"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)

"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)

"C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)

"C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe" = C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)

"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{04440044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Enzyklopädie 2004

"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009

"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION

"{0A46AA20-59BF-4285-9E29-5DA61BA5EF46}" = Lexware online banking 3.50

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{0C3FCE48-6984-11D5-90F8-00E029591716}" = Brother MFC Software Suite

"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery

"{2243B1BA-18A1-409E-800D-AAC3F745A378}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20

"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer

"{2F315767-6230-4980-BE36-C2E91D42BBB8}" = die ReadKVK Applikation

"{326836D7-3A21-4684-AE30-6E2F562EC81C}" = Preispiraten

"{334041A2-53F7-4C36-ADCA-76C41EA37E69}" = Lexware büro easy 2006

"{3347F781-9C89-4C9B-B471-B1FFC3BC4A84}" = ATIRW2

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes

"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth

"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer

"{43EA3CC1-13D3-4C0E-99F0-5C1F1BC87A6B}" = dtrader

"{48AB06FF-059D-43DE-ACC1-15920D5A7FF2}" = JRE 1.4.2

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word

"{53EF6570-21A4-47ED-A40A-E6470A5677A3}" = Studio 8

"{56E005A4-2921-4C77-A4EB-9FF21C1438B5}" = MMC90

"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works

"{5F045A94-B4B0-4F24-BE71-8491B7121CB0}" = Auerswald COMtools 2.2.69

"{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder

"{65B2B4C4-A67F-485E-9A6B-E72E07AB8DFF}" = Auerswald COMlist 2.4.36

"{69761DB4-78A4-4D29-8A8F-3758A5568638}" = Lexware online banking 3.50

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL

"{752CA503-E29F-4610-A1A4-B21CDC58EF8D}" = SAS10

"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11

"{813C408A-24C4-43E2-A5DF-B683E440234F}" = funScreenScraping Client Version

"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = pdf24

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8704D51E-25B7-4F23-81E7-AA4F54790220}" = Microsoft AutoRoute v11.0

"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld

"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU

"{8F722FA9-B994-4C9B-B292-FD32D6206EDF}" = ASUS WLAN Card Utilities/Driver

"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A49486AB-DE0B-4DA6-9C9B-E9DCD4BED263}" = StuffIt 7.0.2

"{ABC62001-AD9F-46DB-8668-9946154D6A07}" = AMD Athlon 64 Processor Driver

"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch

"{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien

"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008

"{BAB13D51-55B7-49DC-89D4-5A81D3C2D279}" = Auerswald SoftLCR 3.3.19

"{C095AB64-EF16-4636-9A78-5E72C3DC3173}" = Auerswald COMset 2.6.29

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite

"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO

"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF55762E-8BA1-4298-BA07-F9460B7A522C}" = eBay Startcenter

"{D7AB3CBA-6C85-42A5-A662-766E8C90E6F2}" = 

"{D9BAA0FD-3D69-43C2-B587-B153E402EFA3}" = Chipkartenleser Treiberinstallation

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9

"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer

"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2

"{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{EB452503-A684-4F89-9138-2E590D60478B}" = ATI Decoder

"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FBBCDE19-2EBB-437D-BB44-B8899E56EA9E}" = SE309

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"Ad-Aware SE Personal" = Ad-Aware SE Personal

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop 6.0" = Adobe Photoshop 6.0

"Adobe SVG Viewer" = Adobe SVG Viewer

"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software

"ALShow_is1" = ALShow

"AOL YGP Screensaver" = AOL Meine Fotos Bildschirmschoner

"ArcSoft PhotoBase" = ArcSoft PhotoBase

"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000

"ATI Display Driver" = ATI Display Driver

"Auerswald CAPI 2.0 Treiber" = Auerswald-CAPI-2.0-Treiber

"AVMFBox" = AVM FRITZ!Box Dokumentation

"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss

"Barcode Demoversion_is1" = Barcode Demoversion

"BAYlalaika_is1" = BAYlalaika 1.2 Lite

"Biet-O-Matic v2.8.0" = Biet-O-Matic v2.8.0

"CAL" = Canon Camera Access Library

"CameraWindowDC" = Canon Utilities CameraWindow DC

"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

"CameraWindowLauncher" = Canon Utilities CameraWindow

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX

"Canon MOV Decoder" = Canon MOV Decoder

"Canon MOV Encoder" = Canon MOV Encoder

"Canon ScanGear Toolbox 3.0" = Canon ScanGear Toolbox 3.0

"CCleaner" = CCleaner

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F00" = FM-56PCI-HSFi-AB

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53

"DaWan" = DaWan

"DivX Codec" = DivX Codec

"ElsterFormular 11.1.3.3887" = ElsterFormular

"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner

"FastStone Player" = FastStone Player

"FreeUndelete" = FreeUndelete

"FTP Commander" = FTP Commander

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{3347F781-9C89-4C9B-B471-B1FFC3BC4A84}" = ATI Remote Wonder 2.3

"InstallShield_{56E005A4-2921-4C77-A4EB-9FF21C1438B5}" = ATI Multimedia Center 9.0.0.0

"InstallShield_{752CA503-E29F-4610-A1A4-B21CDC58EF8D}" = AuthorScript Engine 1.0

"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO

"InstallShield_{EB452503-A684-4F89-9138-2E590D60478B}" = ATI Decoder

"IrfanView" = IrfanView (remove only)

"LeapFTP" = LeapFTP

"Lexmark_HostCD" = Lexmark Software deinstallieren

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Mozilla Firefox (3.5.15)" = Mozilla Firefox (3.5.15)

"mpegable DS" = mpegable DS decoder

"MSC" = McAfee SecurityCenter

"MyCamera" = Canon Utilities MyCamera

"MyCameraDC" = Canon Utilities MyCamera DC

"Nero - Burning Rom!UninstallKey" = Nero OEM

"NeroVision!UninstallKey" = NeroVision Express 2

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PhotoRescue Pro" = PhotoRescue Pro 3.0

"PhotoStitch" = Canon Utilities PhotoStitch

"PictureIt_v9" = Microsoft Picture It! Foto Premium 9

"Pinnacle Hollywood FX Pack - ATI FX" = Pinnacle Hollywood FX Pack - ATI FX

"QK BarCode Generator" = QK BarCode Generator

"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX

"SE309" = SE309

"Shockwave" = Shockwave

"ST6UNST #1" = Chipcard master 5.15

"StreetPlugin" = Learn2 Player (Uninstall Only)

"ViewpointMediaPlayer" = Viewpoint Media Player

"WIC" = Windows Imaging Component

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows XP Service Pack" = Windows XP Service Pack 2

"WinRAR archiver" = WinRAR Archivierer

"WMV9_VCM" = Microsoft Windows Media Video 9 VCM

"Works2004Setup" = Setup-Start von Microsoft Works 2004

"xp-AntiSpy" = xp-AntiSpy 3.96-4

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 05.08.2010 03:02:55 | Computer Name = NAME-30M291G2YF | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten

Vorgang nicht ausführen. .

 

Error - 05.08.2010 03:02:55 | Computer Name = NAME-30M291G2YF | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten

Vorgang nicht ausführen. .

 

Error - 05.08.2010 03:02:55 | Computer Name = NAME-30M291G2YF | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten

Vorgang nicht ausführen. .

 

Error - 05.08.2010 03:02:55 | Computer Name = NAME-30M291G2YF | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten

Vorgang nicht ausführen. .

 

Error - 05.08.2010 03:02:55 | Computer Name = NAME-30M291G2YF | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten

Vorgang nicht ausführen. .

 

Error - 12.08.2010 03:24:16 | Computer Name = NAME-30M291G2YF | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung

zurückgegeben. .

 

Error - 12.08.2010 03:24:16 | Computer Name = NAME-30M291G2YF | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung

zurückgegeben. .

 

Error - 12.08.2010 03:24:16 | Computer Name = NAME-30M291G2YF | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.

.

 

Error - 12.08.2010 03:25:41 | Computer Name = NAME-30M291G2YF | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung

zurückgegeben. .

 

Error - 13.08.2010 07:11:44 | Computer Name = NAME-30M291G2YF | Source = MsiInstaller | ID = 11706

Description = Product: DAO -- Error 1706.No valid source could be found for product

DAO. The Windows Installer cannot continue.

 

[ System Events ]

Error - 28.12.2010 06:07:50 | Computer Name = NAME-30M291G2YF | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 28.12.2010 06:34:08 | Computer Name = NAME-30M291G2YF | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 28.12.2010 06:34:10 | Computer Name = NAME-30M291G2YF | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 28.12.2010 07:16:43 | Computer Name = NAME-30M291G2YF | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 28.12.2010 07:16:43 | Computer Name = NAME-30M291G2YF | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 28.12.2010 08:24:55 | Computer Name = NAME-30M291G2YF | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 28.12.2010 08:24:56 | Computer Name = NAME-30M291G2YF | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 28.12.2010 09:52:12 | Computer Name = NAME-30M291G2YF | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 28.12.2010 09:52:16 | Computer Name = NAME-30M291G2YF | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

Error - 28.12.2010 09:53:54 | Computer Name = NAME-30M291G2YF | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

 

 

< End of report >

--- --- ---

Soll ich nun noch weiteres machen oder ist die Sache damit erledigt?
Wenn ich schon frage-hab nochmal ein Problem: Seit ein paar Wochen geht das Outlook erst nach dem 3-4 mal auf, vorher schließt es immer wieder selbständig. Kann man das reparieren?

Schon mal Danke an euch
cube

Zitat:

Art des Suchlaufs: Quick-Scan

Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Hallo Cosinus,
habe nochmal den Vollscan durchlaufen lassen und es sind nochmals 2 infizierte Dateien gefunden worden.
Wie kann ich mich denn in Zukunft vor Trojanern wie den HDD low schützen?
Hier noch die aktuelle Logdatei, ältere hab ich nicht, ist das erste mal, dass ich mit sowas Probleme habe. Dachte wenn ich ne gute Firewall wie z.B. Mc Afee habe bin ich sicher -aber das ist auch nur gedacht....
Danke für die Hilfe

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5409

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

29.12.2010 08:33:04
mbam-log-2010-12-29 (08-33-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|J:\|)
Durchsuchte Objekte: 436109
Laufzeit: 3 Stunde(n), 51 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aHvFmtjxlhgIe.exe (Spyware.Zbot) -> Value: aHvFmtjxlhgIe.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\dokumente und einstellungen\***\lokale einstellungen\Temp\ahvfmtjxlhgie.exe (Spyware.Zbot) -> Quarantined and deleted successfully.

Zitat:

Dachte wenn ich ne gute Firewall wie z.B. Mc Afee habe bin ich sicher -aber das ist auch nur gedacht....

Eine PFW ist kontraproduktiv! Ein Paketfilter hat auch nicht die Aufgabe, Schädlinge zu erkennen! Du hast ihn dir selbst ins System geholt!

Mach bitte neue OTL-Logs.

Hallo Arne,
ja klar hab ich mir den HDD selber ins System geholt, nur weiß ich nicht wie und vor allem was ich Zukunft anderst machen soll?

Hier die OTL Logs: Es wurde aber nur eine Logdatei erstellt!
OTL Logfile:

Code:

OTL logfile created on: 29.12.2010 16:44:27 - Run 2

OTL by OldTimer - Version 3.2.18.0     Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

511,00 Mb Total Physical Memory | 214,00 Mb Available Physical Memory | 42,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 46,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 228,52 Gb Total Space | 153,37 Gb Free Space | 67,12% Space Free | Partition Type: NTFS

Drive D: | 2,05 Gb Total Space | 1,65 Gb Free Space | 80,60% Space Free | Partition Type: FAT32

 

Computer Name: NAME-30M291G2YF | User Name: Markus | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)

PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)

PRC - C:\Programme\Scansoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)

PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)

PRC - C:\Programme\pdf24\PDF24Updater.exe ()

PRC - C:\Programme\ATI Multimedia\RemCtrl\ATIRW.EXE (ATI Technologies Inc.)

PRC - C:\Programme\ATI Multimedia\main\LaunchPd.exe (ATI Technologies Inc.)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)

PRC - C:\WINDOWS\system32\carpserv.exe (Conexant Systems, Inc.)

PRC - C:\Programme\Office\OUTLOOK.EXE (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (x10nets) --  File not found

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (mfefire) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)

SRV - (mfevtp) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)

SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV - (McShield) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mcshield.exe ()

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (McAfee SiteAdvisor Service) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

SRV - (McProxy) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNASvc) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNaiAnn) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (mcmscsvc) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McMPFSvc) -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)

SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)

SRV - (SerialKeys) -- C:\WINDOWS\system32\skeys.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)

DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)

DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)

DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)

DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)

DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (cpuz132) -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (aucapi) -- C:\WINDOWS\system32\drivers\aucapi.sys (Auerswald GmbH & Co.KG                         )

DRV - (auusb) -- C:\WINDOWS\system32\drivers\auusb.sys (Auerswald GmbH & Co.KG                         )

DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (ADM851X) -- C:\WINDOWS\system32\drivers\ADM851X.SYS (Infineon Technologies AG)

DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)

DRV - (ATITUNEP) ATI WDM TV Tuner (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atintuxx.sys (ATI Technologies Inc.)

DRV - (ATIXSAudio) -- C:\WINDOWS\system32\drivers\atinxsxx.sys (ATI Technologies Inc.)

DRV - (atinrvxx) -- C:\WINDOWS\system32\drivers\atinrvxx.sys (ATI Technologies Inc.)

DRV - (TTDec) ATI WDM Teletext Decoder (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atinttxx.sys (ATI Technologies Inc.)

DRV - (ativraxx) -- C:\WINDOWS\system32\drivers\atinraxx.sys (ATI Technologies Inc.)

DRV - (MVDCODEC) ATI WDM Specialized MVD Codec (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atinmdxx.sys (ATI Technologies Inc.)

DRV - (U3sHlpDr) -- C:\WINDOWS\system32\drivers\U3sHlpDr.sys ()

DRV - (actser) -- C:\WINDOWS\system32\drivers\actser.sys (Siemens AG)

DRV - (kbeepm) -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\kbeepm.sys ()

DRV - (W8100PCI) -- C:\WINDOWS\system32\drivers\mrv8k51.sys (Marvell Semiconductor, Inc)

DRV - (ATI Remote Wonder II) -- C:\WINDOWS\system32\drivers\atirwvd.sys (Jungo)

DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)

DRV - (SCR33X USB Smart Card Reader) -- C:\WINDOWS\system32\drivers\SCR33X2K.sys (SCM Microsystems Inc.)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)

DRV - (IMT0521) -- C:\WINDOWS\system32\drivers\IMT0521.sys (Inmax Technology Corp.)

DRV - (X10UIF) -- C:\WINDOWS\system32\drivers\x10uif.sys (X10 Wireless Technology, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems, Inc.)

DRV - (ASNDIS5) -- C:\WINDOWS\system32\ASNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (BrUsbScn) Brother MFC-Scannertreiber (USB) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys (Brother Industries Ltd.)

DRV - (BrSerWDM) Brother-Treiber (seriell) -- C:\WINDOWS\system32\drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.donaualtheimer-rapsoel.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Secure Search"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.raps-kuchen.de/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2

FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Programme\McAfee\SiteAdvisor [2010.12.14 20:32:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.12.29 16:35:05 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.29 16:35:06 | 000,000,000 | ---D | M]

 

[2009.12.30 15:44:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Mozilla\Extensions

[2010.12.29 09:07:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Mozilla\Firefox\Profiles\h2ut9aca.default\extensions

[2009.12.30 20:45:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Mozilla\Firefox\Profiles\h2ut9aca.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.01.02 18:10:43 | 000,002,238 | ---- | M] () -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Mozilla\Firefox\Profiles\h2ut9aca.default\searchplugins\askcom.xml

[2010.12.29 09:07:21 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.06.20 12:14:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.10.13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll

[2010.06.20 12:13:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.09.23 12:49:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.09.23 12:49:17 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.09.23 12:49:17 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.08.29 17:08:34 | 000,002,027 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

[2010.09.23 12:49:17 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.09.23 12:49:17 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2003.04.02 13:00:00 | 000,000,820 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (metaspinner media GmbH) - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\Programme\klickTel\eBay Startcenter\IEButtonKlickTelEBayInterface.dll ()

O2 - BHO: (no name) - {74A0AC27-3753-4080-B94E-557CC43E9E8B} - No CLSID value found.

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20101115212251.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)

O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [BrMfcWnd] C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [CARPService] C:\WINDOWS\System32\carpserv.exe (Conexant Systems, Inc.)

O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [IndexSearch] C:\Programme\Scansoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [mcui_exe] C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [Norton] C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe ()

O4 - HKLM..\Run: [OEM-Reset]  File not found

O4 - HKLM..\Run: [PaperPort PTD] C:\Programme\Scansoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\PDF24Updater.exe ()

O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()

O4 - HKLM..\Run: [PPort11reminder] C:\Programme\Scansoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: []  File not found

O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SmartUI.lnk = C:\Programme\Scansoft\PaperPort\SmartUI\SmartUI.exe File not found

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VR-NetWorld Auftragsprüfung.lnk = C:\Programme\VR-NetWorld\VRToolCheckOrder.exe (VR-NetWorld Software)

O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]

O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL (ATI Technologies Inc.)

O9 - Extra Button: Preispiraten - {94A15285-AAE6-44E8-B2D7-4A2C6CDA9185} - Reg Error: Value error. File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)

O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)

O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,90/mcinsctl.cab (McAfee.com Operating System Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004.04.15 01:30:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004.01.15 10:25:14 | 000,000,053 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]

O32 - AutoRun File - [2004.01.20 15:50:52 | 000,020,480 | ---- | M] (TARGA GmbH) - D:\AUTORUN.EXE -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.12.28 13:49:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes

[2010.12.28 13:49:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.12.28 13:49:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2010.12.28 13:49:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.12.28 13:49:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.12.28 10:40:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PackageAware

[2010.12.28 09:54:49 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent

[2007.10.12 09:26:32 | 007,721,936 | ---- | C] (geek Software GmbH                                          ) -- C:\Programme\PDF_Creator.exe

[2007.08.02 15:24:14 | 015,732,984 | ---- | C] (Google                                                    ) -- C:\Programme\Google_Earth_BZXW.exe

[2006.03.30 10:59:24 | 009,996,144 | ---- | C] (Skype Software S.A.                                         ) -- C:\Programme\SkypeSetup.exe

[2005.09.01 20:51:16 | 006,415,389 | ---- | C] (InstallShield Software Corporation) -- C:\Programme\pci_de_smartrecovery.exe

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.12.29 16:01:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010.12.29 08:41:16 | 000,001,575 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Center.lnk

[2010.12.29 08:40:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.12.29 08:40:39 | 535,613,440 | -HS- | M] () -- C:\hiberfil.sys

[2010.12.28 19:47:48 | 000,000,505 | ---- | M] () -- C:\WINDOWS\brwmark.ini

[2010.12.28 19:47:41 | 000,041,082 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat

[2010.12.28 13:49:41 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.12.27 22:33:27 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010.12.27 19:06:13 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010.12.25 20:55:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.12.28 13:49:41 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.07.01 21:29:23 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2010.07.01 21:26:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL

[2010.07.01 21:26:39 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI

[2010.07.01 21:26:26 | 000,000,091 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini

[2010.07.01 21:26:23 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll

[2010.07.01 21:21:20 | 000,033,499 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2010.03.28 17:22:14 | 000,000,102 | ---- | C] () -- C:\WINDOWS\telephon.ini

[2009.07.15 17:06:36 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini

[2009.07.15 17:06:35 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini

[2009.06.17 13:59:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\EAN-ILN.INI

[2009.06.04 12:42:58 | 000,000,340 | ---- | C] () -- C:\WINDOWS\Barcode.ini

[2009.02.15 14:12:22 | 000,000,566 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini

[2009.02.15 14:12:17 | 000,000,505 | ---- | C] () -- C:\WINDOWS\brwmark.ini

[2009.02.15 14:12:17 | 000,000,078 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2009.02.15 14:11:05 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\brfxdial.dll

[2009.02.15 13:42:22 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2008.06.30 17:58:14 | 000,315,444 | ---- | C] () -- C:\WINDOWS\System32\isdnapi32.dll

[2008.06.30 17:58:14 | 000,055,856 | ---- | C] () -- C:\WINDOWS\System32\AuerCapiJNINative.dll

[2008.06.27 10:54:05 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll

[2008.02.14 09:44:08 | 000,055,856 | ---- | C] () -- C:\WINDOWS\System32\aucapjni.dll

[2007.03.04 12:37:37 | 000,003,372 | ---- | C] () -- C:\WINDOWS\tm.ini

[2006.11.12 11:25:45 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI

[2006.11.12 11:23:56 | 000,000,053 | ---- | C] () -- C:\WINDOWS\phbase.ini

[2006.11.12 11:23:25 | 000,001,337 | ---- | C] () -- C:\WINDOWS\pstudio.ini

[2006.11.12 11:23:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini

[2006.11.12 11:23:24 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini

[2006.02.19 15:00:08 | 000,000,056 | ---- | C] () -- C:\WINDOWS\ui.INI

[2006.02.19 12:56:10 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2006.02.19 12:51:14 | 000,282,679 | ---- | C] () -- C:\WINDOWS\System32\dnt27.dll

[2006.02.19 12:51:14 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27.dll

[2006.02.19 12:51:14 | 000,073,785 | ---- | C] () -- C:\WINDOWS\System32\dntvm27.dll

[2006.02.10 20:00:15 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI

[2006.02.10 20:00:12 | 000,000,144 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI

[2006.01.23 13:29:51 | 000,000,020 | ---- | C] () -- C:\WINDOWS\eplan.ini

[2005.09.01 21:21:26 | 001,353,703 | ---- | C] () -- C:\Programme\photorescuepro_setup.exe

[2005.09.01 21:14:07 | 001,039,067 | ---- | C] () -- C:\Programme\wrar350d.exe

[2005.09.01 21:10:34 | 000,752,905 | ---- | C] () -- C:\Programme\prdemo.zip

[2005.09.01 20:51:35 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

[2005.09.01 20:19:01 | 000,730,847 | ---- | C] () -- C:\Programme\freeundelete.exe

[2005.08.07 17:34:00 | 000,000,099 | ---- | C] () -- C:\WINDOWS\KTEL.INI

[2005.08.07 17:11:41 | 000,030,793 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll

[2005.08.07 17:11:38 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll

[2005.08.07 17:11:38 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll

[2005.06.19 12:10:35 | 002,656,584 | ---- | C] () -- C:\Programme\SmartInstall_30.exe

[2005.05.16 20:32:21 | 000,041,082 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat

[2005.05.16 13:09:14 | 000,016,384 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005.01.11 09:55:11 | 002,042,584 | ---- | C] () -- C:\Programme\uploader14.exe

[2004.11.24 20:30:09 | 000,002,654 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI

[2004.09.01 16:02:11 | 000,000,385 | ---- | C] () -- C:\WINDOWS\BkcEmu.ini

[2004.06.29 21:24:02 | 000,007,551 | ---- | C] () -- C:\WINDOWS\System32\drivers\U3sHlpDr.sys

[2004.05.23 12:23:49 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2004.05.16 12:05:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI

[2004.05.16 11:51:37 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2004.04.16 08:41:11 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2004.04.15 13:23:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004.04.15 12:53:21 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2004.04.15 06:12:28 | 000,001,130 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004.04.14 17:27:43 | 000,005,282 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004.04.14 17:09:40 | 000,001,643 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI

[2004.04.14 16:59:15 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

[2004.04.14 16:35:05 | 000,000,857 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004.04.14 16:33:14 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004.04.14 16:19:39 | 000,000,894 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2004.01.28 10:42:06 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll

[2004.01.28 10:42:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

[2004.01.28 10:42:06 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini

[2004.01.28 02:55:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

[2002.08.08 10:20:40 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll

[2002.01.08 16:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

[1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\***\Eigene Dateien\Board2.jpg:SummaryInformation

@Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\***\Eigene Dateien\Board.jpg:SummaryInformation
 

< End of report >

--- --- ---

Danke für die Hilfe
Gruß Markus

Zitat:

ja klar hab ich mir den HDD selber ins System geholt,

Ich meinte nicht die Festplatte, sondern den Schädling, den du dir selbst installiert hast :rolleyes:

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

SRV - (x10nets) --  File not found

O4 - HKLM..\Run: []  File not found

O4 - HKCU..\Run: []  File not found

O4 - HKLM..\Run: [OEM-Reset]  File not found

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Ok hab das OTL gestartet, denke es hat funktioniert.
Hier das Ergebnis:
All processes killed
========== OTL ==========
Service x10nets stopped successfully!
Service x10nets deleted successfully!
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 98451771 bytes
->Temporary Internet Files folder emptied: 137737488 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1076 bytes

User: All Users

User: Besitzer

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65670 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 494058 bytes
->Flash cache emptied: 9026 bytes

User: ***
->Temp folder emptied: 114020947 bytes
->Temporary Internet Files folder emptied: 86858249 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 64470980 bytes
->Flash cache emptied: 8304 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 636306 bytes

User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65670 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19528 bytes
%systemroot%\System32 .tmp files removed: 212871 bytes
%systemroot%\System32\dllcache .tmp files removed: 263296 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1200773 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 481,00 mb

OTL by OldTimer - Version 3.2.18.0 log created on 12292010_194537

Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\I3SBJWDC\274028[1].gif not found!
File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SDQ76NGD\eBayISAPI[7].dll not found!

Registry entries deleted on Reboot...

Wie kann ich mich denn in Zukunft schützen?
Gruß
Markus

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hallo Arne,
hab Combofix durchlaufen lassen, war ne längere Prozedur. Das Protkoll ist aber leider zu lang um es hier einfügen zu können. Hab das ganze mit 7zip gezippt, es lässt sich aber nicht als Anhang einfügen.
Habs dann ins Word kopiert, is aber auch zu groß!
Wie kann ich denn das ganze jetzt hochladen?
Gruß Markus

Als ZIP Datei hier anhängen oder bei file-upload hochladen und hier verlinken

Hier der Link bei file-upload:

hxxp://www.file-upload.net/download-3090342/ComboFix.7z.html

Du hast die combofix.exe verpackt und nicht das Log :rofl:

Au sorry! bin halt doch ein Anfänger!:heulen: War auch mein erstes 7zip. Jetzt hab ich das Word gezippt. Hoffe jetzt passts

hxxp://www.file-upload.net/download-3090447/ComboFix_Protokoll_word.7z.html

Gruß
Markus:stirn:

Ach du dicke ka**e was hat CF denn da alles gelöscht?? :eek:

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur einige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Also jetzt hab ich schlechte Nachrichten: Das GMER hat sich 2 mal aufgehängt und das OSAM lässt sich nicht öffnen, da dauernd die Meldung kommt: Geben Sie bitte nicht mehr als 259 Zeichen ein! Es geht aber nicht die Zeichen zu ändern!
Das heißt, ich bin nicht weitergekommen!
Gruß
Markus

Ähm wie ich eben schon andeutete ist das Enddarmprodukt nicht gerade dünnflüssig :balla:
Bevor wir unnötig Zeit verschwenden (CF hat ne Menge shice gelöscht, OSAM geht net :( ) - was hälst du von einer ordentlichen Datensicherung mit anschließendem format c: ? :rolleyes:

Tja format c:
Hab ne Menge Programme drauf, für die ich keine Installations CD oder DVD mehr habe. Mir wird schon schlecht wenn ich nur an das B...programm denke-da muss extra einer antreten und wieder aufspieln... ...das hat mich immer davon abgehalten eine neuere, schnellere Kiste anzuschaffen...
so lassen wies momentan is können wir nicht?
Gute Nacht
M.

Müssen tut man garnichts. Aber wenn wichtige Logs schon nicht erstellt werden können, kann ich deine Kiste niemals für sauber erklären.

Hallo arne,
also hab noch ein rumprobiert und ich denke ich habs hinbekommen. (Problem war, dass Mc Afee die .exe des osam jedesmal rausgelöscht hat)
Hier die logdatei:
OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 15:55:47 on 02.01.2011
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 3.5.16
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"actser" (actser) - "Siemens AG" - C:\WINDOWS\System32\drivers\actser.sys

"AMD Athlon64-Prozessortreiber" (AmdK8) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\AmdK8.sys

"ASAPIW2K" (ASAPIW2k) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\drivers\ASAPIW2k.sys

"ASNDIS5 Protocol Driver" (ASNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\ASNDIS5.SYS

"ASUS 802.11b/g Driver for Windows XP" (W8100PCI) - "Marvell Semiconductor, Inc" - C:\WINDOWS\System32\DRIVERS\mrv8k51.sys

"ATI Remote Wonder II" (ATI Remote Wonder II) - "Jungo" - C:\WINDOWS\System32\drivers\ATIRWVD.SYS

"ATI Wireless Remote Receiver V2.36" (X10UIF) - "X10 Wireless Technology, Inc." - C:\WINDOWS\System32\Drivers\x10uif.sys

"Auerswald CAPI2.0 Device" (aucapi) - "Auerswald GmbH & Co.KG                         " - C:\WINDOWS\System32\DRIVERS\aucapi.sys

"Auerswald ISDN USB Driver" (auusb) - "Auerswald GmbH & Co.KG                         " - C:\WINDOWS\System32\DRIVERS\auusb.sys

"catchme" (catchme) - ? - C:\DOKUME~1\Markus\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"cpuz132" (cpuz132) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\system32\drivers\cpuz132_x32.sys

"HSFHWBS2" (HSFHWBS2) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys

"HSF_DP" (HSF_DP) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSF_DP.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"Infineon ADM851X USB To Fast Ethernet MII Adapter Driver" (ADM851X) - "Infineon Technologies AG" - C:\WINDOWS\System32\DRIVERS\ADM851X.SYS

"Inmax USB IMT-0521 Smartcard Reader" (IMT0521) - "Inmax Technology Corp." - C:\WINDOWS\System32\Drivers\IMT0521.sys

"kbeepm" (kbeepm) - ? - C:\DOKUME~1\Admin\LOKALE~1\Temp\kbeepm.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"McAfee Inc." (mfeavfk01) - ? - C:\WINDOWS\system32\drivers\mfeavfk01.sys  (File not found)

"NTSIM" (NTSIM) - "VIA Networking Technologies, Inc.       " - C:\WINDOWS\System32\ntsim.sys

"PADUS ASPI SHELL" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\DRIVERS\PxHelp20.sys

"SCR33X USB Smart Card Reader" (SCR33X USB Smart Card Reader) - "SCM Microsystems Inc." - C:\WINDOWS\System32\DRIVERS\SCR33X2K.sys

"Service for Realtek AC97 Audio (WDM)" (ALCXWDM) - "Realtek Semiconductor Corp." - C:\WINDOWS\System32\drivers\ALCXWDM.SYS

"Service for WDM 3D Audio Driver" (ALCXSENS) - "Sensaura Ltd" - C:\WINDOWS\System32\drivers\ALCXSENS.SYS

"StreamDispatcher" (StreamDispatcher) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\strmdisp.sys

"U3sHlpDr" (U3sHlpDr) - ? - C:\WINDOWS\System32\Drivers\U3sHlpDr.sys  (File found, but it contains no detailed information)

"VIA Rhine Family Fast Ethernet Adapter Driver Service" (FETNDISB) - "VIA Technologies, Inc.              " - C:\WINDOWS\System32\DRIVERS\fetnd5b.sys

"WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys  (File not found)

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"winachsf" (winachsf) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll

{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)

{BB7DF450-F119-11CD-8465-00AA00425D90} "Microsoft Access Custom Icon Handler" - ? - C:\Programme\Office\  (File not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\Office\OLKFSTUB.DLL

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{ED65AC21-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device" - ? -   (File not found | COM-object registry key not found)

{ED65AC22-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device ContextMenuHandler" - ? -   (File not found | COM-object registry key not found)

{ED65AC23-B24F-11d3-BA80-00C0CA16AA37} "Siemens SX1 PropertySheetHandler" - ? -   (File not found | COM-object registry key not found)

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll

<binary data> "Ask.com Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} "McAfee.com Operating System Class" - "McAfee, Inc" - C:\WINDOWS\System32\mcinsctl.dll / hxxp://download.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,90/mcinsctl.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{44226DFF-747E-4edc-B30C-78752E50CD0C} "ATI TV" - "ATI Technologies Inc." - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll

<binary data> "Ask.com Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{D4027C7F-154A-4066-A1AD-4243D8127440} "Ask.com Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

{12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} "metaspinner media GmbH" - ? - C:\PROGRA~1\klickTel\EBAYST~1\IEBUTT~2.DLL  (File found, but it contains no detailed information)

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20101115212251.dll

{74A0AC27-3753-4080-B94E-557CC43E9E8B} "{74A0AC27-3753-4080-B94E-557CC43E9E8B}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"avm:" - "AVM Berlin GmbH" - C:\WINDOWS\system32\avmprmon.dll

"Canon BJ Language Monitor S400" - "CANON INC." - C:\WINDOWS\system32\CNMLM2P.DLL
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\System32\Ati2evxx.exe

"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe

"AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - C:\Programme\FRITZ!DSL\IGDCTRL.EXE

"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe

"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"McAfee Firewall Core Service" (mfefire) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe

"McAfee Network Agent" (McNASvc) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe

"McAfee Personal Firewall-Dienst" (McMPFSvc) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe

"McAfee Proxy Service" (McProxy) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe

"McAfee Scanner" (McODS) - "McAfee, Inc." - C:\Programme\McAfee\VirusScan\mcods.exe

"McAfee Services" (mcmscsvc) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe

"McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - "McAfee, Inc." - C:\Programme\McAfee\SiteAdvisor\McSACore.exe

"McAfee Validation Trust Protection Service" (mfevtp) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe

"McAfee VirusScan Announcer" (McNaiAnn) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe

"McShield" (McShield) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Hier die logs von MBR Check:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001bd

Kernel Drivers (total 147):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xF8A26000 \WINDOWS\system32\KDCOM.DLL
0xF8936000 \WINDOWS\system32\BOOTVID.dll
0xF83F6000 ACPI.sys
0xF8A28000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF83E5000 pci.sys
0xF8526000 isapnp.sys
0xF8536000 ohci1394.sys
0xF8546000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF8A2A000 viaide.sys
0xF87A6000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8556000 MountMgr.sys
0xF83C6000 ftdisk.sys
0xF87AE000 PartMgr.sys
0xF8566000 VolSnap.sys
0xF83AE000 atapi.sys
0xF8576000 disk.sys
0xF8586000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF838E000 fltmgr.sys
0xF837C000 sr.sys
0xF831F000 mfehidk.sys
0xF87B6000 PxHelp20.sys
0xF8308000 KSecDD.sys
0xF827B000 Ntfs.sys
0xF824E000 NDIS.sys
0xF8596000 sbp2port.sys
0xF8234000 Mup.sys
0xF85A6000 gagp30kx.sys
0xF85D6000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xF7C92000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xF7C7E000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF7C52000 \SystemRoot\System32\DRIVERS\HSFHWBS2.sys
0xF7B43000 \SystemRoot\System32\DRIVERS\HSF_DP.sys
0xF7AAB000 \SystemRoot\System32\DRIVERS\HSF_CNXT.sys
0xF889E000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7A6C000 \SystemRoot\System32\DRIVERS\mrv8k51.sys
0xF88A6000 \SystemRoot\system32\drivers\ASAPIW2k.sys
0xF89EE000 \SystemRoot\system32\drivers\pfc.sys
0xF7D99000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7D89000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7A49000 \SystemRoot\System32\DRIVERS\ks.sys
0xF88AE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7D79000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF88B6000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF7A25000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF88BE000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF7D69000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF88C6000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF88CE000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF88D6000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF7D59000 \SystemRoot\System32\DRIVERS\serial.sys
0xF89FA000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF79B3000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF798F000 \SystemRoot\system32\drivers\portcls.sys
0xF85E6000 \SystemRoot\system32\drivers\drmk.sys
0xF792D000 \SystemRoot\system32\drivers\ALCXSENS.SYS
0xF85F6000 \SystemRoot\System32\DRIVERS\fetnd5b.sys
0xF8606000 \SystemRoot\System32\DRIVERS\processr.sys
0xF78FB000 \SystemRoot\System32\DRIVERS\aucapi.sys
0xF8B90000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF78E7000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF8616000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8A02000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF78D0000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8626000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF8636000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF88DE000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7897000 \SystemRoot\System32\DRIVERS\psched.sys
0xF8646000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7873000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF7828000 \SystemRoot\system32\drivers\mfefirek.sys
0xF88EE000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF88F6000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF8656000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8A64000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF77A2000 \SystemRoot\System32\DRIVERS\update.sys
0xF8204000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF8696000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF89C6000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF86D6000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8A68000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF8A6C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8BE3000 \SystemRoot\System32\Drivers\Null.SYS
0xF8A6E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8906000 \SystemRoot\System32\drivers\vga.sys
0xF8A70000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8A72000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF890E000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8916000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF89CE000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB6679000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB6620000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB660D000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xB65E7000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB65BF000 \SystemRoot\System32\DRIVERS\netbt.sys
0xB659D000 \SystemRoot\System32\drivers\afd.sys
0xF86F6000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB6572000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB6502000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF8716000 \SystemRoot\System32\Drivers\Fips.SYS
0xF8726000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF8736000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xF8926000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xF8746000 \SystemRoot\System32\Drivers\IMT0521.sys
0xF78C0000 \SystemRoot\System32\Drivers\SMCLIB.SYS
0xF892E000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xF78BC000 \SystemRoot\System32\DRIVERS\sfloppy.sys
0xF87CE000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xF78B8000 \SystemRoot\system32\DRIVERS\BrScnUsb.sys
0xF78B4000 \SystemRoot\System32\Drivers\BrUsbSer.sys
0xF8756000 \SystemRoot\System32\Drivers\BrSerIf.sys
0xB6416000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB63FE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8AC6000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB64E6000 \SystemRoot\System32\drivers\Dxapi.sys
0xF882E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8BBA000 \SystemRoot\System32\drivers\dxgthk.sys
0xB6775000 \SystemRoot\System32\DRIVERS\ATINTTXX.sys
0xB6765000 \SystemRoot\System32\DRIVERS\STREAM.SYS
0xF8836000 \SystemRoot\System32\DRIVERS\atinmdxx.sys
0xB63EB000 \SystemRoot\System32\DRIVERS\atinxsxx.sys
0xB6755000 \SystemRoot\System32\DRIVERS\atinraxx.sys
0xB63CE000 \SystemRoot\System32\DRIVERS\atinrvxx.sys
0xB63B9000 \SystemRoot\System32\DRIVERS\atintuxx.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF048000 \SystemRoot\System32\ati2cqag.dll
0xBF080000 \SystemRoot\System32\ati3duag.dll
0xBF24E000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB62A9000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB5FCC000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xB5EEF000 \SystemRoot\system32\drivers\wdmaud.sys
0xF8766000 \SystemRoot\system32\drivers\sysaudio.sys
0xB604D000 \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys
0xB5C29000 \SystemRoot\System32\DRIVERS\srv.sys
0xB5E84000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys
0xF87D6000 \SystemRoot\System32\DRIVERS\strmdisp.sys
0xF8A3E000 \??\C:\WINDOWS\System32\Drivers\U3sHlpDr.sys
0xB60B1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB5278000 \SystemRoot\System32\Drivers\HTTP.sys
0xB5864000 \SystemRoot\system32\drivers\cfwids.sys
0xB45F0000 \SystemRoot\system32\drivers\mfeapfk.sys
0xB5A16000 \SystemRoot\system32\drivers\mfebopk.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 39):
0 System Idle Process
4 System
1156 C:\WINDOWS\system32\smss.exe
1296 csrss.exe
1324 C:\WINDOWS\system32\winlogon.exe
1368 C:\WINDOWS\system32\services.exe
1380 C:\WINDOWS\system32\lsass.exe
1536 C:\WINDOWS\system32\svchost.exe
1632 svchost.exe
1668 C:\WINDOWS\system32\svchost.exe
1712 svchost.exe
1916 svchost.exe
588 C:\WINDOWS\explorer.exe
764 C:\WINDOWS\system32\spoolsv.exe
812 scardsvr.exe
872 svchost.exe
916 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
940 C:\Programme\Bonjour\mDNSResponder.exe
992 C:\Programme\FRITZ!DSL\IGDCTRL.EXE
1124 C:\Programme\java\jre6\bin\jqs.exe
1196 C:\Programme\McAfee\SiteAdvisor\McSACore.exe
1224 C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe
1344 C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe
1740 C:\WINDOWS\system32\svchost.exe
1884 C:\WINDOWS\system32\svchost.exe
1992 C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe
136 C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe
2060 C:\Programme\Canon\CAL\CALMAIN.exe
2776 alg.exe
3452 C:\WINDOWS\system32\ctfmon.exe
3508 C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3768 C:\Programme\OpenOffice.org 3\program\soffice.exe
3980 C:\Programme\OpenOffice.org 3\program\soffice.bin
2324 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
2308 C:\WINDOWS\system32\svchost.exe
492 C:\Dokumente und Einstellungen\Markus\Eigene Dateien\Downloads\osam\osam.exe
3024 C:\Programme\Mozilla Firefox\firefox.exe
3788 C:\WINDOWS\system32\notepad.exe
3496 C:\Dokumente und Einstellungen\Markus\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000039`21180c00 (FAT32)

PhysicalDrive0 Model Number: Maxtor7Y250P0, Rev: YAR41BW0

Size Device Name MBR Status
--------------------------------------------
233 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11

Done!

Hoffe Du kannst was damit anfangen
Noch ein gutes neues Jahr
Markus

Zitat:

"kbeepm" (kbeepm) - ? - C:\DOKUME~1\Admin\LOKALE~1\Temp\kbeepm.sys (File not found)

Bitte mit OSAM deaktivieren und löschen (beachte dazu die Anleitung zu OSAM)

Was für eine Aktion! Muss jedesmal den Mc Afee komplett deativieren, sonst haut er sofort die .exe raus. Als vertraute Datei nimmt ers nicht!
Die Logdatei vom löschen hab ich leider nicht hinbekommen, aber eine neue allg. log:
OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 17:16:37 on 02.01.2011
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 3.5.16
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"actser" (actser) - "Siemens AG" - C:\WINDOWS\System32\drivers\actser.sys

"AMD Athlon64-Prozessortreiber" (AmdK8) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\AmdK8.sys

"ASAPIW2K" (ASAPIW2k) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\drivers\ASAPIW2k.sys

"ASNDIS5 Protocol Driver" (ASNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\ASNDIS5.SYS

"ASUS 802.11b/g Driver for Windows XP" (W8100PCI) - "Marvell Semiconductor, Inc" - C:\WINDOWS\System32\DRIVERS\mrv8k51.sys

"ATI Remote Wonder II" (ATI Remote Wonder II) - "Jungo" - C:\WINDOWS\System32\drivers\ATIRWVD.SYS

"ATI Wireless Remote Receiver V2.36" (X10UIF) - "X10 Wireless Technology, Inc." - C:\WINDOWS\System32\Drivers\x10uif.sys

"Auerswald CAPI2.0 Device" (aucapi) - "Auerswald GmbH & Co.KG                         " - C:\WINDOWS\System32\DRIVERS\aucapi.sys

"Auerswald ISDN USB Driver" (auusb) - "Auerswald GmbH & Co.KG                         " - C:\WINDOWS\System32\DRIVERS\auusb.sys

"catchme" (catchme) - ? - C:\DOKUME~1\Markus\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"cpuz132" (cpuz132) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\system32\drivers\cpuz132_x32.sys

"HSFHWBS2" (HSFHWBS2) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys

"HSF_DP" (HSF_DP) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSF_DP.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"Infineon ADM851X USB To Fast Ethernet MII Adapter Driver" (ADM851X) - "Infineon Technologies AG" - C:\WINDOWS\System32\DRIVERS\ADM851X.SYS

"Inmax USB IMT-0521 Smartcard Reader" (IMT0521) - "Inmax Technology Corp." - C:\WINDOWS\System32\Drivers\IMT0521.sys

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"McAfee Inc." (mfeavfk01) - ? - C:\WINDOWS\system32\drivers\mfeavfk01.sys  (File not found)

"NTSIM" (NTSIM) - "VIA Networking Technologies, Inc.       " - C:\WINDOWS\System32\ntsim.sys

"PADUS ASPI SHELL" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\DRIVERS\PxHelp20.sys

"SCR33X USB Smart Card Reader" (SCR33X USB Smart Card Reader) - "SCM Microsystems Inc." - C:\WINDOWS\System32\DRIVERS\SCR33X2K.sys

"Service for Realtek AC97 Audio (WDM)" (ALCXWDM) - "Realtek Semiconductor Corp." - C:\WINDOWS\System32\drivers\ALCXWDM.SYS

"Service for WDM 3D Audio Driver" (ALCXSENS) - "Sensaura Ltd" - C:\WINDOWS\System32\drivers\ALCXSENS.SYS

"StreamDispatcher" (StreamDispatcher) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\strmdisp.sys

"U3sHlpDr" (U3sHlpDr) - ? - C:\WINDOWS\System32\Drivers\U3sHlpDr.sys  (File found, but it contains no detailed information)

"VIA Rhine Family Fast Ethernet Adapter Driver Service" (FETNDISB) - "VIA Technologies, Inc.              " - C:\WINDOWS\System32\DRIVERS\fetnd5b.sys

"WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys  (File not found)

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"winachsf" (winachsf) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll

{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)

{BB7DF450-F119-11CD-8465-00AA00425D90} "Microsoft Access Custom Icon Handler" - ? - C:\Programme\Office\  (File not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\Office\OLKFSTUB.DLL

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{ED65AC21-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device" - ? -   (File not found | COM-object registry key not found)

{ED65AC22-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device ContextMenuHandler" - ? -   (File not found | COM-object registry key not found)

{ED65AC23-B24F-11d3-BA80-00C0CA16AA37} "Siemens SX1 PropertySheetHandler" - ? -   (File not found | COM-object registry key not found)

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll

<binary data> "Ask.com Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} "McAfee.com Operating System Class" - "McAfee, Inc" - C:\WINDOWS\System32\mcinsctl.dll / hxxp://download.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,90/mcinsctl.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{44226DFF-747E-4edc-B30C-78752E50CD0C} "ATI TV" - "ATI Technologies Inc." - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll

<binary data> "Ask.com Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{D4027C7F-154A-4066-A1AD-4243D8127440} "Ask.com Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

{12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} "metaspinner media GmbH" - ? - C:\PROGRA~1\klickTel\EBAYST~1\IEBUTT~2.DLL  (File found, but it contains no detailed information)

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20101115212251.dll

{74A0AC27-3753-4080-B94E-557CC43E9E8B} "{74A0AC27-3753-4080-B94E-557CC43E9E8B}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"avm:" - "AVM Berlin GmbH" - C:\WINDOWS\system32\avmprmon.dll

"Canon BJ Language Monitor S400" - "CANON INC." - C:\WINDOWS\system32\CNMLM2P.DLL
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\System32\Ati2evxx.exe

"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe

"AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - C:\Programme\FRITZ!DSL\IGDCTRL.EXE

"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe

"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"McAfee Firewall Core Service" (mfefire) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe

"McAfee Network Agent" (McNASvc) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe

"McAfee Personal Firewall-Dienst" (McMPFSvc) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe

"McAfee Proxy Service" (McProxy) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe

"McAfee Scanner" (McODS) - "McAfee, Inc." - C:\Programme\McAfee\VirusScan\mcods.exe

"McAfee Services" (mcmscsvc) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe

"McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - "McAfee, Inc." - C:\Programme\McAfee\SiteAdvisor\McSACore.exe

"McAfee Validation Trust Protection Service" (mfevtp) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe

"McAfee VirusScan Announcer" (McNaiAnn) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe

"McShield" (McShield) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Gut. Probier GMER bitte nochmal aus.

Hab GMER ein paar mal laufen lassen. Geht jedesmal bis zu den Files dann ist Schluß.
Hier die logs:
GMER Logfile:

Code:

GMER 1.0.15.15530 - hxxp://www.gmer.net

Rootkit scan 2011-01-02 21:14:31

Windows 5.1.2600 Service Pack 3 

Running: dxcc149w.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kwkcikod.sys
 
 

---- System - GMER 1.0.15 ----
 

Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwCreateKey [0xF83520E0]

Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwDeleteKey [0xF83520F4]

Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwDeleteValueKey [0xF8352120]

Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwOpenKey [0xF83520CC]

Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwOpenProcess [0xF83520A4]

Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwOpenThread [0xF83520B8]

Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwRenameKey [0xF835210A]

Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwSetSecurityObject [0xF835214C]

Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwSetValueKey [0xF8352136]

Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  NtOpenProcess

Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  NtOpenThread

Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  NtSetSecurityObject
 

---- EOF - GMER 1.0.15 ----

--- --- ---
GMER Logfile:

Code:

GMER 1.0.15.15530 - hxxp://www.gmer.net

Rootkit scan 2011-01-02 21:13:59

Windows 5.1.2600 Service Pack 3 

Running: dxcc149w.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kwkcikod.sys
 
 

---- Kernel code sections - GMER 1.0.15 ----
 

PAGE   ntkrnlpa.exe!NtSetSecurityObject                                                              805B6040 5 Bytes  JMP F8352150 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE   ntkrnlpa.exe!NtOpenProcess                                                                    805C1316 5 Bytes  JMP F83520A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE   ntkrnlpa.exe!NtOpenThread                                                                     805C15A2 5 Bytes  JMP F83520BC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE   ntkrnlpa.exe!ZwSetValueKey                                                                    806188B6 7 Bytes  JMP F835213A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE   ntkrnlpa.exe!ZwRenameKey                                                                      80619D66 7 Bytes  JMP F835210E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE   ntkrnlpa.exe!ZwCreateKey                                                                      8061A344 5 Bytes  JMP F83520E4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE   ntkrnlpa.exe!ZwDeleteKey                                                                      8061A7E0 7 Bytes  JMP F83520F8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE   ntkrnlpa.exe!ZwDeleteValueKey                                                                 8061A9B0 7 Bytes  JMP F8352124 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE   ntkrnlpa.exe!ZwOpenKey                                                                        8061B722 5 Bytes  JMP F83520D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

init   C:\WINDOWS\system32\drivers\ALCXSENS.SYS                                                      entry point in "init" section [0xF73BFA80]
 

---- User code sections - GMER 1.0.15 ----
 

.text  C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe[964] kernel32.dll!LoadLibraryA  7C801D7B 5 Bytes  JMP 62419A20 C:\Programme\Gemeinsame Dateien\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)

.text  C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe[964] kernel32.dll!LoadLibraryW  7C80AEEB 5 Bytes  JMP 62419AE2 C:\Programme\Gemeinsame Dateien\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
 

---- EOF - GMER 1.0.15 ----

--- --- ---
GMER Logfile:

Code:

GMER 1.0.15.15530 - hxxp://www.gmer.net

Rootkit scan 2011-01-02 21:12:44

Windows 5.1.2600 Service Pack 3 

Running: dxcc149w.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kwkcikod.sys
 
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT  C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe[1012] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW]  [00407740] C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

IAT  C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe[1012] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]      [004077A0] C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
 

---- EOF - GMER 1.0.15 ----

--- --- ---
GMER Logfile:

Code:

GMER 1.0.15.15530 - hxxp://www.gmer.net

Rootkit scan 2011-01-02 21:15:03

Windows 5.1.2600 Service Pack 3 

Running: dxcc149w.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kwkcikod.sys
 
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\Ntfs \Ntfs       mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

AttachedDevice  \Driver\Tcpip \Device\Ip     mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice  \Driver\Tcpip \Device\Tcp    mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice  \Driver\Tcpip \Device\Udp    mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice  \Driver\Tcpip \Device\RawIp  mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice  \FileSystem\Fastfat \Fat     mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
 

---- EOF - GMER 1.0.15 ----

--- --- ---

GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit quick scan 2011-01-02 21:45:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_7Y250P0 rev.YAR41BW0
Running: dxcc149w.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kwkcikod.sys

---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF83520E0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF83520F4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF8352120]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF83520CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF83520A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF83520B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF835210A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF835214C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF8352136]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
Danke für die Hilfe
Markus

Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hallo Arne,
sorry hat ein wenig gedauert, letzte Woche war die Hölle los.
Hier mal das log von Malware:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5480

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09.01.2011 22:16:56
mbam-log-2011-01-09 (22-16-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 435202
Laufzeit: 3 Stunde(n), 17 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Jetzt ist SASW dran
Gruß