Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   1.Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden... (https://www.trojaner-board.de/96710-1-virus-unerwuenschtes-programm-tr-dropper-gen-trojan-gefunden.html)

chrise 24.03.2011 15:20
Erledigt, Was plagt meinen PC denn da nur so? Da ist der neue Logfile:
Code:
ComboFix 11-03-23.05 - Scheidt 24.03.2011  14:17:55.3.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.503.240 [GMT 1:00]
ausgeführt von:: c:\documents and settings\Scheidt\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\documents and settings\Scheidt\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\windows\system32\6.tmp"
"c:\windows\system32\drivers\vocddb.sys"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2
-------\Service_pjffi
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-02-24 bis 2011-03-24  ))))))))))))))))))))))))))))))
.
.
2011-03-22 19:36 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-22 19:36 . 2011-03-22 19:50        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-03-22 19:36 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-03-22 09:40 . 2011-03-22 09:40        --------        d-----w-        c:\program files\ERUNT
2011-03-12 11:28 . 2011-03-12 11:28        103864        ----a-w-        c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 11:28 . 2011-03-12 11:28        103864        ----a-w-        c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-03-05 10:31 . 2011-03-05 10:31        --------        d-----w-        c:\program files\Common Files\Skype
2011-03-03 07:28 . 2011-03-03 07:28        --------        d-----w-        c:\documents and settings\All Users\Application Data\Aldi Nord Fotoservice
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 14:09 . 2010-03-16 15:00        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-03-03 07:27 . 2008-11-15 15:09        447119        -c--a-w-        c:\documents and settings\Scheidt\Application Data\mdbu.bin
2011-02-09 13:53 . 2002-08-29 12:00        270848        ----a-w-        c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2002-08-29 12:00        186880        ----a-w-        c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2006-09-19 21:15        2067456        ----a-w-        c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2006-09-19 21:15        677888        ----a-w-        c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2002-08-29 12:00        439296        ----a-w-        c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2002-08-29 12:00        290048        ----a-w-        c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2008-08-28 06:38        1854976        ----a-w-        c:\windows\system32\win32k.sys
2009-11-24 12:14 . 2009-11-24 12:14        10437264        ----a-w-        c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-11-28 11:10 . 2009-11-28 11:10        107760        ----a-w-        c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Voipwise"="c:\program files\Voipwise.com\Voipwise\Voipwise.exe" [2010-12-21 12900144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-06 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-07-22 20:46        110592        ----a-w-        c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Anleitung.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Anleitung.exe
backup=c:\windows\pss\Anleitung.exeCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07        932288        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44        35760        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALDI_NORD_FotoSuite_Download]
2008-11-11 10:54        1257472        ----a-w-        c:\program files\ALDI Foto Service Nord\ALDI_Foto_Service\FotoSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 16:17        47904        ----a-w-        c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-29 17:41        149040        -c--a-w-        c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 04:42        110592        ----a-w-        c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-07-19 16:06        77824        ----a-w-        c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-07-19 16:10        114688        ----a-w-        c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-07-19 16:09        94208        ----a-w-        c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2005-07-22 20:47        385024        -c--a-w-        c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2005-07-22 20:46        401408        ----a-w-        c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16        421160        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-05-24 15:38        1226288        -c--a-w-        c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50        155648        ----a-w-        c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2007-05-29 17:41        149040        -c--a-w-        c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-08-24 05:42        393216        -c--a-w-        c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
2006-09-15 12:21        675840        ----a-w-        c:\windows\vsnp2std.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-06-24 12:36        729178        -c--a-w-        c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-12 11:28        198160        ----a-w-        c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31        247144        ----a-w-        c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
2006-11-02 13:04        258048        -c--a-w-        c:\windows\tsnp2std.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessKeyboard]
2005-11-30 11:48        94208        -c--a-w-        c:\program files\12025SC Kabellose Multimedia Tastatur und Maus Set\StartAutorun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessMouse]
2005-11-30 11:48        94208        -c--a-w-        c:\program files\12025SC Kabellose Multimedia Tastatur und Maus Set\StartAutorun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"gupdate1c9b2e4b3c3a1c0"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe"=
"c:\\Program Files\\devolo\\informer\\devinf.exe"=
"c:\\Program Files\\devolo\\easyshare\\easyshare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Home Cinema\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Scheidt\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [09.01.2010 22:16 1858144]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [16.03.2010 16:00 135336]
R2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\plcndis5.sys [17.05.2004 11:21 17280]
S2 gupdate1c9b2e4b3c3a1c0;Google Update Service (gupdate1c9b2e4b3c3a1c0);c:\program files\Google\Update\GoogleUpdate.exe [01.04.2009 17:12 133104]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?]
S3 TridVid;Video Grabber;c:\windows\system32\drivers\tridvid.sys [11.02.2009 11:08 99200]
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 16:12]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 16:12]
.
2011-03-24 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.wetter.de/wetter/vorhersage/tage/Italien/Wetter-Rom/md5/9022ec3fa077f89a211761da2ed1c0cd/step/1
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: raiffeisenbank.rs\rol
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
FF - ProfilePath - c:\documents and settings\Scheidt\Application Data\Mozilla\Firefox\Profiles\83dqc3cs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wetter.de/wettervorhersage/39-7626-24-tage/wetter-rom.html
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-24 14:55
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-1972579041-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1659004503-1972579041-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:81,eb,43,cb,ab,d9,6e,85,0c,bb,a2,6f,c5,b3,47,de,47,53,28,b6,e9,ea,94,
  1c,86,0a,6b,a3,cd,f7,f6,5b,da,cf,5a,77,d7,7e,ba,fb,5b,87,4d,92,85,f3,47,39,\
"??"=hex:b3,e5,ec,f2,c0,2b,19,b1,ef,90,4b,31,6a,6c,0f,1e
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•A~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1032)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(2172)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\IoctlSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-24  15:03:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-03-24 14:02
ComboFix2.txt  2011-03-24 10:50
.
Vor Suchlauf: 2.874.548.224 bytes free
Nach Suchlauf: 2.841.370.624 Bytes frei
.
- - End Of File - - 4E9151B02A97E304E25F6526105E454B
Viele Grüße
Chrise

cosinus 24.03.2011 15:42
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

chrise 24.03.2011 17:20
Hallo, weder der Killer noch Norman finden etwas....
Code:
2011/03/24 17:04:43.0296 3376        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/24 17:04:43.0968 3376        ================================================================================
2011/03/24 17:04:43.0968 3376        SystemInfo:
2011/03/24 17:04:43.0968 3376       
2011/03/24 17:04:43.0968 3376        OS Version: 5.1.2600 ServicePack: 3.0
2011/03/24 17:04:43.0968 3376        Product type: Workstation
2011/03/24 17:04:43.0968 3376        ComputerName: DELL
2011/03/24 17:04:43.0968 3376        UserName: Scheidt
2011/03/24 17:04:43.0968 3376        Windows directory: C:\WINDOWS
2011/03/24 17:04:43.0968 3376        System windows directory: C:\WINDOWS
2011/03/24 17:04:43.0968 3376        Processor architecture: Intel x86
2011/03/24 17:04:43.0968 3376        Number of processors: 1
2011/03/24 17:04:43.0968 3376        Page size: 0x1000
2011/03/24 17:04:43.0968 3376        Boot type: Normal boot
2011/03/24 17:04:43.0968 3376        ================================================================================
2011/03/24 17:04:44.0875 3376        Initialize success
2011/03/24 17:04:49.0531 3712        ================================================================================
2011/03/24 17:04:49.0531 3712        Scan started
2011/03/24 17:04:49.0531 3712        Mode: Manual;
2011/03/24 17:04:49.0531 3712        ================================================================================
2011/03/24 17:04:51.0265 3712        61883          (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/03/24 17:04:51.0406 3712        ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/24 17:04:51.0468 3712        ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/24 17:04:51.0531 3712        ADILOADER      (e467a7e56413058ebd74995f682bf684) C:\WINDOWS\system32\Drivers\adildr.sys
2011/03/24 17:04:51.0609 3712        adiusbaw        (9a62b2599e765fb93ff8124fd8f62b83) C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
2011/03/24 17:04:51.0734 3712        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/24 17:04:51.0875 3712        AegisP          (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/03/24 17:04:51.0968 3712        AFD            (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/24 17:04:52.0218 3712        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/24 17:04:52.0343 3712        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/24 17:04:52.0406 3712        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/24 17:04:52.0484 3712        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/24 17:04:52.0734 3712        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/24 17:04:52.0828 3712        Avc            (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/03/24 17:04:52.0984 3712        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/03/24 17:04:53.0062 3712        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/03/24 17:04:53.0171 3712        avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/03/24 17:04:53.0328 3712        bcm4sbxp        (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/03/24 17:04:53.0406 3712        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/24 17:04:53.0515 3712        BthEnum        (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/03/24 17:04:53.0593 3712        BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/03/24 17:04:53.0671 3712        BTHPORT        (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/03/24 17:04:53.0812 3712        BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/03/24 17:04:53.0921 3712        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/24 17:04:53.0984 3712        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/24 17:04:54.0093 3712        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/24 17:04:54.0171 3712        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/24 17:04:54.0203 3712        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/24 17:04:54.0328 3712        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/24 17:04:54.0500 3712        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/24 17:04:54.0640 3712        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/24 17:04:54.0734 3712        dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/24 17:04:54.0843 3712        dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/24 17:04:54.0890 3712        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/24 17:04:54.0921 3712        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/24 17:04:55.0000 3712        dot4            (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/03/24 17:04:55.0187 3712        Dot4Print      (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/03/24 17:04:55.0234 3712        dot4usb        (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/03/24 17:04:55.0296 3712        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/24 17:04:55.0375 3712        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/24 17:04:55.0453 3712        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/24 17:04:55.0500 3712        Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/24 17:04:55.0578 3712        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/24 17:04:55.0656 3712        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/24 17:04:55.0703 3712        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/24 17:04:55.0843 3712        Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/24 17:04:55.0890 3712        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/03/24 17:04:55.0968 3712        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/24 17:04:56.0031 3712        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/24 17:04:56.0109 3712        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/24 17:04:56.0250 3712        HSF_DPV        (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/03/24 17:04:56.0468 3712        HSXHWAZL        (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/03/24 17:04:56.0593 3712        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/24 17:04:56.0734 3712        i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/24 17:04:56.0859 3712        ialm            (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/03/24 17:04:57.0062 3712        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/24 17:04:57.0187 3712        intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/24 17:04:57.0250 3712        ip6fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/24 17:04:57.0296 3712        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/24 17:04:57.0406 3712        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/24 17:04:57.0468 3712        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/24 17:04:57.0578 3712        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/24 17:04:57.0734 3712        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/24 17:04:57.0796 3712        isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/24 17:04:57.0859 3712        IWCA            (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
2011/03/24 17:04:57.0953 3712        Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/24 17:04:58.0015 3712        kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/24 17:04:58.0093 3712        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/24 17:04:58.0140 3712        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/24 17:04:58.0234 3712        mdmxsdk        (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/24 17:04:58.0406 3712        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/24 17:04:58.0468 3712        Modem          (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/24 17:04:58.0500 3712        Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/24 17:04:58.0562 3712        mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/24 17:04:58.0625 3712        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/24 17:04:58.0687 3712        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/24 17:04:58.0765 3712        MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/24 17:04:58.0859 3712        MSDV            (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/03/24 17:04:59.0000 3712        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/24 17:04:59.0046 3712        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/24 17:04:59.0109 3712        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/24 17:04:59.0171 3712        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/24 17:04:59.0281 3712        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/24 17:04:59.0359 3712        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/24 17:04:59.0453 3712        Mup            (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/24 17:04:59.0500 3712        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/24 17:04:59.0640 3712        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/24 17:04:59.0687 3712        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/24 17:04:59.0765 3712        NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/24 17:04:59.0828 3712        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/24 17:04:59.0890 3712        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/24 17:04:59.0953 3712        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/24 17:05:00.0015 3712        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/24 17:05:00.0093 3712        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/24 17:05:00.0328 3712        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/24 17:05:00.0406 3712        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/24 17:05:00.0453 3712        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/24 17:05:00.0531 3712        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/24 17:05:00.0593 3712        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/24 17:05:00.0656 3712        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/24 17:05:00.0734 3712        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/24 17:05:00.0828 3712        OMCI            (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/03/24 17:05:00.0906 3712        Parport        (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/24 17:05:00.0953 3712        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/24 17:05:01.0000 3712        ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/24 17:05:01.0093 3712        PCI            (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/24 17:05:01.0171 3712        PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/24 17:05:01.0234 3712        Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/24 17:05:01.0437 3712        pcouffin        (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/03/24 17:05:01.0718 3712        PLCNDIS5        (2aba2f545b35f9c6cc2cfc4e1d539a80) C:\WINDOWS\system32\plcndis5.sys
2011/03/24 17:05:01.0890 3712        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/24 17:05:01.0953 3712        Processor      (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/24 17:05:02.0000 3712        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/24 17:05:02.0140 3712        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/24 17:05:02.0234 3712        PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/24 17:05:02.0406 3712        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/24 17:05:02.0500 3712        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/24 17:05:02.0609 3712        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/24 17:05:02.0656 3712        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/24 17:05:02.0718 3712        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/24 17:05:02.0796 3712        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/24 17:05:02.0875 3712        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/24 17:05:02.0968 3712        RDPWD          (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/24 17:05:03.0093 3712        redbook        (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/24 17:05:03.0218 3712        RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/03/24 17:05:03.0437 3712        ROOTMODEM      (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/03/24 17:05:03.0546 3712        s24trans        (9c40cb317400f2cf643b8706147dd06d) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/03/24 17:05:03.0671 3712        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/24 17:05:03.0781 3712        Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/24 17:05:03.0921 3712        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/03/24 17:05:04.0046 3712        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/24 17:05:04.0765 3712        SNP2STD        (bbff0acddea8357a065af13176d0e15d) C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
2011/03/24 17:05:05.0421 3712        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/24 17:05:05.0484 3712        sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/24 17:05:05.0546 3712        Srv            (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/24 17:05:05.0625 3712        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/03/24 17:05:05.0734 3712        STHDA          (4d8af5d86a8f7778b93069e0f2e30b33) C:\WINDOWS\system32\drivers\sthda.sys
2011/03/24 17:05:05.0890 3712        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/24 17:05:05.0968 3712        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/24 17:05:06.0046 3712        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/24 17:05:06.0234 3712        SynTP          (643b3e821a00b2b6a35cc099cb9653a1) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/03/24 17:05:06.0343 3712        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/24 17:05:06.0421 3712        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/24 17:05:06.0531 3712        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/24 17:05:06.0625 3712        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/24 17:05:06.0703 3712        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/24 17:05:06.0843 3712        tosporte        (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/03/24 17:05:06.0937 3712        tosrfbd        (8c3bfaf3fca90502e6fa35503b8e979e) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
2011/03/24 17:05:07.0046 3712        tosrfbnp        (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/03/24 17:05:07.0125 3712        Tosrfcom        (4742f0bad28268ab093ed6f4ea857997) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/03/24 17:05:07.0203 3712        Tosrfhid        (7c807ba9660e2995cc0217a14a24094c) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/03/24 17:05:07.0296 3712        tosrfnds        (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/03/24 17:05:07.0437 3712        TosRfSnd        (a4ce9572bc4ac8d329455059b43c5bea) C:\WINDOWS\system32\drivers\tosrfsnd.sys
2011/03/24 17:05:07.0500 3712        tosrfusb        (01c90086cd37e7e8d9a827e24167fcb7) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
2011/03/24 17:05:07.0593 3712        TridVid        (b58e17ec1a91a3753d56c03bc2d5f8e2) C:\WINDOWS\system32\DRIVERS\TridVid.sys
2011/03/24 17:05:07.0734 3712        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/24 17:05:07.0890 3712        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/24 17:05:07.0984 3712        USBAAPL        (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/03/24 17:05:08.0093 3712        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/24 17:05:08.0171 3712        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/24 17:05:08.0359 3712        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/24 17:05:08.0453 3712        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/24 17:05:08.0562 3712        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/24 17:05:08.0656 3712        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/24 17:05:08.0781 3712        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/24 17:05:08.0859 3712        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/24 17:05:08.0953 3712        VolSnap        (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/24 17:05:09.0156 3712        w29n51          (adb2f5af36155c9f1fbfd66a3acacbe6) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/03/24 17:05:09.0468 3712        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/24 17:05:09.0546 3712        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/24 17:05:09.0625 3712        winachsf        (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/03/24 17:05:09.0812 3712        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/24 17:05:09.0953 3712        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/24 17:05:10.0062 3712        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/24 17:05:10.0437 3712        ================================================================================
2011/03/24 17:05:10.0437 3712        Scan finished
2011/03/24 17:05:10.0437 3712        ================================================================================
hier noch der andere:
Code:
Norman TDSS Cleaner
Version 2.0.2
Copyright © 1990 - 2010, Norman ASA. Built 2010/11/12 12:32:24

Scan started: 2011/03/24 17:13:24

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: DELL\***


Scanning kernel...

Scan complete
Sehr übersichtlich... Was war denn los? Muss ich nicht nun mal meine Sticks und externe Festplatte mal prüfen?

Danke
Chrise

cosinus 24.03.2011 18:36
Zitat:
Muss ich nicht nun mal meine Sticks und externe Festplatte mal prüfen?
Machst du beim nächsten Vollscan mit Malwarebytes, jetzt aber noch nicht!!

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

chrise 24.03.2011 21:43
Da ist alles:
Der GMER
Code:
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-24 21:26:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Hitachi_HTS541080G9AT00 rev.MB4OA61A
Running: g2m3e4r.exe; Driver: C:\DOCUME~1\Scheidt\LOCALS~1\Temp\pxtdapod.sys


---- System - GMER 1.0.15 ----

SSDT            F8C287F6                                                                                        ZwCreateKey
SSDT            F8C287EC                                                                                        ZwCreateThread
SSDT            F8C287FB                                                                                        ZwDeleteKey
SSDT            F8C28805                                                                                        ZwDeleteValueKey
SSDT            F8C2880A                                                                                        ZwLoadKey
SSDT            F8C287D8                                                                                        ZwOpenProcess
SSDT            F8C287DD                                                                                        ZwOpenThread
SSDT            F8C28814                                                                                        ZwReplaceKey
SSDT            F8C2880F                                                                                        ZwRestoreKey
SSDT            F8C28800                                                                                        ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

?              C:\cofi\catchme.sys                                                                              Das System kann den angegebenen Pfad nicht finden. !
?              C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                      Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\a-squared Free\a2service.exe[220] kernel32.dll!CreateThread + 1A                7C8106F1 4 Bytes  CALL 0045495D C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                          SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \Driver\BTHUSB \Device\000000a0                                                                  bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\000000a2                                                                  bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd501959                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd501959@0026b0298a83        0x1D 0xCF 0x20 0x9E ...
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd501959 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd501959@0026b0298a83            0x1D 0xCF 0x20 0x9E ...

---- EOF - GMER 1.0.15 ----
Der Osam:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:35:24 on 24.03.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.17095

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"OGALogon.job" - ? - C:\WINDOWS\system32\OGAEXEC.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\WINDOWS\system32\LocalCOM.cpl
"NeroBurnRights.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\NeroBurnRights.cpl
"QTW32.CPL" - "Apple Computer, Inc." - C:\WINDOWS\system32\QTW32.CPL
"stacgui.cpl" - "SigmaTel, Inc." - C:\WINDOWS\system32\stacgui.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.2.0.3" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Conexant Setup API" (UIUSys) - ? - C:\WINDOWS\System32\drivers\UIUSys.sys  (File not found)
"General Purpose USB Driver (adildr.sys)" (ADILOADER) - "Analog Deivces" - C:\WINDOWS\System32\Drivers\adildr.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\DOCUME~1\Scheidt\LOCALS~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"OMCI" (OMCI) - "Dell Computer Corporation" - C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PLCMPR5 NDIS Protocol Driver" (PLCMPR5) - ? - C:\WINDOWS\system32\PLCMPR5.SYS  (File not found)
"PLCNDIS5 NDIS Protocol Driver" (PLCNDIS5) - "Intellon, Inc." - C:\WINDOWS\system32\plcndis5.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"pxtdapod" (pxtdapod) - ? - C:\DOCUME~1\Scheidt\LOCALS~1\Temp\pxtdapod.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarModem ADSL USB MODEM WAN ADAPTER" (adiusbaw) - "Analog Devices Inc." - C:\WINDOWS\System32\DRIVERS\adiusbaw.sys
"VSO Software pcouffin" (pcouffin) - "VSO Software" - C:\WINDOWS\System32\Drivers\pcouffin.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "linkscanner" - ? -  (File not found | COM-object registry key not found)
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\msgrapp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - D:\FREEM4~1\m4a_menu.dll  (File found, but it contains no detailed information)
{42071714-76d4-11d1-8b24-00a0c9068ff3} "Display Panning CPL Extension" - ? - deskpan.dll  (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Encryption Context Menu" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "Malware Defense extension" - ? -  (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shell extensions for file compression" - ? -  (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "&Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
DirectAnimation Java Classes "DirectAnimation Java Classes" - ? -  (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\dajava.cab
{73848533-39E1-49F1-9363-28054268C094} "FileInterface Class" - ? - C:\WINDOWS\Downloaded Program Files\FSINT9.dll / https://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? -  (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{A8F2B9BD-A6A0-486A-9744-18920D898429} "{A8F2B9BD-A6A0-486A-9744-18920D898429}" - ? -  (File not found | COM-object registry key not found) / hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-----( %UserProfile%\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Documents and Settings\Scheidt\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Voipwise" - "Voipwise" - "C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe" -nosplash -minimized
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDF995 Monitor" - ? - C:\WINDOWS\system32\pdf995mon.dll  (File found, but it contains no detailed information)
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\WINDOWS\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"a-squared Free Service" (a2free) - "Emsi Software GmbH" - C:\Program Files\a-squared Free\a2service.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"EvtEng" (EvtEng) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
"Google Update Service (gupdate1c9b2e4b3c3a1c0)" (gupdate1c9b2e4b3c3a1c0) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jqs.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
"NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\WINDOWS\system32\IoctlSvc.exe
"RegSrvc" (RegSrvc) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
"Spectrum24 Event Monitor" (S24EventMonitor) - "Intel Corporation " - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"WLANKEEPER" (WLANKEEPER) - "Intel® Corporation" - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"IntelWireless" - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Der MBRLOG
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows XP Professional
Windows Information:                Service Pack 3 (build 2600)
Logical Drives Mask:                0x0000001c

Kernel Drivers (total 150):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806D1000 \WINDOWS\system32\hal.dll
  0xF8A76000 \WINDOWS\system32\KDCOM.DLL
  0xF8986000 \WINDOWS\system32\BOOTVID.dll
  0xF8447000 ACPI.sys
  0xF8A78000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
  0xF8436000 pci.sys
  0xF8576000 isapnp.sys
  0xF898A000 compbatt.sys
  0xF898E000 \WINDOWS\System32\DRIVERS\BATTC.SYS
  0xF8B3E000 pciide.sys
  0xF87F6000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
  0xF8586000 MountMgr.sys
  0xF8417000 ftdisk.sys
  0xF8A7A000 dmload.sys
  0xF83F1000 dmio.sys
  0xF87FE000 PartMgr.sys
  0xF8596000 VolSnap.sys
  0xF83D9000 atapi.sys
  0xF85A6000 disk.sys
  0xF85B6000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
  0xF83B9000 fltmgr.sys
  0xF83A7000 sr.sys
  0xF85C6000 PxHelp20.sys
  0xF8390000 KSecDD.sys
  0xF8303000 Ntfs.sys
  0xF82D6000 NDIS.sys
  0xF85D6000 ohci1394.sys
  0xF85E6000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xF82BC000 Mup.sys
  0xF8636000 \SystemRoot\System32\DRIVERS\intelppm.sys
  0xF8A5A000 \SystemRoot\System32\DRIVERS\CmBatt.sys
  0xF6F03000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
  0xF6EEF000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
  0xF6EC7000 \SystemRoot\System32\DRIVERS\HDAudBus.sys
  0xF890E000 \SystemRoot\System32\DRIVERS\usbuhci.sys
  0xF6EA3000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
  0xF8916000 \SystemRoot\System32\DRIVERS\usbehci.sys
  0xF8646000 \SystemRoot\System32\DRIVERS\bcm4sbxp.sys
  0xF6B80000 \SystemRoot\System32\DRIVERS\w29n51.sys
  0xF8656000 \SystemRoot\System32\DRIVERS\i8042prt.sys
  0xF6B51000 \SystemRoot\System32\DRIVERS\SynTP.sys
  0xF8AA8000 \SystemRoot\System32\DRIVERS\USBD.SYS
  0xF891E000 \SystemRoot\System32\DRIVERS\mouclass.sys
  0xF8926000 \SystemRoot\System32\DRIVERS\kbdclass.sys
  0xF8666000 \SystemRoot\System32\DRIVERS\imapi.sys
  0xF8676000 \SystemRoot\System32\DRIVERS\cdrom.sys
  0xF8686000 \SystemRoot\System32\DRIVERS\redbook.sys
  0xF6B2E000 \SystemRoot\System32\DRIVERS\ks.sys
  0xF892E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0xF8696000 \SystemRoot\System32\Drivers\tosrfcom.sys
  0xF6AF1000 \SystemRoot\System32\DRIVERS\iwca.sys
  0xF8B6C000 \SystemRoot\System32\DRIVERS\audstub.sys
  0xF8AAA000 \SystemRoot\System32\Drivers\RootMdm.sys
  0xF8936000 \SystemRoot\System32\Drivers\Modem.SYS
  0xF7094000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
  0xF8A62000 \SystemRoot\System32\DRIVERS\ndistapi.sys
  0xF6ADA000 \SystemRoot\System32\DRIVERS\ndiswan.sys
  0xF7084000 \SystemRoot\System32\DRIVERS\raspppoe.sys
  0xF7074000 \SystemRoot\System32\DRIVERS\raspptp.sys
  0xF893E000 \SystemRoot\System32\DRIVERS\TDI.SYS
  0xF6AC9000 \SystemRoot\System32\DRIVERS\psched.sys
  0xF7064000 \SystemRoot\System32\DRIVERS\msgpc.sys
  0xF8946000 \SystemRoot\System32\DRIVERS\ptilink.sys
  0xF894E000 \SystemRoot\System32\DRIVERS\raspti.sys
  0xF7034000 \SystemRoot\System32\Drivers\pcouffin.sys
  0xF6A27000 \SystemRoot\System32\DRIVERS\rdpdr.sys
  0xF7024000 \SystemRoot\System32\DRIVERS\termdd.sys
  0xF8AAE000 \SystemRoot\System32\DRIVERS\swenum.sys
  0xF69C9000 \SystemRoot\System32\DRIVERS\update.sys
  0xF827B000 \SystemRoot\System32\DRIVERS\mssmbios.sys
  0xF7014000 \SystemRoot\system32\DRIVERS\tosporte.sys
  0xF7004000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xAA62C000 \SystemRoot\system32\drivers\sthda.sys
  0xAA608000 \SystemRoot\system32\drivers\portcls.sys
  0xF8706000 \SystemRoot\system32\drivers\drmk.sys
  0xAA5CE000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0xAA4D7000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0xAA421000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0xF8726000 \SystemRoot\System32\DRIVERS\usbhub.sys
  0xF8AC0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF8BD3000 \SystemRoot\System32\Drivers\Null.SYS
  0xF8AC2000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF8976000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF897E000 \SystemRoot\System32\drivers\vga.sys
  0xF8AC4000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF8AC6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF880E000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF8816000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF783C000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0xAA3DA000 \SystemRoot\System32\DRIVERS\ipsec.sys
  0xAA381000 \SystemRoot\System32\DRIVERS\tcpip.sys
  0xAA359000 \SystemRoot\System32\DRIVERS\netbt.sys
  0xAA337000 \SystemRoot\System32\drivers\afd.sys
  0xF8756000 \SystemRoot\System32\DRIVERS\netbios.sys
  0xF881E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0xAA30C000 \SystemRoot\System32\DRIVERS\rdbss.sys
  0xF8A16000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
  0xAA274000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
  0xF8786000 \SystemRoot\System32\Drivers\Fips.SYS
  0xAA24E000 \SystemRoot\System32\DRIVERS\ipnat.sys
  0xAA228000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0xF8AD0000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0xF87D6000 \SystemRoot\System32\DRIVERS\wanarp.sys
  0xF8A36000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xF8606000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xF884E000 \SystemRoot\system32\DRIVERS\dot4usb.sys
  0xAA0FB000 \SystemRoot\system32\DRIVERS\Dot4.sys
  0xA9587000 \SystemRoot\system32\DRIVERS\snp2sxp.sys
  0xF8616000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0xF8856000 \SystemRoot\system32\DRIVERS\SNCAMD.SYS
  0xF8A3E000 \SystemRoot\System32\DRIVERS\mouhid.sys
  0xF8A42000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
  0xF888E000 \SystemRoot\System32\Drivers\BTHUSB.sys
  0xA9409000 \SystemRoot\System32\Drivers\bthport.sys
  0xF8896000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0xF8A56000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0xF8766000 \SystemRoot\system32\DRIVERS\rfcomm.sys
  0xF88BE000 \SystemRoot\system32\DRIVERS\BthEnum.sys
  0xA93F0000 \SystemRoot\system32\DRIVERS\bthpan.sys
  0xAA218000 \SystemRoot\system32\drivers\usbaudio.sys
  0xA954F000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xA9261000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF8AE4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xAA2FC000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF88FE000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF8C26000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF020000 \SystemRoot\System32\ialmdnt5.dll
  0xBF012000 \SystemRoot\System32\ialmrnt5.dll
  0xBF041000 \SystemRoot\System32\ialmdev5.DLL
  0xBF075000 \SystemRoot\System32\ialmdd5.DLL
  0xBF157000 \SystemRoot\System32\ATMFD.DLL
  0xA91FC000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xA9229000 \SystemRoot\System32\DRIVERS\AegisP.sys
  0xF896E000 \SystemRoot\system32\plcndis5.sys
  0xA9225000 \SystemRoot\System32\DRIVERS\s24trans.sys
  0xA91B8000 \SystemRoot\System32\DRIVERS\ndisuio.sys
  0xA8FEF000 \SystemRoot\System32\DRIVERS\mrxdav.sys
  0xA8EA3000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xA8C9F000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA88C6000 \SystemRoot\System32\Drivers\HTTP.sys
  0xA87C1000 \SystemRoot\system32\drivers\wdmaud.sys
  0xAA770000 \SystemRoot\system32\drivers\sysaudio.sys
  0xF883E000 \??\C:\cofi\catchme.sys
  0xF8AA6000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
  0xA80CF000 \??\C:\DOCUME~1\Scheidt\LOCALS~1\Temp\pxtdapod.sys
  0xA80A4000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 43):
      0 System Idle Process
      4 System
    960 C:\WINDOWS\system32\smss.exe
    1008 csrss.exe
    1032 C:\WINDOWS\system32\winlogon.exe
    1076 C:\WINDOWS\system32\services.exe
    1088 C:\WINDOWS\system32\lsass.exe
    1260 C:\WINDOWS\system32\svchost.exe
    1316 svchost.exe
    1460 C:\WINDOWS\system32\svchost.exe
    1504 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    1560 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    1668 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    1752 svchost.exe
    1948 svchost.exe
    288 C:\WINDOWS\system32\spoolsv.exe
    324 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    400 svchost.exe
    220 C:\Program Files\a-squared Free\a2service.exe
    316 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    548 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    572 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    588 C:\Program Files\Bonjour\mDNSResponder.exe
    620 svchost.exe
    908 C:\Program Files\Java\jre6\bin\jqs.exe
    1004 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    1304 C:\WINDOWS\system32\IoctlSvc.exe
    1412 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    1740 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    1836 C:\WINDOWS\system32\svchost.exe
    2012 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    1820 alg.exe
    2728 C:\WINDOWS\system32\svchost.exe
    1812 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    852 C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    3752 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    168 C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe
    2172 C:\WINDOWS\explorer.exe
    3264 C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
    2700 C:\Program Files\Mozilla Firefox\firefox.exe
    3004 C:\Program Files\Mozilla Firefox\plugin-container.exe
    2032 C:\Documents and Settings\Scheidt\Desktop\osam_autorun_manager_5_0_portable\osam.exe
    3512 C:\Documents and Settings\Scheidt\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000004`e22d6a00  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541080G9AT00, Rev: MB4OA61A

      Size  Device Name          MBR Status
  --------------------------------------------
    74 GB  \\.\PhysicalDrive0  Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
So, Tschüß!
Chrise

cosinus 24.03.2011 22:13
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs. Jetzt kannste auch alle externen Datenträger ranstecken.
Denk dran beide Tools zu updaten vor dem Scan!!

chrise 25.03.2011 19:42
Oh je, laut Superantispyware ist wohl doch nicht alles ok... Und obendrein habe ich auch noch die Viren ohne Aufforderung entfernt...Sorry grrr...
Hier der Log
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/25/2011 at 05:32 PM

Application Version : 4.50.1002

Core Rules Database Version : 6673
Trace Rules Database Version: 4485

Scan type      : Quick Scan
Total Scan Time : 00:34:32

Memory items scanned      : 534
Memory threats detected  : 0
Registry items scanned    : 1862
Registry threats detected : 2
File items scanned        : 28212
File threats detected    : 0

Trojan.Agent/Gen-Alureon
        HKU\S-1-5-19\Software\h8srt
        HKU\S-1-5-20\Software\h8srt
Malwarebyte hat nichts gefunden:
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6135

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

25.03.2011 09:50:49
mbam-log-2011-03-25 (09-50-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|)
Durchsuchte Objekte: 242084
Laufzeit: 1 Stunde(n), 17 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Was nun??

Viele Grüße
Chrise

cosinus 26.03.2011 17:49
Sieht ok aus, da wurden nur Überreste gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

chrise 26.03.2011 20:22
Guten Abend,

uff, da fällt mir aber ein Stein vom Herzen, ich hab echt gedacht, dass da noch ein Bösewicht ist... Probleme habe ich keine,

Ganz ganz herzlichen Dank mal wieder!!:dankeschoen::dankeschoen::dankeschoen::dankeschoen::dankeschoen::dankeschoen::dankeschoen::dankeschoen::dankeschoen::dankeschoen::dankeschoen :

Noch einen schönen Sonntag!

Chrise

cosinus 26.03.2011 20:43
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

chrise 26.03.2011 22:32
Lieber :heilig:Arne,
toll, :taenzer:, danke, das alles mach ich morgen gleich, jetzt hab aber ICH einen Virus, dass das so überspringen kann, ist mir ja ganz neu....:pfeiff: Aber das wird schon, denn jetzt kann ich ja wieder ruhig schlafen.

Tschüß
Chrise


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:32 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129