Schwarzer Desktop, Icons versteckt, "delayed write failed..."

cosinus · 18.11.2011, 21:16

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.11.02 16:54:30 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006.06.22 10:03:46 | 000,000,100 | -H-- | M] () - D:\AUTORUN.INF -- [ NTFS ]
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

sid77 · 18.11.2011, 21:47

hier der OTL-Fix

Zitat:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
D:\AUTORUN.INF moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->FireFox cache emptied: 39471988 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: CSCH1
->Temp folder emptied: 27148 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39472709 bytes
->Flash cache emptied: 5790 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34702 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 76,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11182011_213920

Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\OPQZ4DEB\%253Dv8%2F3b47%2F3%2F0%2F%252a%2Fl%253B242303740%253B0-0%253B1%253B26441059%253B4-234%2F60%253B42239439%2F42257226%2F1%253B%253B%257Eaopt%253D2%2F1%2F22%2F2%253B%257Esscs%253D%253f not found!
File\Folder C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\D6Z443IY\%253Dv8%2F3b3c%2F3%2F0%2F%252a%2Fl%253B242303740%253B0-0%253B1%253B26441059%253B4-234%2F60%253B42239439%2F42257226%2F1%253B%253B%257Eaopt%253D2%2F1%2F22%2F2%253B%257Esscs%253D%253f not found!
File\Folder C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\9NRZIBHO\%253Dv8%2F3b41%2F3%2F0%2F%252a%2Fl%253B242303740%253B0-0%253B1%253B26441059%253B4-234%2F60%253B42239439%2F42257226%2F1%253B%253B%257Eaopt%253D2%2F1%2F22%2F2%253B%257Esscs%253D%253f not found!
File\Folder C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\60NWRJ9I\%253Dv8%2F3b41%2F3%2F0%2F%252a%2Fl%253B242303740%253B0-0%253B1%253B26441059%253B4-234%2F60%253B42239439%2F42257226%2F1%253B%253B%257Eaopt%253D2%2F1%2F22%2F2%253B%257Esscs%253D%253f not found!
File\Folder C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\4ZDNKRLH\%253Dv8%2F3b43%2F3%2F0%2F%252a%2Fl%253B242303740%253B0-0%253B1%253B26441059%253B4-234%2F60%253B42239439%2F42257226%2F1%253B%253B%257Eaopt%253D2%2F1%2F22%2F2%253B%257Esscs%253D%253f not found!
File\Folder C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\0TMF8JW3\%253Dv8%2F3b41%2F3%2F0%2F%252a%2Fl%253B242303740%253B0-0%253B1%253B26441059%253B4-234%2F60%253B42239439%2F42257226%2F1%253B%253B%257Eaopt%253D2%2F1%2F22%2F2%253B%257Esscs%253D%253f not found!
File\Folder C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\0P2JO52J\%253Dv8%2F3b3b%2F3%2F0%2F%252a%2Fl%253B242303740%253B0-0%253B1%253B26441059%253B4-234%2F60%253B42239439%2F42257226%2F1%253B%253B%257Eaopt%253D2%2F1%2F22%2F2%253B%257Esscs%253D%253f not found!

Registry entries deleted on Reboot...

sid77 · 20.11.2011, 08:54

Ist der Rechner nun wieder sauber?
Danke & Gruß

cosinus · 20.11.2011, 12:57

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

sid77 · 20.11.2011, 13:15

hier das log:

Zitat:

13:08:21.0734 1040 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
13:08:21.0968 1040 ============================================================
13:08:21.0968 1040 Current date / time: 2011/11/20 13:08:21.0968
13:08:21.0968 1040 SystemInfo:
13:08:21.0968 1040
13:08:21.0968 1040 OS Version: 5.1.2600 ServicePack: 3.0
13:08:21.0968 1040 Product type: Workstation
13:08:21.0968 1040 ComputerName: ACER-59DE6FF88D
13:08:21.0968 1040 UserName: Administrator
13:08:21.0968 1040 Windows directory: C:\WINDOWS
13:08:21.0968 1040 System windows directory: C:\WINDOWS
13:08:21.0968 1040 Processor architecture: Intel x86
13:08:21.0968 1040 Number of processors: 1
13:08:21.0968 1040 Page size: 0x1000
13:08:21.0968 1040 Boot type: Safe boot with network
13:08:21.0968 1040 ============================================================
13:08:26.0250 1040 Initialize success
13:09:38.0031 1176 ============================================================
13:09:38.0031 1176 Scan started
13:09:38.0031 1176 Mode: Manual; SigCheck; TDLFS;
13:09:38.0031 1176 ============================================================
13:09:39.0640 1176 Abiosdsk - ok
13:09:39.0718 1176 abp480n5 - ok
13:09:39.0781 1176 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:09:41.0468 1176 ACPI - ok
13:09:41.0593 1176 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:09:41.0765 1176 ACPIEC - ok
13:09:41.0812 1176 adpu160m - ok
13:09:41.0890 1176 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:09:42.0062 1176 aec - ok
13:09:42.0109 1176 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:09:42.0171 1176 AFD - ok
13:09:42.0218 1176 Aha154x - ok
13:09:42.0265 1176 aic78u2 - ok
13:09:42.0312 1176 aic78xx - ok
13:09:42.0484 1176 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
13:09:42.0781 1176 ALCXWDM - ok
13:09:42.0921 1176 AliIde - ok
13:09:42.0968 1176 amsint - ok
13:09:43.0093 1176 asc - ok
13:09:43.0156 1176 asc3350p - ok
13:09:43.0187 1176 asc3550 - ok
13:09:43.0343 1176 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:09:43.0500 1176 AsyncMac - ok
13:09:43.0593 1176 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:09:43.0750 1176 atapi - ok
13:09:43.0828 1176 Atdisk - ok
13:09:43.0921 1176 ati2mtag (1bc00580219007683339b3a78b8f2232) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:09:44.0031 1176 ati2mtag - ok
13:09:44.0187 1176 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:09:44.0359 1176 Atmarpc - ok
13:09:44.0437 1176 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:09:44.0609 1176 audstub - ok
13:09:44.0734 1176 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
13:09:44.0765 1176 avgio - ok
13:09:44.0906 1176 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:09:44.0953 1176 avgntflt - ok
13:09:45.0015 1176 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:09:45.0031 1176 avipbb - ok
13:09:45.0156 1176 BCMIDI (c2f56b680c4207521630c013e0ece002) C:\WINDOWS\system32\Drivers\bcmidi2.sys
13:09:45.0187 1176 BCMIDI ( UnsignedFile.Multi.Generic ) - warning
13:09:45.0187 1176 BCMIDI - detected UnsignedFile.Multi.Generic (1)
13:09:45.0312 1176 BCR2000 (1c2b385adebde32d5f7c13cb2c608817) C:\WINDOWS\system32\drivers\bcr2000.sys
13:09:45.0343 1176 BCR2000 ( UnsignedFile.Multi.Generic ) - warning
13:09:45.0343 1176 BCR2000 - detected UnsignedFile.Multi.Generic (1)
13:09:45.0406 1176 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:09:45.0578 1176 Beep - ok
13:09:45.0734 1176 BLKWGU(Belkin) (ed910b63a75863a89aab65f2763d5b71) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
13:09:45.0796 1176 BLKWGU(Belkin) - ok
13:09:45.0906 1176 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:09:46.0093 1176 cbidf2k - ok
13:09:46.0218 1176 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:09:46.0359 1176 CCDECODE - ok
13:09:46.0421 1176 cd20xrnt - ok
13:09:46.0484 1176 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:09:46.0656 1176 Cdaudio - ok
13:09:46.0750 1176 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:09:46.0906 1176 Cdfs - ok
13:09:46.0968 1176 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:09:47.0125 1176 Cdrom - ok
13:09:47.0171 1176 Changer - ok
13:09:47.0265 1176 CmdIde - ok
13:09:47.0359 1176 Cpqarray - ok
13:09:47.0421 1176 dac2w2k - ok
13:09:47.0468 1176 dac960nt - ok
13:09:47.0546 1176 DELTA (fff42aca78b2e6369f98c8c672375e0a) C:\WINDOWS\system32\DRIVERS\delta.sys
13:09:47.0593 1176 DELTA ( UnsignedFile.Multi.Generic ) - warning
13:09:47.0593 1176 DELTA - detected UnsignedFile.Multi.Generic (1)
13:09:47.0671 1176 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:09:47.0812 1176 Disk - ok
13:09:47.0906 1176 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:09:48.0109 1176 dmboot - ok
13:09:48.0171 1176 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:09:48.0328 1176 dmio - ok
13:09:48.0390 1176 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:09:48.0562 1176 dmload - ok
13:09:48.0625 1176 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:09:48.0781 1176 DMusic - ok
13:09:48.0937 1176 dpti2o - ok
13:09:49.0000 1176 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:09:49.0156 1176 drmkaud - ok
13:09:49.0359 1176 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:09:49.0500 1176 Fastfat - ok
13:09:49.0656 1176 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:09:49.0812 1176 Fdc - ok
13:09:49.0953 1176 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
13:09:49.0968 1176 FilterService - ok
13:09:50.0015 1176 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:09:50.0187 1176 Fips - ok
13:09:50.0265 1176 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:09:50.0421 1176 Flpydisk - ok
13:09:50.0484 1176 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:09:50.0656 1176 FltMgr - ok
13:09:50.0781 1176 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:09:50.0968 1176 Fs_Rec - ok
13:09:51.0015 1176 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:09:51.0218 1176 Ftdisk - ok
13:09:51.0328 1176 gbxavs - ok
13:09:51.0390 1176 gbxusb - ok
13:09:51.0453 1176 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:09:51.0593 1176 Gpc - ok
13:09:51.0703 1176 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:09:51.0859 1176 hidusb - ok
13:09:51.0984 1176 hpn - ok
13:09:52.0046 1176 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:09:52.0125 1176 HTTP - ok
13:09:52.0250 1176 i2omgmt - ok
13:09:52.0296 1176 i2omp - ok
13:09:52.0343 1176 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:09:52.0515 1176 i8042prt - ok
13:09:52.0640 1176 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:09:52.0812 1176 Imapi - ok
13:09:52.0890 1176 ini910u - ok
13:09:52.0953 1176 IntelIde - ok
13:09:53.0015 1176 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:09:53.0156 1176 intelppm - ok
13:09:53.0234 1176 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:09:53.0375 1176 Ip6Fw - ok
13:09:53.0484 1176 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:09:53.0656 1176 IpFilterDriver - ok
13:09:53.0765 1176 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:09:53.0906 1176 IpInIp - ok
13:09:53.0968 1176 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:09:54.0140 1176 IpNat - ok
13:09:54.0265 1176 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:09:54.0406 1176 IPSec - ok
13:09:54.0531 1176 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:09:54.0671 1176 IRENUM - ok
13:09:54.0812 1176 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:09:54.0953 1176 isapnp - ok
13:09:55.0109 1176 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:09:55.0250 1176 Kbdclass - ok
13:09:55.0328 1176 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:09:55.0468 1176 kbdhid - ok
13:09:55.0531 1176 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:09:55.0703 1176 kmixer - ok
13:09:55.0765 1176 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:09:55.0828 1176 KSecDD - ok
13:09:55.0906 1176 lbrtfdc - ok
13:09:56.0046 1176 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
13:09:56.0062 1176 lvpopflt - ok
13:09:56.0125 1176 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
13:09:56.0140 1176 LVPr2Mon - ok
13:09:56.0250 1176 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
13:09:56.0281 1176 LVRS - ok
13:09:56.0562 1176 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
13:09:56.0906 1176 LVUVC - ok
13:09:57.0015 1176 ma763008 - ok
13:09:57.0062 1176 MADFU008 - ok
13:09:57.0140 1176 MA_CMIDI (68226ac1f255711ef87c8d03418148d5) C:\WINDOWS\system32\drivers\ma_cmidi.sys
13:09:57.0156 1176 MA_CMIDI ( UnsignedFile.Multi.Generic ) - warning
13:09:57.0156 1176 MA_CMIDI - detected UnsignedFile.Multi.Generic (1)
13:09:57.0312 1176 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:09:57.0468 1176 mnmdd - ok
13:09:57.0578 1176 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:09:57.0718 1176 Modem - ok
13:09:57.0843 1176 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:09:57.0984 1176 Mouclass - ok
13:09:58.0078 1176 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:09:58.0250 1176 mouhid - ok
13:09:58.0375 1176 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:09:58.0515 1176 MountMgr - ok
13:09:58.0625 1176 mraid35x - ok
13:09:58.0703 1176 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:09:58.0843 1176 MRxDAV - ok
13:09:59.0000 1176 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:09:59.0078 1176 MRxSmb - ok
13:09:59.0250 1176 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:09:59.0390 1176 Msfs - ok
13:09:59.0546 1176 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:09:59.0687 1176 MSKSSRV - ok
13:09:59.0765 1176 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:09:59.0921 1176 MSPCLOCK - ok
13:09:59.0984 1176 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:10:00.0125 1176 MSPQM - ok
13:10:00.0187 1176 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:10:00.0328 1176 mssmbios - ok
13:10:00.0390 1176 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:10:00.0531 1176 MSTEE - ok
13:10:00.0609 1176 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:10:00.0671 1176 Mup - ok
13:10:00.0796 1176 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:10:00.0937 1176 NABTSFEC - ok
13:10:01.0093 1176 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:10:01.0265 1176 NDIS - ok
13:10:01.0406 1176 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:10:01.0531 1176 NdisIP - ok
13:10:01.0593 1176 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:10:01.0671 1176 NdisTapi - ok
13:10:01.0796 1176 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:10:01.0968 1176 Ndisuio - ok
13:10:02.0078 1176 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:10:02.0234 1176 NdisWan - ok
13:10:02.0359 1176 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:10:02.0437 1176 NDProxy - ok
13:10:02.0531 1176 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:10:02.0687 1176 NetBIOS - ok
13:10:02.0828 1176 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:10:02.0984 1176 NetBT - ok
13:10:03.0281 1176 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:10:03.0421 1176 Npfs - ok
13:10:03.0515 1176 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:10:03.0687 1176 Ntfs - ok
13:10:03.0812 1176 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
13:10:03.0843 1176 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
13:10:03.0843 1176 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
13:10:03.0937 1176 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:10:04.0140 1176 Null - ok
13:10:04.0203 1176 NvnUsbAudio (ad4f1fd6dc06ea3928a21d5d72c0761f) C:\WINDOWS\system32\drivers\nvnusbaudio.sys
13:10:04.0218 1176 NvnUsbAudio ( UnsignedFile.Multi.Generic ) - warning
13:10:04.0218 1176 NvnUsbAudio - detected UnsignedFile.Multi.Generic (1)
13:10:04.0281 1176 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:10:04.0468 1176 NwlnkFlt - ok
13:10:04.0531 1176 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:10:04.0718 1176 NwlnkFwd - ok
13:10:04.0890 1176 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
13:10:05.0031 1176 Parport - ok
13:10:05.0109 1176 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:10:05.0234 1176 PartMgr - ok
13:10:05.0296 1176 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:10:05.0484 1176 ParVdm - ok
13:10:05.0546 1176 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:10:05.0718 1176 PCI - ok
13:10:05.0750 1176 PCIDump - ok
13:10:05.0796 1176 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:10:05.0968 1176 PCIIde - ok
13:10:06.0031 1176 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:10:06.0203 1176 Pcmcia - ok
13:10:06.0250 1176 PDCOMP - ok
13:10:06.0281 1176 PDFRAME - ok
13:10:06.0328 1176 PDRELI - ok
13:10:06.0390 1176 PDRFRAME - ok
13:10:06.0421 1176 perc2 - ok
13:10:06.0468 1176 perc2hib - ok
13:10:06.0640 1176 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:10:06.0781 1176 PptpMiniport - ok
13:10:06.0843 1176 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:10:07.0000 1176 PSched - ok
13:10:07.0046 1176 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:10:07.0250 1176 Ptilink - ok
13:10:07.0296 1176 ql1080 - ok
13:10:07.0328 1176 Ql10wnt - ok
13:10:07.0375 1176 ql12160 - ok
13:10:07.0421 1176 ql1240 - ok
13:10:07.0484 1176 ql1280 - ok
13:10:07.0546 1176 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:10:07.0687 1176 RasAcd - ok
13:10:07.0781 1176 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:10:07.0921 1176 Rasl2tp - ok
13:10:08.0000 1176 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:10:08.0125 1176 RasPppoe - ok
13:10:08.0187 1176 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:10:08.0359 1176 Raspti - ok
13:10:08.0406 1176 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:10:08.0562 1176 Rdbss - ok
13:10:08.0625 1176 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:10:08.0812 1176 RDPCDD - ok
13:10:08.0890 1176 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:10:08.0937 1176 RDPWD - ok
13:10:09.0031 1176 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:10:09.0171 1176 redbook - ok
13:10:09.0328 1176 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
13:10:09.0484 1176 ROOTMODEM - ok
13:10:09.0687 1176 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:10:09.0843 1176 Secdrv - ok
13:10:09.0953 1176 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:10:10.0109 1176 serenum - ok
13:10:10.0171 1176 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
13:10:10.0312 1176 Serial - ok
13:10:10.0484 1176 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:10:10.0640 1176 Sfloppy - ok
13:10:10.0718 1176 Simbad - ok
13:10:10.0796 1176 SiS315 (e3cf27c168a97018c9f9c7ecc335a761) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
13:10:10.0890 1176 SiS315 - ok
13:10:11.0015 1176 SiSkp (e14435cf5d555bdc2f35097e403b79c5) C:\WINDOWS\system32\DRIVERS\srvkp.sys
13:10:11.0046 1176 SiSkp - ok
13:10:11.0109 1176 SISNIC (8204c49cde112f7b9c2f15707fe2cc5a) C:\WINDOWS\system32\DRIVERS\sisnic.sys
13:10:11.0171 1176 SISNIC - ok
13:10:11.0234 1176 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:10:11.0375 1176 SLIP - ok
13:10:11.0453 1176 Sparrow - ok
13:10:11.0515 1176 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:10:11.0656 1176 splitter - ok
13:10:11.0750 1176 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:10:11.0890 1176 sr - ok
13:10:11.0984 1176 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:10:12.0062 1176 Srv - ok
13:10:12.0187 1176 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:10:12.0203 1176 ssmdrv - ok
13:10:12.0265 1176 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
13:10:12.0281 1176 StarOpen ( UnsignedFile.Multi.Generic ) - warning
13:10:12.0281 1176 StarOpen - detected UnsignedFile.Multi.Generic (1)
13:10:12.0359 1176 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:10:12.0515 1176 streamip - ok
13:10:12.0578 1176 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:10:12.0718 1176 swenum - ok
13:10:12.0796 1176 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:10:12.0937 1176 swmidi - ok
13:10:13.0046 1176 symc810 - ok
13:10:13.0078 1176 symc8xx - ok
13:10:13.0125 1176 sym_hi - ok
13:10:13.0171 1176 sym_u3 - ok
13:10:13.0218 1176 SynasUSB - ok
13:10:13.0281 1176 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:10:13.0421 1176 sysaudio - ok
13:10:13.0531 1176 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:10:13.0609 1176 Tcpip - ok
13:10:13.0734 1176 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:10:13.0859 1176 TDPIPE - ok
13:10:13.0968 1176 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:10:14.0109 1176 TDTCP - ok
13:10:14.0203 1176 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:10:14.0328 1176 TermDD - ok
13:10:14.0484 1176 TosIde - ok
13:10:14.0562 1176 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
13:10:14.0703 1176 uagp35 - ok
13:10:14.0796 1176 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:10:14.0921 1176 Udfs - ok
13:10:15.0015 1176 ultra - ok
13:10:15.0093 1176 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:10:15.0250 1176 Update - ok
13:10:15.0421 1176 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:10:15.0562 1176 usbaudio - ok
13:10:15.0640 1176 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:10:15.0781 1176 usbccgp - ok
13:10:15.0859 1176 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:10:15.0984 1176 usbehci - ok
13:10:16.0046 1176 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:10:16.0203 1176 usbhub - ok
13:10:16.0296 1176 USBNZ1X1 - ok
13:10:16.0359 1176 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:10:16.0515 1176 usbohci - ok
13:10:16.0609 1176 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:10:16.0750 1176 usbprint - ok
13:10:16.0828 1176 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:10:16.0968 1176 usbscan - ok
13:10:17.0015 1176 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:10:17.0156 1176 USBSTOR - ok
13:10:17.0218 1176 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:10:17.0359 1176 usbvideo - ok
13:10:17.0453 1176 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:10:17.0609 1176 VgaSave - ok
13:10:17.0656 1176 ViaIde - ok
13:10:17.0734 1176 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:10:17.0875 1176 VolSnap - ok
13:10:18.0046 1176 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:10:18.0187 1176 Wanarp - ok
13:10:18.0250 1176 WDICA - ok
13:10:18.0312 1176 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:10:18.0453 1176 wdmaud - ok
13:10:18.0781 1176 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:10:18.0937 1176 WSTCODEC - ok
13:10:19.0031 1176 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
13:10:19.0062 1176 ZDPSp50 ( UnsignedFile.Multi.Generic ) - warning
13:10:19.0062 1176 ZDPSp50 - detected UnsignedFile.Multi.Generic (1)
13:10:19.0187 1176 MBR (0x1B8) (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
13:10:19.0218 1176 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
13:10:19.0218 1176 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
13:10:19.0250 1176 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:10:19.0250 1176 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:10:19.0312 1176 Boot (0x1200) (745563e5cbd175cd96eea5be20f73168) \Device\Harddisk0\DR0\Partition0
13:10:19.0312 1176 \Device\Harddisk0\DR0\Partition0 - ok
13:10:19.0359 1176 Boot (0x1200) (1fdb40ee53f72cb4f42c62196826ae1a) \Device\Harddisk0\DR0\Partition1
13:10:19.0359 1176 \Device\Harddisk0\DR0\Partition1 - ok
13:10:19.0375 1176 ============================================================
13:10:19.0375 1176 Scan finished
13:10:19.0375 1176 ============================================================
13:10:19.0531 1164 Detected object count: 10
13:10:19.0531 1164 Actual detected object count: 10
13:11:24.0328 1164 BCMIDI ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:24.0328 1164 BCMIDI ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:24.0343 1164 BCR2000 ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:24.0343 1164 BCR2000 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:24.0343 1164 DELTA ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:24.0343 1164 DELTA ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:24.0343 1164 MA_CMIDI ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:24.0343 1164 MA_CMIDI ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:24.0359 1164 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:24.0359 1164 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:24.0375 1164 NvnUsbAudio ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:24.0375 1164 NvnUsbAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:24.0390 1164 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:24.0390 1164 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:24.0406 1164 ZDPSp50 ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:24.0406 1164 ZDPSp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:24.0468 1164 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
13:11:24.0484 1164 \Device\Harddisk0\DR0 - ok
13:11:24.0484 1164 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
13:11:24.0500 1164 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:11:24.0500 1164 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

cosinus · 20.11.2011, 13:16

Zitat:

13:11:24.0468 1164 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
13:11:24.0484 1164 \Device\Harddisk0\DR0 - ok
13:11:24.0484 1164 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
13:11:24.0500 1164 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:11:24.0500 1164 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Ich hab extra geschrieben, dass du nichts auf eigene Faust mit dem TDSS-Killer löschen sollst!
Ist in diesem Falle aber richtig gewesen - Rookit.Boot.SST und das TDSS Filesystem müssen weg.
Starte Windows neu und mach ein neues Log mit dem TDSS-Killer.

sid77 · 20.11.2011, 13:29

hmm, ich hab eigentlich nichts auf eigene Faust gelöscht. Stand alles auf 'skip'.
unhide.exe hab ich im abges. modus (wie alles andere auch) ausgeführt, hat allerdings nur die programme wieder sichtbar gemacht. desktop & dateien sind nach wie vor versteckt.

log folgt...

sid77 · 20.11.2011, 13:43

hier das log:

Zitat:

13:39:49.0171 3352 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
13:39:49.0468 3352 ============================================================
13:39:49.0468 3352 Current date / time: 2011/11/20 13:39:49.0468
13:39:49.0468 3352 SystemInfo:
13:39:49.0468 3352
13:39:49.0468 3352 OS Version: 5.1.2600 ServicePack: 3.0
13:39:49.0468 3352 Product type: Workstation
13:39:49.0468 3352 ComputerName: ACER-59DE6FF88D
13:39:49.0468 3352 UserName: CSCH1
13:39:49.0468 3352 Windows directory: C:\WINDOWS
13:39:49.0468 3352 System windows directory: C:\WINDOWS
13:39:49.0468 3352 Processor architecture: Intel x86
13:39:49.0468 3352 Number of processors: 1
13:39:49.0468 3352 Page size: 0x1000
13:39:49.0468 3352 Boot type: Normal boot
13:39:49.0468 3352 ============================================================
13:39:50.0515 3352 Initialize success
13:40:09.0609 3392 ============================================================
13:40:09.0609 3392 Scan started
13:40:09.0609 3392 Mode: Manual; SigCheck; TDLFS;
13:40:09.0609 3392 ============================================================
13:40:10.0156 3392 Abiosdsk - ok
13:40:10.0171 3392 abp480n5 - ok
13:40:10.0234 3392 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:40:10.0984 3392 ACPI - ok
13:40:11.0093 3392 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:40:11.0281 3392 ACPIEC - ok
13:40:11.0296 3392 adpu160m - ok
13:40:11.0359 3392 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:40:11.0531 3392 aec - ok
13:40:11.0562 3392 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:40:11.0640 3392 AFD - ok
13:40:11.0687 3392 Aha154x - ok
13:40:11.0703 3392 aic78u2 - ok
13:40:11.0734 3392 aic78xx - ok
13:40:11.0890 3392 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
13:40:12.0296 3392 ALCXWDM - ok
13:40:12.0406 3392 AliIde - ok
13:40:12.0437 3392 amsint - ok
13:40:12.0468 3392 asc - ok
13:40:12.0500 3392 asc3350p - ok
13:40:12.0531 3392 asc3550 - ok
13:40:12.0609 3392 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:40:12.0765 3392 AsyncMac - ok
13:40:12.0796 3392 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:40:12.0953 3392 atapi - ok
13:40:13.0031 3392 Atdisk - ok
13:40:13.0109 3392 ati2mtag (1bc00580219007683339b3a78b8f2232) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:40:13.0250 3392 ati2mtag - ok
13:40:13.0406 3392 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:40:13.0562 3392 Atmarpc - ok
13:40:13.0656 3392 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:40:13.0828 3392 audstub - ok
13:40:13.0937 3392 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
13:40:13.0953 3392 avgio - ok
13:40:14.0078 3392 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:40:14.0125 3392 avgntflt - ok
13:40:14.0171 3392 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:40:14.0187 3392 avipbb - ok
13:40:14.0218 3392 BCMIDI (c2f56b680c4207521630c013e0ece002) C:\WINDOWS\system32\Drivers\bcmidi2.sys
13:40:14.0250 3392 BCMIDI ( UnsignedFile.Multi.Generic ) - warning
13:40:14.0250 3392 BCMIDI - detected UnsignedFile.Multi.Generic (1)
13:40:14.0296 3392 BCR2000 (1c2b385adebde32d5f7c13cb2c608817) C:\WINDOWS\system32\drivers\bcr2000.sys
13:40:14.0328 3392 BCR2000 ( UnsignedFile.Multi.Generic ) - warning
13:40:14.0328 3392 BCR2000 - detected UnsignedFile.Multi.Generic (1)
13:40:14.0390 3392 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:40:14.0562 3392 Beep - ok
13:40:14.0625 3392 BLKWGU(Belkin) (ed910b63a75863a89aab65f2763d5b71) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
13:40:14.0703 3392 BLKWGU(Belkin) - ok
13:40:14.0812 3392 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:40:15.0000 3392 cbidf2k - ok
13:40:15.0062 3392 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:40:15.0218 3392 CCDECODE - ok
13:40:15.0250 3392 cd20xrnt - ok
13:40:15.0296 3392 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:40:15.0500 3392 Cdaudio - ok
13:40:15.0546 3392 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:40:15.0703 3392 Cdfs - ok
13:40:15.0765 3392 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:40:15.0921 3392 Cdrom - ok
13:40:15.0953 3392 Changer - ok
13:40:16.0000 3392 CmdIde - ok
13:40:16.0046 3392 Cpqarray - ok
13:40:16.0078 3392 dac2w2k - ok
13:40:16.0093 3392 dac960nt - ok
13:40:16.0156 3392 DELTA (fff42aca78b2e6369f98c8c672375e0a) C:\WINDOWS\system32\DRIVERS\delta.sys
13:40:16.0187 3392 DELTA ( UnsignedFile.Multi.Generic ) - warning
13:40:16.0187 3392 DELTA - detected UnsignedFile.Multi.Generic (1)
13:40:16.0312 3392 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:40:16.0468 3392 Disk - ok
13:40:16.0546 3392 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:40:16.0718 3392 dmboot - ok
13:40:16.0828 3392 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:40:16.0984 3392 dmio - ok
13:40:17.0046 3392 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:40:17.0218 3392 dmload - ok
13:40:17.0281 3392 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:40:17.0437 3392 DMusic - ok
13:40:17.0546 3392 dpti2o - ok
13:40:17.0593 3392 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:40:17.0734 3392 drmkaud - ok
13:40:17.0875 3392 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:40:18.0046 3392 Fastfat - ok
13:40:18.0109 3392 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:40:18.0265 3392 Fdc - ok
13:40:18.0390 3392 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
13:40:18.0406 3392 FilterService - ok
13:40:18.0484 3392 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:40:18.0640 3392 Fips - ok
13:40:18.0703 3392 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:40:18.0859 3392 Flpydisk - ok
13:40:18.0937 3392 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:40:19.0109 3392 FltMgr - ok
13:40:19.0187 3392 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:40:19.0390 3392 Fs_Rec - ok
13:40:19.0421 3392 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:40:19.0625 3392 Ftdisk - ok
13:40:19.0703 3392 gbxavs - ok
13:40:19.0734 3392 gbxusb - ok
13:40:19.0765 3392 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:40:19.0937 3392 Gpc - ok
13:40:20.0031 3392 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:40:20.0187 3392 hidusb - ok
13:40:20.0281 3392 hpn - ok
13:40:20.0328 3392 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:40:20.0406 3392 HTTP - ok
13:40:20.0484 3392 i2omgmt - ok
13:40:20.0500 3392 i2omp - ok
13:40:20.0546 3392 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:40:20.0703 3392 i8042prt - ok
13:40:20.0781 3392 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:40:20.0937 3392 Imapi - ok
13:40:21.0015 3392 ini910u - ok
13:40:21.0078 3392 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
13:40:21.0109 3392 int15.sys ( UnsignedFile.Multi.Generic ) - warning
13:40:21.0109 3392 int15.sys - detected UnsignedFile.Multi.Generic (1)
13:40:21.0171 3392 IntelIde - ok
13:40:21.0218 3392 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:40:21.0375 3392 intelppm - ok
13:40:21.0406 3392 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:40:21.0578 3392 Ip6Fw - ok
13:40:21.0625 3392 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:40:21.0812 3392 IpFilterDriver - ok
13:40:21.0859 3392 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:40:22.0000 3392 IpInIp - ok
13:40:22.0046 3392 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:40:22.0187 3392 IpNat - ok
13:40:22.0234 3392 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:40:22.0390 3392 IPSec - ok
13:40:22.0437 3392 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:40:22.0593 3392 IRENUM - ok
13:40:22.0640 3392 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:40:22.0796 3392 isapnp - ok
13:40:22.0890 3392 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:40:23.0046 3392 Kbdclass - ok
13:40:23.0125 3392 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:40:23.0265 3392 kbdhid - ok
13:40:23.0328 3392 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:40:23.0484 3392 kmixer - ok
13:40:23.0562 3392 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:40:23.0625 3392 KSecDD - ok
13:40:23.0687 3392 lbrtfdc - ok
13:40:23.0750 3392 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
13:40:23.0765 3392 lvpopflt - ok
13:40:23.0812 3392 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
13:40:23.0812 3392 LVPr2Mon - ok
13:40:23.0875 3392 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
13:40:23.0906 3392 LVRS - ok
13:40:24.0109 3392 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
13:40:24.0546 3392 LVUVC - ok
13:40:24.0562 3392 ma763008 - ok
13:40:24.0593 3392 MADFU008 - ok
13:40:24.0625 3392 MA_CMIDI (68226ac1f255711ef87c8d03418148d5) C:\WINDOWS\system32\drivers\ma_cmidi.sys
13:40:24.0640 3392 MA_CMIDI ( UnsignedFile.Multi.Generic ) - warning
13:40:24.0640 3392 MA_CMIDI - detected UnsignedFile.Multi.Generic (1)
13:40:24.0687 3392 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:40:24.0859 3392 mnmdd - ok
13:40:24.0906 3392 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:40:25.0062 3392 Modem - ok
13:40:25.0078 3392 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:40:25.0218 3392 Mouclass - ok
13:40:25.0265 3392 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:40:25.0453 3392 mouhid - ok
13:40:25.0546 3392 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:40:25.0687 3392 MountMgr - ok
13:40:25.0765 3392 mraid35x - ok
13:40:25.0812 3392 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:40:25.0968 3392 MRxDAV - ok
13:40:26.0062 3392 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:40:26.0140 3392 MRxSmb - ok
13:40:26.0218 3392 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:40:26.0390 3392 Msfs - ok
13:40:26.0484 3392 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:40:26.0640 3392 MSKSSRV - ok
13:40:26.0718 3392 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:40:26.0875 3392 MSPCLOCK - ok
13:40:26.0968 3392 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:40:27.0109 3392 MSPQM - ok
13:40:27.0187 3392 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:40:27.0359 3392 mssmbios - ok
13:40:27.0437 3392 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:40:27.0593 3392 MSTEE - ok
13:40:27.0671 3392 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:40:27.0734 3392 Mup - ok
13:40:27.0812 3392 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:40:27.0968 3392 NABTSFEC - ok
13:40:28.0078 3392 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:40:28.0234 3392 NDIS - ok
13:40:28.0343 3392 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:40:28.0484 3392 NdisIP - ok
13:40:28.0515 3392 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:40:28.0578 3392 NdisTapi - ok
13:40:28.0656 3392 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:40:28.0812 3392 Ndisuio - ok
13:40:28.0906 3392 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:40:29.0046 3392 NdisWan - ok
13:40:29.0093 3392 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:40:29.0156 3392 NDProxy - ok
13:40:29.0234 3392 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:40:29.0390 3392 NetBIOS - ok
13:40:29.0421 3392 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:40:29.0578 3392 NetBT - ok
13:40:29.0718 3392 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:40:29.0875 3392 Npfs - ok
13:40:29.0921 3392 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:40:30.0109 3392 Ntfs - ok
13:40:30.0171 3392 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
13:40:30.0203 3392 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
13:40:30.0203 3392 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
13:40:30.0390 3392 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:40:30.0593 3392 Null - ok
13:40:30.0796 3392 NvnUsbAudio (ad4f1fd6dc06ea3928a21d5d72c0761f) C:\WINDOWS\system32\drivers\nvnusbaudio.sys
13:40:30.0828 3392 NvnUsbAudio ( UnsignedFile.Multi.Generic ) - warning
13:40:30.0828 3392 NvnUsbAudio - detected UnsignedFile.Multi.Generic (1)
13:40:31.0093 3392 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:40:31.0296 3392 NwlnkFlt - ok
13:40:31.0578 3392 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:40:31.0796 3392 NwlnkFwd - ok
13:40:32.0062 3392 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
13:40:32.0203 3392 Parport - ok
13:40:32.0531 3392 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:40:32.0671 3392 PartMgr - ok
13:40:32.0734 3392 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:40:32.0921 3392 ParVdm - ok
13:40:32.0984 3392 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:40:33.0140 3392 PCI - ok
13:40:33.0156 3392 PCIDump - ok
13:40:33.0187 3392 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:40:33.0343 3392 PCIIde - ok
13:40:33.0390 3392 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:40:33.0531 3392 Pcmcia - ok
13:40:33.0562 3392 PDCOMP - ok
13:40:33.0593 3392 PDFRAME - ok
13:40:33.0609 3392 PDRELI - ok
13:40:33.0640 3392 PDRFRAME - ok
13:40:33.0671 3392 perc2 - ok
13:40:33.0687 3392 perc2hib - ok
13:40:33.0781 3392 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:40:33.0921 3392 PptpMiniport - ok
13:40:33.0953 3392 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:40:34.0093 3392 PSched - ok
13:40:34.0125 3392 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:40:34.0312 3392 Ptilink - ok
13:40:34.0343 3392 ql1080 - ok
13:40:34.0359 3392 Ql10wnt - ok
13:40:34.0390 3392 ql12160 - ok
13:40:34.0406 3392 ql1240 - ok
13:40:34.0437 3392 ql1280 - ok
13:40:34.0468 3392 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:40:34.0656 3392 RasAcd - ok
13:40:34.0687 3392 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:40:34.0828 3392 Rasl2tp - ok
13:40:34.0875 3392 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:40:34.0984 3392 RasPppoe - ok
13:40:35.0031 3392 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:40:35.0234 3392 Raspti - ok
13:40:35.0281 3392 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:40:35.0406 3392 Rdbss - ok
13:40:35.0453 3392 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:40:35.0625 3392 RDPCDD - ok
13:40:35.0687 3392 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:40:35.0765 3392 RDPWD - ok
13:40:35.0875 3392 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:40:36.0015 3392 redbook - ok
13:40:36.0093 3392 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
13:40:36.0281 3392 ROOTMODEM - ok
13:40:36.0390 3392 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:40:36.0546 3392 Secdrv - ok
13:40:36.0593 3392 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:40:36.0734 3392 serenum - ok
13:40:36.0781 3392 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
13:40:36.0921 3392 Serial - ok
13:40:37.0062 3392 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:40:37.0203 3392 Sfloppy - ok
13:40:37.0234 3392 Simbad - ok
13:40:37.0281 3392 SiS315 (e3cf27c168a97018c9f9c7ecc335a761) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
13:40:37.0375 3392 SiS315 - ok
13:40:37.0421 3392 SiSkp (e14435cf5d555bdc2f35097e403b79c5) C:\WINDOWS\system32\DRIVERS\srvkp.sys
13:40:37.0453 3392 SiSkp - ok
13:40:37.0500 3392 SISNIC (8204c49cde112f7b9c2f15707fe2cc5a) C:\WINDOWS\system32\DRIVERS\sisnic.sys
13:40:37.0562 3392 SISNIC - ok
13:40:37.0593 3392 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:40:37.0734 3392 SLIP - ok
13:40:37.0765 3392 Sparrow - ok
13:40:37.0812 3392 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:40:37.0953 3392 splitter - ok
13:40:38.0000 3392 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:40:38.0156 3392 sr - ok
13:40:38.0187 3392 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:40:38.0250 3392 Srv - ok
13:40:38.0359 3392 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:40:38.0375 3392 ssmdrv - ok
13:40:38.0437 3392 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
13:40:38.0453 3392 StarOpen ( UnsignedFile.Multi.Generic ) - warning
13:40:38.0453 3392 StarOpen - detected UnsignedFile.Multi.Generic (1)
13:40:38.0500 3392 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:40:38.0656 3392 streamip - ok
13:40:38.0718 3392 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:40:38.0859 3392 swenum - ok
13:40:38.0890 3392 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:40:39.0031 3392 swmidi - ok
13:40:39.0125 3392 symc810 - ok
13:40:39.0156 3392 symc8xx - ok
13:40:39.0171 3392 sym_hi - ok
13:40:39.0203 3392 sym_u3 - ok
13:40:39.0218 3392 SynasUSB - ok
13:40:39.0281 3392 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:40:39.0421 3392 sysaudio - ok
13:40:39.0531 3392 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:40:39.0640 3392 Tcpip - ok
13:40:39.0718 3392 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:40:39.0859 3392 TDPIPE - ok
13:40:39.0890 3392 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:40:40.0015 3392 TDTCP - ok
13:40:40.0046 3392 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:40:40.0187 3392 TermDD - ok
13:40:40.0218 3392 TosIde - ok
13:40:40.0265 3392 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
13:40:40.0421 3392 uagp35 - ok
13:40:40.0468 3392 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:40:40.0625 3392 Udfs - ok
13:40:40.0640 3392 ultra - ok
13:40:40.0703 3392 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:40:40.0875 3392 Update - ok
13:40:40.0984 3392 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:40:41.0140 3392 usbaudio - ok
13:40:41.0171 3392 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:40:41.0312 3392 usbccgp - ok
13:40:41.0359 3392 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:40:41.0500 3392 usbehci - ok
13:40:41.0546 3392 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:40:41.0703 3392 usbhub - ok
13:40:41.0734 3392 USBNZ1X1 - ok
13:40:41.0781 3392 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:40:41.0921 3392 usbohci - ok
13:40:41.0968 3392 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:40:42.0109 3392 usbprint - ok
13:40:42.0125 3392 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:40:42.0265 3392 usbscan - ok
13:40:42.0296 3392 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:40:42.0453 3392 USBSTOR - ok
13:40:42.0484 3392 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:40:42.0625 3392 usbvideo - ok
13:40:42.0671 3392 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:40:42.0828 3392 VgaSave - ok
13:40:43.0125 3392 ViaIde - ok
13:40:43.0296 3392 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:40:43.0453 3392 VolSnap - ok
13:40:43.0625 3392 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:40:43.0765 3392 Wanarp - ok
13:40:43.0875 3392 WDICA - ok
13:40:43.0906 3392 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:40:44.0062 3392 wdmaud - ok
13:40:44.0203 3392 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:40:44.0343 3392 WSTCODEC - ok
13:40:44.0406 3392 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
13:40:44.0437 3392 ZDPSp50 ( UnsignedFile.Multi.Generic ) - warning
13:40:44.0437 3392 ZDPSp50 - detected UnsignedFile.Multi.Generic (1)
13:40:44.0484 3392 MBR (0x1B8) (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
13:40:45.0343 3392 \Device\Harddisk0\DR0 - ok
13:40:45.0375 3392 Boot (0x1200) (745563e5cbd175cd96eea5be20f73168) \Device\Harddisk0\DR0\Partition0
13:40:45.0375 3392 \Device\Harddisk0\DR0\Partition0 - ok
13:40:45.0406 3392 Boot (0x1200) (1fdb40ee53f72cb4f42c62196826ae1a) \Device\Harddisk0\DR0\Partition1
13:40:45.0421 3392 \Device\Harddisk0\DR0\Partition1 - ok
13:40:45.0421 3392 ============================================================
13:40:45.0421 3392 Scan finished
13:40:45.0421 3392 ============================================================
13:40:45.0546 3384 Detected object count: 9
13:40:45.0546 3384 Actual detected object count: 9
13:41:02.0906 3384 BCMIDI ( UnsignedFile.Multi.Generic ) - skipped by user
13:41:02.0906 3384 BCMIDI ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:41:02.0906 3384 BCR2000 ( UnsignedFile.Multi.Generic ) - skipped by user
13:41:02.0906 3384 BCR2000 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:41:02.0906 3384 DELTA ( UnsignedFile.Multi.Generic ) - skipped by user
13:41:02.0906 3384 DELTA ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:41:02.0906 3384 int15.sys ( UnsignedFile.Multi.Generic ) - skipped by user
13:41:02.0906 3384 int15.sys ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:41:02.0921 3384 MA_CMIDI ( UnsignedFile.Multi.Generic ) - skipped by user
13:41:02.0921 3384 MA_CMIDI ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:41:02.0921 3384 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
13:41:02.0921 3384 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:41:02.0921 3384 NvnUsbAudio ( UnsignedFile.Multi.Generic ) - skipped by user
13:41:02.0921 3384 NvnUsbAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:41:02.0937 3384 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
13:41:02.0937 3384 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:41:02.0937 3384 ZDPSp50 ( UnsignedFile.Multi.Generic ) - skipped by user
13:41:02.0937 3384 ZDPSp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

unhide eben nochmal im normalen modus ausgeführt. desktop-dateien nun wieder sichtbar, allerdings nicht im startmenü.

cosinus · 20.11.2011, 14:06

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

sid77 · 20.11.2011, 14:41

hier das log:
Combofix Logfile:

Code:

ATTFilter

ComboFix 11-11-20.01 - CSCH1 20.11.2011  14:24:53.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.511.216 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\CSCH1\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\CSCH1\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system32\inf
c:\windows\system32\inf\MA_CMIDI.INF
c:\windows\system32\lsprst7.dll
c:\windows\system32\setup.ini
c:\windows\system32\ssprs.dll
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COMSYSAPP
-------\Service_COMSysApp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-20 bis 2011-11-20  ))))))))))))))))))))))))))))))
.
.
2011-11-18 20:39 . 2011-11-18 20:39	--------	d-----w-	C:\_OTL
2011-11-17 15:29 . 2011-11-17 15:29	--------	d-----w-	c:\programme\ESET
2011-11-17 15:19 . 2011-11-17 15:19	--------	d-----w-	c:\dokumente und einstellungen\CSCH1\Anwendungsdaten\Malwarebytes
2011-11-17 15:03 . 2011-11-17 15:03	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-11-17 15:03 . 2011-11-17 15:03	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2011-11-17 15:03 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-16 19:21 . 2011-11-16 19:21	--------	d-----w-	C:\FOUND.008
2011-11-16 18:56 . 2011-11-16 18:56	--------	d-----w-	C:\FOUND.007
2011-11-16 18:02 . 2011-11-16 18:02	--------	d-----w-	c:\dokumente und einstellungen\Administrator
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2004-08-04 04:00	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 04:00	604160	----a-w-	c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 18:59	614912	----a-w-	c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-08-04 04:00	23040	----a-w-	c:\windows\system32\oleaccrc.dll
2011-09-26 10:41 . 2004-08-04 04:00	220160	----a-w-	c:\windows\system32\oleacc.dll
2011-09-06 15:10 . 2005-03-02 18:06	1859072	----a-w-	c:\windows\system32\win32k.sys
2011-09-05 14:55 . 2005-07-03 02:15	672768	----a-w-	c:\windows\system32\wininet.dll
2011-09-05 14:55 . 2004-08-04 04:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2011-09-05 14:55 . 2004-08-04 04:00	61952	----a-w-	c:\windows\system32\tdc.ocx
2011-09-05 14:54 . 2004-08-04 04:00	371200	----a-w-	c:\windows\system32\html.iec
2011-11-11 20:23 . 2011-06-07 16:15	134104	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-01-05 413696]
"SiSPower"="SiSPower.dll" [2005-07-13 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
"midi2"=ma_cmidn.dll
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^CSCH1^Startmenü^Programme^Autostart^Logitech . Produktregistrierung.lnk]
path=c:\dokumente und einstellungen\CSCH1\Startmenü\Programme\Autostart\Logitech . Produktregistrierung.lnk
backup=c:\windows\pss\Logitech . Produktregistrierung.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2007-12-22 23:03	916240	----a-w-	c:\programme\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2007-06-26 19:27	312320	----a-w-	c:\programme\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-10-23 18:51	233472	----a-w-	c:\programme\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 10:24	49152	----a-w-	c:\programme\Hewlett-Packard\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2005-07-23 03:33	176128	----a-w-	c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36	2793304	----a-w-	c:\programme\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18	413696	----a-w-	c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Steinberg\\WaveLab Lite\\WaveLab Lite.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\ICQ7.4\\ICQ.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [19.11.2009 14:06 108289]
S3 BCMIDI;BCMIDI;c:\windows\system32\drivers\bcmidi2.sys [02.11.2007 12:05 22432]
S3 BCR2000;B-Control Rotary/Fader 2000 (12/23/2004,1.1.1.1);c:\windows\system32\drivers\bcr2000.sys [02.11.2007 12:07 20992]
S3 gbxavs;gbxavs;c:\windows\system32\Drivers\gbxavs.sys --> c:\windows\system32\Drivers\gbxavs.sys [?]
S3 gbxusb;gbxusb;c:\windows\system32\Drivers\gbxusb.sys --> c:\windows\system32\Drivers\gbxusb.sys [?]
S3 ma763008;M-Audio Ozone;c:\windows\system32\drivers\MA763008.sys --> c:\windows\system32\drivers\MA763008.sys [?]
S3 MADFU008;MADFU008;c:\windows\system32\DRIVERS\MADFU008.sys --> c:\windows\system32\DRIVERS\MADFU008.sys [?]
S3 NvnUsbAudio;NvnUsbAudio;c:\windows\system32\drivers\nvnusbaudio.sys [16.11.2007 15:02 25600]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 USBNZ1X1;M-Audio Ozone Midi;c:\windows\system32\drivers\usbnz1x1.sys --> c:\windows\system32\drivers\usbnz1x1.sys [?]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.wer-kennt-wen.de/start
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\programme\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\dokumente und einstellungen\CSCH1\Anwendungsdaten\Mozilla\Firefox\Profiles\joa8o0hr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.sequencer.de/synthesizer/index.php
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Acoustica_is1 - c:\programme\VstPlugins\Acoustica\unins000.exe
AddRemove-Euro-Rechnungsdruckerei - c:\windows\IsUn0407.exe
AddRemove-FreeAlpha 3 - c:\programme\VstPlugins\UninstalFreeAlpha.exe
AddRemove-Glitch One MB VSTi V1.0b_is1 - c:\programme\VstPlugins\DashSignature.com\Glitch One MB\unins000.exe
AddRemove-KEYS Alpha - c:\programme\VstPlugins\UninstalAlpha.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-11-20 14:34
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(508)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(5016)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-20  14:37:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-20 13:37
.
Vor Suchlauf: 19 Verzeichnis(se), 34.632.167.424 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 34.668.498.432 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1FCE54BA8C2A9715565D37B6A1FAB0BF

--- --- ---

cosinus · 20.11.2011, 15:26

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

sid77 · 20.11.2011, 18:15

alter falter, war ne schwere geburt... gmer hat nicht funktioniert. dafür die anderen zwei

osam:
OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:28:06 on 20.11.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 6.00.2900.5512

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"alsndmgr.cpl" - ? - C:\WINDOWS\system32\alsndmgr.cpl  (File signed by Microsoft | File found, but it contains no detailed information)
"DeltaCPL.cpl" - "Midiman/M-Audio" - C:\WINDOWS\system32\DeltaCPL.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"speech.cpl" - "Microsoft" - C:\WINDOWS\system32\speech.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"%EVOL_USB.SvcDesc%" (MA_CMIDI) - "M-Audio" - C:\WINDOWS\System32\drivers\ma_cmidi.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"B-Control Rotary/Fader 2000 (12/23/2004,1.1.1.1)" (BCR2000) - "Behringer Spezielle Studiotechnik GmbH" - C:\WINDOWS\System32\drivers\bcr2000.sys
"BCMIDI" (BCMIDI) - "Behringer Spezielle Studiotechnik GmbH" - C:\WINDOWS\System32\Drivers\bcmidi2.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"gbxavs" (gbxavs) - ? - C:\WINDOWS\System32\Drivers\gbxavs.sys  (File not found)
"gbxusb" (gbxusb) - ? - C:\WINDOWS\System32\Drivers\gbxusb.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"int15.sys" (int15.sys) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"M-Audio Ozone" (ma763008) - ? - C:\WINDOWS\System32\drivers\MA763008.sys  (File not found)
"M-Audio Ozone Midi" (USBNZ1X1) - ? - C:\WINDOWS\System32\drivers\usbnz1x1.sys  (File not found)
"MADFU008" (MADFU008) - ? - C:\WINDOWS\System32\DRIVERS\MADFU008.sys  (File not found)
"NvnUsbAudio" (NvnUsbAudio) - "Novation DMS Ltd." - C:\WINDOWS\System32\drivers\nvnusbaudio.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"Service for Delta Driver (WDM)" (DELTA) - "Midiman/M-Audio" - C:\WINDOWS\System32\DRIVERS\delta.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"SynasUSB" (SynasUSB) - ? - C:\WINDOWS\System32\drivers\SynasUSB.sys  (File not found)
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"ZDPSp50 NDIS Protocol Driver" (ZDPSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\ZDPSp50.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{CF184AD3-CDCB-4168-A3F7-8E447D129300} "CZipHandler Object" - "Hewlett-Packard Company" - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{8BE13461-936F-11D1-A87D-444553540000} "Eraser Shell Extension" - "-" - C:\WINDOWS\system32\erasext.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -   (File not found | COM-object registry key not found)
{2BB59FC0-31E8-42DA-9D3C-E9A52953853B} "ImageResizer Shell Extension" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{4C39376E-FA9D-4349-BACC-D305C1750EF3} "EPUImageControl Class" - "eBay, Inc." - C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll / hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.5.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Programme\QuickTime\QTPlugin.ocx / hxxp://www.apple.com/qtactivex/qtplugin.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.4" - "ICQ, LLC." - C:\Programme\ICQ7.4\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\CSCH1\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"eRecoveryService" - "acer Inc." - C:\Acer\Empowering Technology\eRecovery\Monitor.exe
"LaunchApp" - "Acer Inc." - Alaunch
"MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC  (File signed by Microsoft | File found, but it contains no detailed information)
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SiSPower" - "Silicon Integrated Systems Corporation" - Rundll32.exe SiSPower.dll,ModeAgent
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"KM Language Monitor" - "KYOCERA MITA Corporation" - C:\WINDOWS\system32\KMPJLMN.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"QMSZJLanguageMonitor" - "Zenographics, Inc." - C:\WINDOWS\system32\ZLMQM2.DLL
"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"M-Audio CMIDI Installer" (MA_CMIDI_InstallerService) - ? - C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
"NMSAccessU" (NMSAccessU) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

aswmbr:

Zitat:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-20 17:31:02
-----------------------------
17:31:02.234 OS Version: Windows 5.1.2600 Service Pack 3
17:31:02.234 Number of processors: 1 586 0x409
17:31:02.234 ComputerName: ACER-59DE6FF88D UserName: CSCH1
17:31:03.578 Initialize success
17:35:36.250 AVAST engine defs: 11112000
17:36:54.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
17:36:54.578 Disk 0 Vendor: ST3200826AS 3.03 Size: 190782MB BusType: 3
17:36:56.593 Disk 0 MBR read successfully
17:36:56.593 Disk 0 MBR scan
17:36:56.656 Disk 0 unknown MBR code
17:36:56.656 Disk 0 scanning sectors +390716865
17:36:56.734 Disk 0 scanning C:\WINDOWS\system32\drivers
17:37:07.437 Service scanning
17:37:08.437 Modules scanning
17:37:11.656 Disk 0 trace - called modules:
17:37:11.671 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:37:11.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f87ab8]
17:37:11.687 3 CLASSPNP.SYS[f86b5fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x82fcdb00]
17:37:12.796 AVAST engine scan C:\WINDOWS
17:37:22.750 AVAST engine scan C:\WINDOWS\system32
17:39:53.875 AVAST engine scan C:\WINDOWS\system32\drivers
17:40:32.812 AVAST engine scan C:\Dokumente und Einstellungen\CSCH1
17:42:28.937 AVAST engine scan C:\Dokumente und Einstellungen\All Users
18:11:53.421 Scan finished successfully
18:12:50.812 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\CSCH1\Desktop\MBR.dat"
18:12:50.812 The log file has been saved successfully to "C:\Dokumente und Einstellungen\CSCH1\Desktop\aswMBR.txt"

btw sind jetzt auch alle versteckten dateien, ordner, programme wieder sichtbar - soweit so gut

cosinus · 21.11.2011, 10:04

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

sid77 · 21.11.2011, 10:48

so, fix gemacht. beim neuscan zeigt er mir jetzt einen bluescreen an.

ein problem wurde festgestellt...
driver_trql_not_less_or_equal

...
speicherabbild des physischen speichers wird erstellt.

cosinus · 21.11.2011, 10:57

Zitat:

beim neuscan zeigt er mir jetzt einen bluescreen an.

Windows wurde aber schon neu gestartet?

Schwarzer Desktop, Icons versteckt, "delayed write failed..."

Plagegeister aller Art und deren Bekämpfung: Schwarzer Desktop, Icons versteckt, "delayed write failed..."