Systemfix entfernt - PC wieder sauber?

cosinus · 08.12.2011, 21:07

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

issus · 08.12.2011, 21:15

Guten Abend Arne,

der log nach TDSSKiller

Code:

ATTFilter

21:10:46.0921 4676	TDSS rootkit removing tool 2.6.22.0 Dec  7 2011 13:21:06
21:10:47.0218 4676	============================================================
21:10:47.0218 4676	Current date / time: 2011/12/08 21:10:47.0218
21:10:47.0218 4676	SystemInfo:
21:10:47.0218 4676	
21:10:47.0218 4676	OS Version: 5.1.2600 ServicePack: 3.0
21:10:47.0218 4676	Product type: Workstation
21:10:47.0218 4676	ComputerName: MAIN
21:10:47.0218 4676	UserName: Kunde
21:10:47.0218 4676	Windows directory: C:\WINDOWS
21:10:47.0218 4676	System windows directory: C:\WINDOWS
21:10:47.0218 4676	Processor architecture: Intel x86
21:10:47.0218 4676	Number of processors: 2
21:10:47.0218 4676	Page size: 0x1000
21:10:47.0218 4676	Boot type: Normal boot
21:10:47.0218 4676	============================================================
21:10:48.0437 4676	Initialize success
21:10:59.0781 4252	============================================================
21:10:59.0781 4252	Scan started
21:10:59.0781 4252	Mode: Manual; SigCheck; TDLFS; 
21:10:59.0781 4252	============================================================
21:11:00.0500 4252	Abiosdsk - ok
21:11:00.0531 4252	abp480n5 - ok
21:11:00.0578 4252	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:11:01.0093 4252	ACPI - ok
21:11:01.0109 4252	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:11:01.0187 4252	ACPIEC - ok
21:11:01.0203 4252	adpu160m - ok
21:11:01.0234 4252	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:11:01.0312 4252	aec - ok
21:11:01.0343 4252	AFD             (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
21:11:01.0359 4252	AFD - ok
21:11:01.0375 4252	Aha154x - ok
21:11:01.0375 4252	aic78u2 - ok
21:11:01.0390 4252	aic78xx - ok
21:11:01.0406 4252	AliIde - ok
21:11:01.0453 4252	Ambfilt         (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
21:11:01.0546 4252	Ambfilt - ok
21:11:01.0578 4252	AmdK8           (58be3c2f1aa041ea56f7305a6463035c) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
21:11:01.0625 4252	AmdK8 - ok
21:11:01.0625 4252	amsint - ok
21:11:01.0671 4252	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:11:01.0750 4252	Arp1394 - ok
21:11:01.0750 4252	asc - ok
21:11:01.0765 4252	asc3350p - ok
21:11:01.0765 4252	asc3550 - ok
21:11:01.0796 4252	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:11:01.0875 4252	AsyncMac - ok
21:11:01.0890 4252	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:11:01.0984 4252	atapi - ok
21:11:01.0984 4252	Atdisk - ok
21:11:02.0296 4252	ati2mtag        (f27a0b0d1373d36d866f29b434b7aa92) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:11:02.0515 4252	ati2mtag - ok
21:11:02.0515 4252	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:11:02.0625 4252	Atmarpc - ok
21:11:02.0656 4252	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:11:02.0750 4252	audstub - ok
21:11:02.0796 4252	AVGIDSDriver    (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
21:11:02.0937 4252	AVGIDSDriver - ok
21:11:02.0953 4252	AVGIDSEH        (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
21:11:02.0968 4252	AVGIDSEH - ok
21:11:02.0968 4252	AVGIDSFilter    (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
21:11:02.0984 4252	AVGIDSFilter - ok
21:11:03.0015 4252	AVGIDSShim      (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
21:11:03.0015 4252	AVGIDSShim - ok
21:11:03.0046 4252	Avgldx86        (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
21:11:03.0062 4252	Avgldx86 - ok
21:11:03.0078 4252	Avgmfx86        (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
21:11:03.0078 4252	Avgmfx86 - ok
21:11:03.0109 4252	Avgrkx86        (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:11:03.0125 4252	Avgrkx86 - ok
21:11:03.0140 4252	Avgtdix         (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:11:03.0156 4252	Avgtdix - ok
21:11:03.0171 4252	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:11:03.0265 4252	Beep - ok
21:11:03.0296 4252	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:11:03.0375 4252	cbidf2k - ok
21:11:03.0390 4252	cd20xrnt - ok
21:11:03.0390 4252	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:11:03.0484 4252	Cdaudio - ok
21:11:03.0500 4252	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:11:03.0593 4252	Cdfs - ok
21:11:03.0625 4252	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:11:03.0703 4252	Cdrom - ok
21:11:03.0703 4252	Changer - ok
21:11:03.0718 4252	CmdIde - ok
21:11:03.0734 4252	Cpqarray - ok
21:11:03.0750 4252	dac2w2k - ok
21:11:03.0765 4252	dac960nt - ok
21:11:03.0781 4252	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:11:03.0875 4252	Disk - ok
21:11:03.0906 4252	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
21:11:04.0000 4252	dmboot - ok
21:11:04.0015 4252	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
21:11:04.0109 4252	dmio - ok
21:11:04.0125 4252	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:11:04.0203 4252	dmload - ok
21:11:04.0234 4252	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:11:04.0328 4252	DMusic - ok
21:11:04.0328 4252	dpti2o - ok
21:11:04.0343 4252	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:11:04.0421 4252	drmkaud - ok
21:11:04.0468 4252	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:11:04.0562 4252	Fastfat - ok
21:11:04.0578 4252	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:11:04.0656 4252	Fdc - ok
21:11:04.0671 4252	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
21:11:04.0750 4252	Fips - ok
21:11:04.0781 4252	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:11:04.0859 4252	Flpydisk - ok
21:11:04.0875 4252	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:11:04.0984 4252	FltMgr - ok
21:11:05.0000 4252	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:11:05.0093 4252	Fs_Rec - ok
21:11:05.0109 4252	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:11:05.0203 4252	Ftdisk - ok
21:11:05.0203 4252	gdrv - ok
21:11:05.0234 4252	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:11:05.0328 4252	Gpc - ok
21:11:05.0343 4252	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:11:05.0421 4252	HDAudBus - ok
21:11:05.0453 4252	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:11:05.0546 4252	hidusb - ok
21:11:05.0546 4252	hpn - ok
21:11:05.0578 4252	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:11:05.0609 4252	HTTP - ok
21:11:05.0625 4252	i2omgmt - ok
21:11:05.0625 4252	i2omp - ok
21:11:05.0640 4252	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:11:05.0734 4252	i8042prt - ok
21:11:05.0734 4252	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:11:05.0828 4252	Imapi - ok
21:11:05.0843 4252	ini910u - ok
21:11:05.0937 4252	IntcAzAudAddService (0c5a04f0ffaebc25ac815ee14441a8cb) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:11:06.0125 4252	IntcAzAudAddService - ok
21:11:06.0125 4252	IntelIde - ok
21:11:06.0156 4252	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:11:06.0234 4252	Ip6Fw - ok
21:11:06.0250 4252	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:11:06.0343 4252	IpFilterDriver - ok
21:11:06.0343 4252	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:11:06.0421 4252	IpInIp - ok
21:11:06.0437 4252	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:11:06.0531 4252	IpNat - ok
21:11:06.0546 4252	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:11:06.0625 4252	IPSec - ok
21:11:06.0656 4252	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:11:06.0687 4252	IRENUM - ok
21:11:06.0703 4252	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:11:06.0781 4252	isapnp - ok
21:11:06.0796 4252	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:11:06.0890 4252	Kbdclass - ok
21:11:06.0921 4252	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:11:07.0000 4252	kbdhid - ok
21:11:07.0015 4252	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:11:07.0125 4252	kmixer - ok
21:11:07.0140 4252	KSecDD          (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
21:11:07.0171 4252	KSecDD - ok
21:11:07.0203 4252	LBeepKE         (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
21:11:07.0218 4252	LBeepKE - ok
21:11:07.0218 4252	lbrtfdc - ok
21:11:07.0234 4252	LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
21:11:07.0250 4252	LHidFilt - ok
21:11:07.0281 4252	LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
21:11:07.0281 4252	LMouFilt - ok
21:11:07.0296 4252	LUsbFilt        (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
21:11:07.0312 4252	LUsbFilt - ok
21:11:07.0343 4252	MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
21:11:07.0359 4252	MBAMProtector - ok
21:11:07.0390 4252	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:11:07.0468 4252	mnmdd - ok
21:11:07.0484 4252	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
21:11:07.0593 4252	Modem - ok
21:11:07.0625 4252	Monfilt         (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
21:11:07.0687 4252	Monfilt - ok
21:11:07.0703 4252	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:11:07.0796 4252	Mouclass - ok
21:11:07.0796 4252	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:11:07.0890 4252	mouhid - ok
21:11:07.0890 4252	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:11:07.0984 4252	MountMgr - ok
21:11:08.0000 4252	mraid35x - ok
21:11:08.0000 4252	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:11:08.0109 4252	MRxDAV - ok
21:11:08.0125 4252	MRxSmb          (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:11:08.0156 4252	MRxSmb - ok
21:11:08.0171 4252	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:11:08.0265 4252	Msfs - ok
21:11:08.0281 4252	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:11:08.0375 4252	MSKSSRV - ok
21:11:08.0375 4252	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:11:08.0468 4252	MSPCLOCK - ok
21:11:08.0468 4252	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:11:08.0546 4252	MSPQM - ok
21:11:08.0562 4252	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:11:08.0640 4252	mssmbios - ok
21:11:08.0671 4252	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:11:08.0703 4252	Mup - ok
21:11:08.0718 4252	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:11:08.0796 4252	NDIS - ok
21:11:08.0812 4252	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:11:08.0812 4252	NdisTapi - ok
21:11:08.0843 4252	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:11:08.0921 4252	Ndisuio - ok
21:11:08.0937 4252	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:11:09.0015 4252	NdisWan - ok
21:11:09.0046 4252	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:11:09.0046 4252	NDProxy - ok
21:11:09.0062 4252	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:11:09.0171 4252	NetBIOS - ok
21:11:09.0171 4252	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:11:09.0265 4252	NetBT - ok
21:11:09.0328 4252	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:11:09.0437 4252	NIC1394 - ok
21:11:09.0453 4252	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:11:09.0546 4252	Npfs - ok
21:11:09.0578 4252	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:11:09.0687 4252	Ntfs - ok
21:11:09.0734 4252	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:11:09.0828 4252	Null - ok
21:11:09.0828 4252	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:11:09.0921 4252	NwlnkFlt - ok
21:11:09.0937 4252	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:11:10.0031 4252	NwlnkFwd - ok
21:11:10.0046 4252	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:11:10.0140 4252	ohci1394 - ok
21:11:10.0171 4252	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
21:11:10.0265 4252	Parport - ok
21:11:10.0265 4252	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:11:10.0359 4252	PartMgr - ok
21:11:10.0359 4252	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
21:11:10.0437 4252	ParVdm - ok
21:11:10.0453 4252	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
21:11:10.0562 4252	PCI - ok
21:11:10.0562 4252	PCIDump - ok
21:11:10.0578 4252	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:11:10.0671 4252	PCIIde - ok
21:11:10.0687 4252	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:11:10.0796 4252	Pcmcia - ok
21:11:10.0796 4252	PDCOMP - ok
21:11:10.0812 4252	PDFRAME - ok
21:11:10.0812 4252	PDRELI - ok
21:11:10.0828 4252	PDRFRAME - ok
21:11:10.0843 4252	perc2 - ok
21:11:10.0843 4252	perc2hib - ok
21:11:10.0890 4252	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:11:10.0984 4252	PptpMiniport - ok
21:11:11.0000 4252	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
21:11:11.0109 4252	Processor - ok
21:11:11.0125 4252	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:11:11.0218 4252	PSched - ok
21:11:11.0234 4252	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:11:11.0312 4252	Ptilink - ok
21:11:11.0328 4252	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:11:11.0343 4252	PxHelp20 - ok
21:11:11.0343 4252	ql1080 - ok
21:11:11.0359 4252	Ql10wnt - ok
21:11:11.0359 4252	ql12160 - ok
21:11:11.0375 4252	ql1240 - ok
21:11:11.0375 4252	ql1280 - ok
21:11:11.0390 4252	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:11:11.0484 4252	RasAcd - ok
21:11:11.0484 4252	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:11:11.0562 4252	Rasl2tp - ok
21:11:11.0578 4252	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:11:11.0656 4252	RasPppoe - ok
21:11:11.0656 4252	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:11:11.0750 4252	Raspti - ok
21:11:11.0750 4252	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:11:11.0843 4252	Rdbss - ok
21:11:11.0859 4252	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:11:11.0937 4252	RDPCDD - ok
21:11:11.0953 4252	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:11:12.0046 4252	rdpdr - ok
21:11:12.0078 4252	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:11:12.0093 4252	RDPWD - ok
21:11:12.0109 4252	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:11:12.0187 4252	redbook - ok
21:11:12.0281 4252	RTHDMIAzAudService (1674a34f0084bffdec2dcdb1625a87f0) C:\WINDOWS\system32\drivers\RtKHDMI.sys
21:11:12.0375 4252	RTHDMIAzAudService - ok
21:11:12.0390 4252	RTLE8023xp      (00fd6811350e175585abcf7d4a61dd90) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:11:12.0421 4252	RTLE8023xp - ok
21:11:12.0453 4252	SaiH0464        (de7a2fc379671998865122a08fd9db52) C:\WINDOWS\system32\DRIVERS\SaiH0464.sys
21:11:12.0484 4252	SaiH0464 - ok
21:11:12.0500 4252	SaiMini - ok
21:11:12.0515 4252	SaiNtBus - ok
21:11:12.0546 4252	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:11:12.0578 4252	Secdrv - ok
21:11:12.0593 4252	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:11:12.0671 4252	serenum - ok
21:11:12.0687 4252	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
21:11:12.0765 4252	Serial - ok
21:11:12.0796 4252	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:11:12.0875 4252	Sfloppy - ok
21:11:12.0875 4252	Simbad - ok
21:11:12.0906 4252	snapman378      (793f65aac52e5eccb83e6d9de054c865) C:\WINDOWS\system32\DRIVERS\snman378.sys
21:11:12.0921 4252	snapman378 - ok
21:11:12.0921 4252	Sparrow - ok
21:11:12.0937 4252	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:11:13.0031 4252	splitter - ok
21:11:13.0046 4252	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
21:11:13.0093 4252	sr - ok
21:11:13.0109 4252	Srv             (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
21:11:13.0125 4252	Srv - ok
21:11:13.0156 4252	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:11:13.0234 4252	swenum - ok
21:11:13.0234 4252	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:11:13.0328 4252	swmidi - ok
21:11:13.0328 4252	symc810 - ok
21:11:13.0343 4252	symc8xx - ok
21:11:13.0343 4252	sym_hi - ok
21:11:13.0343 4252	sym_u3 - ok
21:11:13.0375 4252	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:11:13.0453 4252	sysaudio - ok
21:11:13.0468 4252	Tcpip           (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:11:13.0500 4252	Tcpip - ok
21:11:13.0531 4252	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:11:13.0609 4252	TDPIPE - ok
21:11:13.0640 4252	tdrpman124      (1c66bd6c1c2463514635cdd9443eb0e9) C:\WINDOWS\system32\DRIVERS\tdrpm124.sys
21:11:13.0687 4252	tdrpman124 - ok
21:11:13.0703 4252	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:11:13.0781 4252	TDTCP - ok
21:11:13.0796 4252	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:11:13.0875 4252	TermDD - ok
21:11:13.0890 4252	tifsfilter      (d28aaf9a30b4b1a43310dcbdb4fd13bf) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
21:11:13.0890 4252	tifsfilter - ok
21:11:13.0906 4252	timounter       (4362215c82a3abe14ebb409289136a8b) C:\WINDOWS\system32\DRIVERS\timntr.sys
21:11:13.0921 4252	timounter - ok
21:11:13.0921 4252	TosIde - ok
21:11:13.0953 4252	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:11:14.0031 4252	Udfs - ok
21:11:14.0046 4252	ultra - ok
21:11:14.0062 4252	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:11:14.0140 4252	Update - ok
21:11:14.0171 4252	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:11:14.0250 4252	usbaudio - ok
21:11:14.0265 4252	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:11:14.0359 4252	usbccgp - ok
21:11:14.0359 4252	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:11:14.0437 4252	usbehci - ok
21:11:14.0453 4252	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:11:14.0546 4252	usbhub - ok
21:11:14.0546 4252	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:11:14.0625 4252	usbohci - ok
21:11:14.0656 4252	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:11:14.0750 4252	USBSTOR - ok
21:11:14.0750 4252	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:11:14.0859 4252	VgaSave - ok
21:11:14.0859 4252	ViaIde - ok
21:11:14.0875 4252	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
21:11:14.0953 4252	VolSnap - ok
21:11:14.0984 4252	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:11:15.0046 4252	Wanarp - ok
21:11:15.0093 4252	Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:11:15.0109 4252	Wdf01000 - ok
21:11:15.0109 4252	WDICA - ok
21:11:15.0125 4252	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:11:15.0203 4252	wdmaud - ok
21:11:15.0250 4252	WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:11:15.0328 4252	WmiAcpi - ok
21:11:15.0375 4252	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:11:15.0406 4252	WpdUsb - ok
21:11:15.0421 4252	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:11:15.0453 4252	WudfPf - ok
21:11:15.0453 4252	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:11:15.0468 4252	WudfRd - ok
21:11:15.0484 4252	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
21:11:15.0640 4252	\Device\Harddisk0\DR0 - ok
21:11:15.0640 4252	Boot (0x1200)   (ddfa81ffb0b5f6df68589331c0170dc1) \Device\Harddisk0\DR0\Partition0
21:11:15.0640 4252	\Device\Harddisk0\DR0\Partition0 - ok
21:11:15.0671 4252	Boot (0x1200)   (cf4e7cbeb8e7a03a07e7300dafd9c0c3) \Device\Harddisk0\DR0\Partition1
21:11:15.0671 4252	\Device\Harddisk0\DR0\Partition1 - ok
21:11:15.0671 4252	============================================================
21:11:15.0671 4252	Scan finished
21:11:15.0671 4252	============================================================
21:11:15.0812 4192	Detected object count: 0
21:11:15.0812 4192	Actual detected object count: 0

cosinus · 08.12.2011, 21:22

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

issus · 08.12.2011, 22:09

Hallo Arne,

Combofix-Scan durchgeführt:

Code:

ATTFilter

ComboFix 11-12-08.01 - Kunde 08.12.2011  21:52:22.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2814.1811 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Internet\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-08 bis 2011-12-08  ))))))))))))))))))))))))))))))
.
.
2011-12-08 17:14 . 2011-12-08 17:14	--------	d-----w-	C:\_OTL
2011-12-07 21:48 . 2011-12-08 06:58	--------	d-----w-	c:\dokumente und einstellungen\Testkonto
2011-12-06 19:52 . 2011-12-06 19:52	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2011-12-06 19:52 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-06 19:39 . 2011-12-06 19:39	--------	d-----w-	c:\programme\ESET
2011-12-06 17:35 . 2011-12-06 17:35	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\ATI
2011-12-06 17:34 . 2011-12-06 17:34	--------	d-----w-	c:\programme\AMD APP
2011-12-06 17:33 . 2011-10-26 02:59	311296	----a-w-	c:\windows\system32\atiiiexx.dll
2011-12-06 17:33 . 2011-10-26 02:06	466944	----a-w-	c:\windows\system32\ATIDEMGX.dll
2011-12-06 17:32 . 2011-12-06 17:33	--------	d-----w-	c:\programme\ATI Technologies
2011-12-06 17:32 . 2011-12-06 17:32	--------	d-----w-	C:\ATI
2011-12-06 17:22 . 2011-12-06 17:22	--------	d-----w-	c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
2011-12-06 17:19 . 2011-12-06 17:19	--------	d-----w-	c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
2011-12-06 17:19 . 2011-12-06 17:21	--------	d-----w-	c:\dokumente und einstellungen\Kunde\Lokale Einstellungen\Anwendungsdaten\Google
2011-12-06 17:19 . 2011-12-06 17:21	--------	d-----w-	c:\programme\Google
2011-12-05 18:43 . 2011-12-05 18:43	--------	d-----w-	c:\programme\ATI
2011-12-05 18:03 . 2011-12-05 18:03	--------	d-----w-	c:\windows\system32\wbem\Repository
2011-12-05 17:20 . 2011-12-05 17:20	--------	d-----w-	c:\dokumente und einstellungen\Internet\Anwendungsdaten\Malwarebytes
2011-12-05 17:13 . 2011-12-05 17:13	--------	d-----w-	c:\dokumente und einstellungen\Kunde\Anwendungsdaten\Malwarebytes
2011-12-05 17:12 . 2011-12-05 17:12	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-13 10:14 . 2011-06-04 13:24	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-26 03:01 . 2009-06-03 21:00	7412736	----a-w-	c:\windows\system32\drivers\ati2mtag.sys
2011-10-26 02:30 . 2011-06-25 08:45	57344	----a-w-	c:\windows\system32\aticalrt.dll
2011-10-26 02:30 . 2011-06-25 08:45	53248	----a-w-	c:\windows\system32\aticalcl.dll
2011-10-26 02:27 . 2011-06-25 08:45	5890048	----a-w-	c:\windows\system32\aticaldd.dll
2011-10-26 02:16 . 2011-06-25 08:45	18968576	----a-w-	c:\windows\system32\atioglxx.dll
2011-10-26 02:04 . 2009-06-03 19:50	304128	----a-w-	c:\windows\system32\ati2dvag.dll
2011-10-26 02:04 . 2009-06-03 19:18	4004864	----a-w-	c:\windows\system32\ati3duag.dll
2011-10-26 01:58 . 2011-06-25 08:45	956160	----a-w-	c:\windows\system32\ativvamv.dll
2011-10-26 01:44 . 2009-06-03 19:03	3286400	----a-w-	c:\windows\system32\ativvaxx.dll
2011-10-26 01:44 . 2011-06-25 08:45	212992	----a-w-	c:\windows\system32\atipdlxx.dll
2011-10-26 01:43 . 2011-06-25 08:45	155648	----a-w-	c:\windows\system32\Oemdspif.dll
2011-10-26 01:43 . 2011-06-25 08:45	26112	----a-w-	c:\windows\system32\Ati2mdxx.exe
2011-10-26 01:43 . 2011-06-25 08:45	43520	----a-w-	c:\windows\system32\ati2edxx.dll
2011-10-26 01:43 . 2011-06-25 08:45	188416	------w-	c:\windows\system32\ati2evxx.dll
2011-10-26 01:42 . 2011-06-25 08:45	643072	----a-w-	c:\windows\system32\ati2evxx.exe
2011-10-26 01:40 . 2011-06-25 08:45	53248	----a-w-	c:\windows\system32\ATIDDC.DLL
2011-10-26 01:39 . 2011-06-25 08:45	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2011-10-26 01:35 . 2011-06-25 08:45	806912	----a-w-	c:\windows\system32\atikvmag.dll
2011-10-26 01:34 . 2011-06-25 08:45	499712	----a-w-	c:\windows\system32\atiok3x2.dll
2011-10-26 01:30 . 2011-06-25 08:45	229376	------w-	c:\windows\system32\atiadlxx.dll
2011-10-26 01:30 . 2011-06-25 08:45	17408	----a-w-	c:\windows\system32\atitvo32.dll
2011-10-26 01:25 . 2011-06-25 08:45	65024	----a-w-	c:\windows\system32\atimpc32.dll
2011-10-26 01:25 . 2011-06-25 08:45	65024	----a-w-	c:\windows\system32\amdpcom32.dll
2011-10-26 01:24 . 2011-06-25 08:45	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2011-10-26 01:24 . 2009-06-03 18:33	884736	----a-w-	c:\windows\system32\ati2cqag.dll
2011-10-25 20:21 . 2011-10-25 20:21	56832	----a-w-	c:\windows\system32\OpenVideo.dll
2011-10-25 20:21 . 2011-10-25 20:21	56832	----a-w-	c:\windows\system32\OVDecoder.dll
2011-10-25 20:20 . 2011-10-25 20:20	13950464	----a-w-	c:\windows\system32\amdocl.dll
2011-10-10 14:21 . 2009-10-02 18:33	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-14 05:52	604160	----a-w-	c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 15:29	614912	----a-w-	c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-08-23 12:00	23040	----a-w-	c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-08-23 12:00	220160	----a-w-	c:\windows\system32\oleacc.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-05-30 09:33	2495816	----a-w-	c:\programme\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programme\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programme\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programme\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"\\SLAVE\EPSON S22 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGEE.EXE" [2009-09-14 200704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"TrueImageMonitor.exe"="c:\programme\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-09-15 4353088]
"AcronisTimounterMonitor"="c:\programme\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-09-15 962456]
"ProfilerU"="c:\programme\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\programme\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Acronis Scheduler2 Service"="c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2008-09-15 165144]
"AVG_TRAY"="c:\programme\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 98304]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\dokumente und einstellungen\Internet\Desktop\OTL.exe" [2011-12-07 584192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-10-30 813584]
.
c:\dokumente und einstellungen\Testkonto\Startmenü\Programme\Autostart\
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-10-30 813584]
.
c:\dokumente und einstellungen\Kunde\Eigene Dateien\Startmenü\Programme\Autostart\
Logitech . Produktregistrierung.lnk.disabled [2009-11-1 967]
.
c:\dokumente und einstellungen\Internet\Startmenü\Programme\Autostart\
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-10-30 813584]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-10-30 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28	72208	----a-w-	c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NBKeyScan"="c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"RTHDCPL"=RTHDCPL.EXE
"<NO NAME>"=
"RemoteControl"=c:\programme\CyberLink\PowerDVD\PDVDServ.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"d:\\xampp\\apache\\bin\\httpd.exe"=
"d:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Programme\\Civilization 4\\Civilization4.exe"=
"c:\\Programme\\Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Programme\\Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Programme\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Programme\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"d:\\PokerTH\\pokerth.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Programme\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Programme\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Programme\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7234:TCP"= 7234:TCP:PokerTH
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.09.2010 16:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07.09.2010 03:48 32592]
R0 snapman378;Acronis Snapshots Manager (Build 378);c:\windows\system32\drivers\snman378.sys [02.10.2009 16:31 134272]
R0 tdrpman124;Acronis Try&Decide and Restore Points filter (build 124);c:\windows\system32\drivers\tdrpm124.sys [02.10.2009 16:31 950848]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07.09.2010 03:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07.09.2010 03:49 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.08.2011 00:33 7390560]
R2 avgwd;AVG WatchDog;c:\programme\AVG\AVG10\avgwdsvc.exe [08.02.2011 04:33 269520]
R2 BCUService;Browser Configuration Utility Service;c:\programme\DeviceVM\Browser Configuration Utility\BCUService.exe [02.10.2009 19:45 212232]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [30.10.2009 15:23 10384]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [06.12.2011 20:52 366152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.08.2010 21:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.08.2010 21:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.08.2010 21:42 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06.12.2011 20:52 22216]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [02.10.2009 19:51 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programme\AVG\AVG10\Toolbar\ToolbarBroker.exe [02.05.2011 16:30 1025352]
S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [01.05.2007 12:07 132232]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 80359664
*Deregistered* - 80359664
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9CB959E8-144F-4860-9715-EA9E319418F3}: NameServer = 213.73.91.35,194.95.202.198
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\programme\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\dokumente und einstellungen\Kunde\Anwendungsdaten\Mozilla\Firefox\Profiles\xwlrh1o1.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.de
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-08 21:55
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1060284298-1214440339-682003330-1004\Software\Microsoft\Windows\CurrentVersion\UnreadMail\e-post@um-fritz.de]
@Denied: (Full) (Administrators)
"MessageCount"=dword:00000004
"TimeStamp"=hex:7e,b6,8e,70,5f,a0,ca,01
"Application"="%SystemDrive%\\PROGRA~1\\MICROS~2\\OFFICE11\\OUTLOOK.EXE /profile Outlook"
"MessageExpiryDays"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1060284298-1214440339-682003330-1004\Software\Microsoft\Windows\CurrentVersion\UnreadMail\uli.fritz@t-online.de]
@Denied: (Full) (Administrators)
"MessageCount"=dword:00000003
"TimeStamp"=hex:ea,8a,e4,3c,7a,4f,cb,01
"Application"="%SystemDrive%\\PROGRA~1\\MICROS~2\\OFFICE11\\OUTLOOK.EXE /profile Outlook"
"MessageExpiryDays"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll
.
Zeit der Fertigstellung: 2011-12-08  21:57:04
ComboFix-quarantined-files.txt  2011-12-08 20:57
.
Vor Suchlauf: 8 Verzeichnis(se), 230.386.352.128 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 230.454.505.472 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - E86357970FB75FB912E7FB58960169CB

cosinus · 09.12.2011, 09:40

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

issus · 09.12.2011, 20:08

Hallo Arne,

die drei Schritte abgearbeitet:

Gmer:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-09 19:28:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST31000528AS rev.CC35
Running: 8d2wyc5l.exe; Driver: C:\DOKUME~1\Kunde\LOKALE~1\Temp\pgtdypog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwOpenProcess [0xBA3E9738]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateProcess [0xBA3E97DC]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateThread [0xBA3E9878]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwWriteVirtualMemory [0xBA3E9914]

---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                                    section is writeable [0xB41C7000, 0x2BCD8C, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                      tdrpm124.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                      AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                   avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                                      tdrpm124.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                                      tdrpm124.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                   avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                 avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

Osam

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:43:27 on 09.12.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 8.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgrsx.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager (Build 378)" (snapman378) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snman378.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"Acronis Try&Decide and Restore Points filter (build 124)" (tdrpman124) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tdrpm124.sys
"AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgrkx86.sys
"AVG AVI Loader Driver" (Avgldx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgldx86.sys
"AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgmfx86.sys
"AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgtdix.sys
"AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSDriver.Sys
"AVGIDSEH" (AVGIDSEH) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSEH.Sys
"AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSFilter.Sys
"AVGIDSShim" (AVGIDSShim) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSShim.Sys
"catchme" (catchme) - ? - C:\DOKUME~1\Kunde\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"gdrv" (gdrv) - ? - C:\WINDOWS\gdrv.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"LBeepKE" (LBeepKE) - "Logitech, Inc." - C:\WINDOWS\System32\Drivers\LBeepKE.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"pgtdypog" (pgtdypog) - ? - C:\DOKUME~1\Kunde\LOKALE~1\Temp\pgtdypog.sys  (Hidden registry entry, rootkit activity | File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"SaiH0464" (SaiH0464) - "Saitek" - C:\WINDOWS\System32\DRIVERS\SaiH0464.sys
"SaiMini" (SaiMini) - ? - C:\WINDOWS\System32\DRIVERS\SaiMini.sys  (File not found)
"SaiNtBus" (SaiNtBus) - ? - C:\WINDOWS\System32\drivers\SaiBus.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{F2DDE6B2-9684-4A55-86D4-E255E237B77C} "avgsecuritytoolbar" - ? - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgpp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -   (File not found | COM-object registry key not found)
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgse.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dBpoweramp Music Converter" - ? -   (File not found | COM-object registry key not found)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\kbcplext.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\mcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{e57ce731-33e8-4c51-8354-bb4de9d215d1} "Universelle Plug & Play-Geräte" - ? -   (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"Klicke hier um das Projekt xp-AntiSpy zu unterstützen" - ? - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "AVG Security Toolbar" - ? - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} "SearchHook Class" - "DeviceVM, Inc." - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control" - "BitDefender" - C:\WINDOWS\DOWNLO~1\oscan82.ocx / hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.7.0" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\npjpi170.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0" - ? - \bin\npjpi170.dll  (File not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
"Exec" - ? - C:\WINDOWS\bdoscandel.exe  (File found, but it contains no detailed information)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "AVG Security Toolbar" - ? - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgssie.dll
{A3BC75A2-1F87-4686-AA43-5347D756017C} "AVG Security Toolbar BHO" - ? - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll
{DD92DE22-ED91-4560-B788-DEE2B26612E6} "BHO Class" - "DeviceVM, Inc." - C:\Programme\DeviceVM\Browser Configuration Utility\IEHelper.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Eigene Dateien\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\Startmenü\Programme\Autostart\desktop.ini
"Logitech . Produktregistrierung.lnk.disabled" - ? - C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\Startmenü\Programme\Autostart\Logitech . Produktregistrierung.lnk.disabled
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"RocketDock" - ? - "C:\Programme\RocketDock\RocketDock.exe"  (File found, but it contains no detailed information)
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
"\\SLAVE\EPSON S22 Series" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGEE.EXE /FU "C:\DOKUME~1\Kunde\LOKALE~1\Temp\E_S10.tmp" /EF "HKCU"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor" - "Acronis" - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"AVG_TRAY" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgtray.exe
"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
"ProfilerU" - "Saitek" - C:\Programme\Saitek\SD6\Software\ProfilerU.exe
"SaiMfd" - "Saitek" - C:\Programme\Saitek\SD6\Software\SaiMfd.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"TrueImageMonitor.exe" - "Acronis" - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - ? - C:\WINDOWS\system32\AdobePDF.dll  (File not found)
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Programme\Bonjour\mDNSResponder.exe
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"AVG Security Toolbar Service" (AVG Security Toolbar Service) - ? - C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe
"AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgwdsvc.exe
"AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
"Browser Configuration Utility Service" (BCUService) - "DeviceVM, Inc." - C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Computer, Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR:

Code:

ATTFilter

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-09 19:45:43
-----------------------------
19:45:43.765    OS Version: Windows 5.1.2600 Service Pack 3
19:45:43.765    Number of processors: 2 586 0x4303
19:45:43.765    ComputerName: MAIN  UserName: 
19:45:44.437    Initialize success
19:48:00.296    AVAST engine defs: 11120901
19:48:30.484    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:48:30.484    Disk 0 Vendor: ST31000528AS CC35 Size: 953869MB BusType: 3
19:48:32.546    Disk 0 MBR read successfully
19:48:32.546    Disk 0 MBR scan
19:48:32.562    Disk 0 Windows XP default MBR code
19:48:32.593    Disk 0 scanning sectors +1953520065
19:48:32.734    Disk 0 scanning C:\WINDOWS\system32\drivers
19:48:53.796    Service scanning
19:48:54.515    Modules scanning
19:49:21.843    Disk 0 trace - called modules:
19:49:21.890    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
19:49:21.890    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2c4ab8]
19:49:21.890    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8a321510]
19:49:22.406    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a2cb940]
19:49:23.015    AVAST engine scan C:\WINDOWS
19:49:51.406    AVAST engine scan C:\WINDOWS\system32
19:52:10.046    AVAST engine scan C:\WINDOWS\system32\drivers
19:52:31.078    AVAST engine scan C:\Dokumente und Einstellungen\Kunde
19:54:43.781    AVAST engine scan C:\Dokumente und Einstellungen\All Users
19:56:30.734    Scan finished successfully
19:56:57.375    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Internet\Desktop\MBR.dat"
19:56:57.375    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Internet\Desktop\aswMBR.txt"

So far, so good?

Der Bootmanager geht im übrigen wieder, was Du aber sicher schon geahnt hast. Nur die USB-Tastatur Eingaben erkennt er noch nicht.
Danke für Deine Hilfe!

cosinus · 10.12.2011, 01:07

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

issus · 10.12.2011, 13:47

Hallo Arne,

die drei Schritte erledigt.
MBAM Vollscan:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8346

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10.12.2011 11:04:15
mbam-log-2011-12-10 (11-04-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 395444
Laufzeit: 31 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\system volume information\_restore{e4c233ae-6714-4744-9e50-dbe1a7bc66ef}\RP456\A0115932.exe (Trojan.FakeAlert) -> No action taken.
c:\system volume information\_restore{e4c233ae-6714-4744-9e50-dbe1a7bc66ef}\RP456\A0115933.exe (Rogue.FakeHDD) -> No action taken.

SAS Vollscan

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/10/2011 at 11:50 AM

Application Version : 5.0.1136

Core Rules Database Version : 8038
Trace Rules Database Version: 5850

Scan type       : Complete Scan
Total Scan Time : 00:31:14

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 474
Memory threats detected   : 0
Registry items scanned    : 39230
Registry threats detected : 0
File items scanned        : 69747
File threats detected     : 2

Trojan.Agent/Gen-FakeAlert
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{E4C233AE-6714-4744-9E50-DBE1A7BC66EF}\RP456\A0115932.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{E4C233AE-6714-4744-9E50-DBE1A7BC66EF}\RP456\A0115933.EXE

ESET Vollscan: (Da ist der Scan vom 6.12. mit gelistet)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=23f9784fc526b4489db3de8d1f5c3bf4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-06 09:10:46
# local_time=2011-12-06 10:10:46 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777189 100 96 13067 66368682 0 0
# compatibility_mode=8192 67108863 100 0 4189 4189 0 0
# scanned=153857
# found=6
# cleaned=0
# scan_time=4908
C:\Dokumente und Einstellungen\Internet\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\15\6e1ca1cf-161b0e1f	a variant of Java/TrojanDownloader.OpenConnection.MU trojan (unable to clean)	00000000000000000000000000000000	I
C:\Dokumente und Einstellungen\Internet\Lokale Einstellungen\Temp\CDBurnerXP-updates\cdbxp_setup_4.3.8.2568.exe	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I
D:\Sicher\gamers_irc405.exe	probably a variant of Win32/Adware.Agent.CZTDWWN application (unable to clean)	00000000000000000000000000000000	I
D:\Sicher\GermanFunScript.zip	Win32/NetTool.NukeNabber.29 application (unable to clean)	00000000000000000000000000000000	I
D:\Sicher\UT\ts2_client_rc1.exe	multiple threats (unable to clean)	00000000000000000000000000000000	I
D:\software\winamp5601_full_emusic-7plus_de-de.exe	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=23f9784fc526b4489db3de8d1f5c3bf4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-10 12:26:29
# local_time=2011-12-10 01:26:29 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777189 100 96 11889 66682485 0 0
# compatibility_mode=8192 67108863 100 0 317992 317992 0 0
# scanned=165562
# found=6
# cleaned=0
# scan_time=5248
C:\System Volume Information\_restore{E4C233AE-6714-4744-9E50-DBE1A7BC66EF}\RP456\A0115932.exe	a variant of Win32/Kryptik.WQS trojan (unable to clean)	00000000000000000000000000000000	I
C:\System Volume Information\_restore{E4C233AE-6714-4744-9E50-DBE1A7BC66EF}\RP456\A0115933.exe	a variant of Win32/Kryptik.WQS trojan (unable to clean)	00000000000000000000000000000000	I
D:\Sicher\gamers_irc405.exe	probably a variant of Win32/Adware.Agent.CZTDWWN application (unable to clean)	00000000000000000000000000000000	I
D:\Sicher\GermanFunScript.zip	Win32/NetTool.NukeNabber.29 application (unable to clean)	00000000000000000000000000000000	I
D:\Sicher\UT\ts2_client_rc1.exe	multiple threats (unable to clean)	00000000000000000000000000000000	I
D:\software\winamp5601_full_emusic-7plus_de-de.exe	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I

cosinus · 12.12.2011, 09:45

In System Volume Information sind die Dateien für Wiederherstellungspunkte gespeichert.

Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des Systems durch einen Wiederherstellungspunkt wahrscheinlich wieder eine Infektion nach sich ziehen würde.

issus · 12.12.2011, 11:46

Hallo Arne,

herzlichen Glückwunsch zum Geburtstag!

Systemwiederherstellungspunkte gelöscht.

cosinus · 12.12.2011, 13:31

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4f261ea7-2056-11e1-975f-9b6463f8e70b}\Shell - "" = AutoRun
O33 - MountPoints2\{4f261ea7-2056-11e1-975f-9b6463f8e70b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{89bc54a4-205a-11e1-b675-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{89bc54a4-205a-11e1-b675-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe autoplay=true
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

issus · 12.12.2011, 13:56

OTL - Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f261ea7-2056-11e1-975f-9b6463f8e70b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f261ea7-2056-11e1-975f-9b6463f8e70b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f261ea7-2056-11e1-975f-9b6463f8e70b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f261ea7-2056-11e1-975f-9b6463f8e70b}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89bc54a4-205a-11e1-b675-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89bc54a4-205a-11e1-b675-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89bc54a4-205a-11e1-b675-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89bc54a4-205a-11e1-b675-806e6f6e6963}\ not found.
File D:\Setup.exe autoplay=true not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: INet
->Temp folder emptied: 184380 bytes
->Temporary Internet Files folder emptied: 706612 bytes
->FireFox cache emptied: 38045640 bytes
->Flash cache emptied: 470 bytes
 
User: Internet
->Temp folder emptied: 734775133 bytes
->Temporary Internet Files folder emptied: 110137 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37478387 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Kunde
->Temp folder emptied: 53664745 bytes
->Temporary Internet Files folder emptied: 49549150 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 9573521 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 456 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33062 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12088728 bytes
RecycleBin emptied: 58573168 bytes
 
Total Files Cleaned = 949,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12122011_134127

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 12.12.2011, 14:12

Bitte nun (im normalen Modus!) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

issus · 12.12.2011, 14:26

TDSSKiller:

Code:

ATTFilter

14:18:14.0421 2496	TDSS rootkit removing tool 2.6.22.0 Dec  7 2011 13:21:06
14:18:14.0750 2496	============================================================
14:18:14.0750 2496	Current date / time: 2011/12/12 14:18:14.0750
14:18:14.0750 2496	SystemInfo:
14:18:14.0750 2496	
14:18:14.0750 2496	OS Version: 5.1.2600 ServicePack: 3.0
14:18:14.0750 2496	Product type: Workstation
14:18:14.0750 2496	ComputerName: MAIN
14:18:14.0750 2496	UserName: Kunde
14:18:14.0750 2496	Windows directory: C:\WINDOWS
14:18:14.0750 2496	System windows directory: C:\WINDOWS
14:18:14.0750 2496	Processor architecture: Intel x86
14:18:14.0750 2496	Number of processors: 2
14:18:14.0750 2496	Page size: 0x1000
14:18:14.0750 2496	Boot type: Normal boot
14:18:14.0750 2496	============================================================
14:18:15.0796 2496	Initialize success
14:18:33.0875 4980	============================================================
14:18:33.0875 4980	Scan started
14:18:33.0875 4980	Mode: Manual; SigCheck; TDLFS; 
14:18:33.0875 4980	============================================================
14:18:34.0218 4980	Abiosdsk - ok
14:18:34.0218 4980	abp480n5 - ok
14:18:34.0265 4980	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:18:34.0796 4980	ACPI - ok
14:18:34.0812 4980	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:18:34.0890 4980	ACPIEC - ok
14:18:34.0906 4980	adpu160m - ok
14:18:34.0953 4980	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:18:35.0015 4980	aec - ok
14:18:35.0046 4980	AFD             (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
14:18:35.0078 4980	AFD - ok
14:18:35.0093 4980	Aha154x - ok
14:18:35.0093 4980	aic78u2 - ok
14:18:35.0109 4980	aic78xx - ok
14:18:35.0125 4980	AliIde - ok
14:18:35.0171 4980	Ambfilt         (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
14:18:35.0265 4980	Ambfilt - ok
14:18:35.0281 4980	AmdK8           (58be3c2f1aa041ea56f7305a6463035c) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:18:35.0296 4980	AmdK8 - ok
14:18:35.0312 4980	amsint - ok
14:18:35.0359 4980	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:18:35.0421 4980	Arp1394 - ok
14:18:35.0437 4980	asc - ok
14:18:35.0437 4980	asc3350p - ok
14:18:35.0453 4980	asc3550 - ok
14:18:35.0484 4980	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:18:35.0562 4980	AsyncMac - ok
14:18:35.0578 4980	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:18:35.0656 4980	atapi - ok
14:18:35.0671 4980	Atdisk - ok
14:18:35.0796 4980	ati2mtag        (f27a0b0d1373d36d866f29b434b7aa92) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:18:35.0968 4980	ati2mtag - ok
14:18:35.0984 4980	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:18:36.0062 4980	Atmarpc - ok
14:18:36.0093 4980	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:18:36.0171 4980	audstub - ok
14:18:36.0218 4980	AVGIDSDriver    (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
14:18:36.0359 4980	AVGIDSDriver - ok
14:18:36.0375 4980	AVGIDSEH        (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
14:18:36.0375 4980	AVGIDSEH - ok
14:18:36.0390 4980	AVGIDSFilter    (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
14:18:36.0406 4980	AVGIDSFilter - ok
14:18:36.0437 4980	AVGIDSShim      (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
14:18:36.0437 4980	AVGIDSShim - ok
14:18:36.0453 4980	Avgldx86        (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
14:18:36.0468 4980	Avgldx86 - ok
14:18:36.0468 4980	Avgmfx86        (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
14:18:36.0484 4980	Avgmfx86 - ok
14:18:36.0500 4980	Avgrkx86        (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
14:18:36.0515 4980	Avgrkx86 - ok
14:18:36.0546 4980	Avgtdix         (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
14:18:36.0546 4980	Avgtdix - ok
14:18:36.0593 4980	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:18:36.0656 4980	Beep - ok
14:18:36.0734 4980	catchme - ok
14:18:36.0765 4980	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:18:36.0859 4980	cbidf2k - ok
14:18:36.0875 4980	cd20xrnt - ok
14:18:36.0875 4980	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:18:36.0968 4980	Cdaudio - ok
14:18:36.0984 4980	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:18:37.0093 4980	Cdfs - ok
14:18:37.0109 4980	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:18:37.0187 4980	Cdrom - ok
14:18:37.0187 4980	Changer - ok
14:18:37.0218 4980	CmdIde - ok
14:18:37.0234 4980	Cpqarray - ok
14:18:37.0234 4980	dac2w2k - ok
14:18:37.0250 4980	dac960nt - ok
14:18:37.0265 4980	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:18:37.0343 4980	Disk - ok
14:18:37.0375 4980	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
14:18:37.0484 4980	dmboot - ok
14:18:37.0484 4980	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
14:18:37.0562 4980	dmio - ok
14:18:37.0578 4980	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:18:37.0656 4980	dmload - ok
14:18:37.0687 4980	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:18:37.0765 4980	DMusic - ok
14:18:37.0781 4980	dpti2o - ok
14:18:37.0781 4980	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:18:37.0875 4980	drmkaud - ok
14:18:37.0906 4980	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:18:37.0984 4980	Fastfat - ok
14:18:38.0000 4980	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:18:38.0093 4980	Fdc - ok
14:18:38.0093 4980	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
14:18:38.0187 4980	Fips - ok
14:18:38.0203 4980	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:18:38.0296 4980	Flpydisk - ok
14:18:38.0312 4980	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:18:38.0406 4980	FltMgr - ok
14:18:38.0421 4980	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:18:38.0500 4980	Fs_Rec - ok
14:18:38.0500 4980	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:18:38.0578 4980	Ftdisk - ok
14:18:38.0593 4980	gdrv - ok
14:18:38.0593 4980	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:18:38.0671 4980	Gpc - ok
14:18:38.0703 4980	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:18:38.0781 4980	HDAudBus - ok
14:18:38.0812 4980	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:18:38.0906 4980	hidusb - ok
14:18:38.0906 4980	hpn - ok
14:18:38.0937 4980	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:18:38.0984 4980	HTTP - ok
14:18:38.0984 4980	i2omgmt - ok
14:18:39.0000 4980	i2omp - ok
14:18:39.0015 4980	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:18:39.0093 4980	i8042prt - ok
14:18:39.0093 4980	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:18:39.0187 4980	Imapi - ok
14:18:39.0203 4980	ini910u - ok
14:18:39.0296 4980	IntcAzAudAddService (0c5a04f0ffaebc25ac815ee14441a8cb) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:18:39.0421 4980	IntcAzAudAddService - ok
14:18:39.0453 4980	IntelIde - ok
14:18:39.0468 4980	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:18:39.0546 4980	Ip6Fw - ok
14:18:39.0578 4980	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:18:39.0656 4980	IpFilterDriver - ok
14:18:39.0671 4980	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:18:39.0750 4980	IpInIp - ok
14:18:39.0765 4980	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:18:39.0843 4980	IpNat - ok
14:18:39.0843 4980	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:18:39.0937 4980	IPSec - ok
14:18:39.0953 4980	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:18:40.0000 4980	IRENUM - ok
14:18:40.0015 4980	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:18:40.0093 4980	isapnp - ok
14:18:40.0109 4980	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:18:40.0218 4980	Kbdclass - ok
14:18:40.0234 4980	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:18:40.0312 4980	kbdhid - ok
14:18:40.0312 4980	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:18:40.0390 4980	kmixer - ok
14:18:40.0406 4980	KSecDD          (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
14:18:40.0437 4980	KSecDD - ok
14:18:40.0468 4980	LBeepKE         (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
14:18:40.0484 4980	LBeepKE - ok
14:18:40.0484 4980	lbrtfdc - ok
14:18:40.0500 4980	LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
14:18:40.0500 4980	LHidFilt - ok
14:18:40.0515 4980	LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
14:18:40.0531 4980	LMouFilt - ok
14:18:40.0546 4980	LUsbFilt        (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
14:18:40.0546 4980	LUsbFilt - ok
14:18:40.0578 4980	MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
14:18:40.0578 4980	MBAMProtector - ok
14:18:40.0609 4980	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:18:40.0687 4980	mnmdd - ok
14:18:40.0703 4980	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
14:18:40.0781 4980	Modem - ok
14:18:40.0812 4980	Monfilt         (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
14:18:40.0875 4980	Monfilt - ok
14:18:40.0875 4980	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:18:40.0953 4980	Mouclass - ok
14:18:40.0968 4980	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:18:41.0046 4980	mouhid - ok
14:18:41.0062 4980	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:18:41.0125 4980	MountMgr - ok
14:18:41.0140 4980	mraid35x - ok
14:18:41.0140 4980	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:18:41.0234 4980	MRxDAV - ok
14:18:41.0250 4980	MRxSmb          (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:18:41.0281 4980	MRxSmb - ok
14:18:41.0296 4980	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:18:41.0375 4980	Msfs - ok
14:18:41.0406 4980	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:18:41.0484 4980	MSKSSRV - ok
14:18:41.0484 4980	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:18:41.0578 4980	MSPCLOCK - ok
14:18:41.0578 4980	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:18:41.0656 4980	MSPQM - ok
14:18:41.0671 4980	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:18:41.0765 4980	mssmbios - ok
14:18:41.0765 4980	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:18:41.0796 4980	Mup - ok
14:18:41.0812 4980	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:18:41.0890 4980	NDIS - ok
14:18:41.0906 4980	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:18:41.0921 4980	NdisTapi - ok
14:18:41.0937 4980	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:18:42.0015 4980	Ndisuio - ok
14:18:42.0031 4980	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:18:42.0109 4980	NdisWan - ok
14:18:42.0125 4980	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:18:42.0140 4980	NDProxy - ok
14:18:42.0140 4980	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:18:42.0234 4980	NetBIOS - ok
14:18:42.0234 4980	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:18:42.0312 4980	NetBT - ok
14:18:42.0343 4980	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:18:42.0437 4980	NIC1394 - ok
14:18:42.0453 4980	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:18:42.0531 4980	Npfs - ok
14:18:42.0562 4980	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:18:42.0640 4980	Ntfs - ok
14:18:42.0671 4980	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:18:42.0750 4980	Null - ok
14:18:42.0765 4980	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:18:42.0843 4980	NwlnkFlt - ok
14:18:42.0843 4980	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:18:42.0921 4980	NwlnkFwd - ok
14:18:42.0937 4980	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:18:43.0015 4980	ohci1394 - ok
14:18:43.0031 4980	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
14:18:43.0109 4980	Parport - ok
14:18:43.0109 4980	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:18:43.0187 4980	PartMgr - ok
14:18:43.0203 4980	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
14:18:43.0281 4980	ParVdm - ok
14:18:43.0281 4980	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
14:18:43.0375 4980	PCI - ok
14:18:43.0390 4980	PCIDump - ok
14:18:43.0390 4980	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:18:43.0468 4980	PCIIde - ok
14:18:43.0484 4980	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:18:43.0562 4980	Pcmcia - ok
14:18:43.0578 4980	PDCOMP - ok
14:18:43.0578 4980	PDFRAME - ok
14:18:43.0593 4980	PDRELI - ok
14:18:43.0593 4980	PDRFRAME - ok
14:18:43.0609 4980	perc2 - ok
14:18:43.0609 4980	perc2hib - ok
14:18:43.0640 4980	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:18:43.0718 4980	PptpMiniport - ok
14:18:43.0734 4980	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
14:18:43.0812 4980	Processor - ok
14:18:43.0828 4980	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:18:43.0906 4980	PSched - ok
14:18:43.0921 4980	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:18:43.0984 4980	Ptilink - ok
14:18:44.0000 4980	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:18:44.0015 4980	PxHelp20 - ok
14:18:44.0015 4980	ql1080 - ok
14:18:44.0031 4980	Ql10wnt - ok
14:18:44.0031 4980	ql12160 - ok
14:18:44.0046 4980	ql1240 - ok
14:18:44.0046 4980	ql1280 - ok
14:18:44.0062 4980	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:18:44.0140 4980	RasAcd - ok
14:18:44.0156 4980	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:18:44.0234 4980	Rasl2tp - ok
14:18:44.0234 4980	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:18:44.0328 4980	RasPppoe - ok
14:18:44.0328 4980	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:18:44.0406 4980	Raspti - ok
14:18:44.0406 4980	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:18:44.0484 4980	Rdbss - ok
14:18:44.0500 4980	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:18:44.0578 4980	RDPCDD - ok
14:18:44.0609 4980	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:18:44.0671 4980	rdpdr - ok
14:18:44.0703 4980	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:18:44.0718 4980	RDPWD - ok
14:18:44.0750 4980	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:18:44.0828 4980	redbook - ok
14:18:44.0921 4980	RTHDMIAzAudService (1674a34f0084bffdec2dcdb1625a87f0) C:\WINDOWS\system32\drivers\RtKHDMI.sys
14:18:45.0015 4980	RTHDMIAzAudService - ok
14:18:45.0031 4980	RTLE8023xp      (00fd6811350e175585abcf7d4a61dd90) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
14:18:45.0046 4980	RTLE8023xp - ok
14:18:45.0093 4980	SaiH0464        (de7a2fc379671998865122a08fd9db52) C:\WINDOWS\system32\DRIVERS\SaiH0464.sys
14:18:45.0093 4980	SaiH0464 - ok
14:18:45.0109 4980	SaiMini - ok
14:18:45.0125 4980	SaiNtBus - ok
14:18:45.0187 4980	SASDIFSV        (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
14:18:45.0203 4980	SASDIFSV - ok
14:18:45.0203 4980	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
14:18:45.0218 4980	SASKUTIL - ok
14:18:45.0250 4980	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:18:45.0281 4980	Secdrv - ok
14:18:45.0296 4980	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:18:45.0359 4980	serenum - ok
14:18:45.0375 4980	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
14:18:45.0468 4980	Serial - ok
14:18:45.0500 4980	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:18:45.0578 4980	Sfloppy - ok
14:18:45.0593 4980	Simbad - ok
14:18:45.0625 4980	snapman378      (793f65aac52e5eccb83e6d9de054c865) C:\WINDOWS\system32\DRIVERS\snman378.sys
14:18:45.0640 4980	snapman378 - ok
14:18:45.0640 4980	Sparrow - ok
14:18:45.0656 4980	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:18:45.0734 4980	splitter - ok
14:18:45.0750 4980	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
14:18:45.0781 4980	sr - ok
14:18:45.0812 4980	Srv             (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
14:18:45.0828 4980	Srv - ok
14:18:45.0859 4980	StarOpen        (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
14:18:45.0875 4980	StarOpen ( UnsignedFile.Multi.Generic ) - warning
14:18:45.0875 4980	StarOpen - detected UnsignedFile.Multi.Generic (1)
14:18:45.0890 4980	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:18:45.0968 4980	swenum - ok
14:18:45.0984 4980	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:18:46.0062 4980	swmidi - ok
14:18:46.0078 4980	symc810 - ok
14:18:46.0078 4980	symc8xx - ok
14:18:46.0093 4980	sym_hi - ok
14:18:46.0093 4980	sym_u3 - ok
14:18:46.0125 4980	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:18:46.0187 4980	sysaudio - ok
14:18:46.0234 4980	Tcpip           (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:18:46.0265 4980	Tcpip - ok
14:18:46.0296 4980	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:18:46.0375 4980	TDPIPE - ok
14:18:46.0406 4980	tdrpman124      (1c66bd6c1c2463514635cdd9443eb0e9) C:\WINDOWS\system32\DRIVERS\tdrpm124.sys
14:18:46.0437 4980	tdrpman124 - ok
14:18:46.0453 4980	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:18:46.0531 4980	TDTCP - ok
14:18:46.0546 4980	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:18:46.0625 4980	TermDD - ok
14:18:46.0640 4980	tifsfilter      (d28aaf9a30b4b1a43310dcbdb4fd13bf) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
14:18:46.0640 4980	tifsfilter - ok
14:18:46.0656 4980	timounter       (4362215c82a3abe14ebb409289136a8b) C:\WINDOWS\system32\DRIVERS\timntr.sys
14:18:46.0687 4980	timounter - ok
14:18:46.0687 4980	TosIde - ok
14:18:46.0750 4980	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:18:46.0828 4980	Udfs - ok
14:18:46.0828 4980	ultra - ok
14:18:46.0843 4980	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:18:46.0921 4980	Update - ok
14:18:46.0968 4980	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:18:47.0062 4980	usbaudio - ok
14:18:47.0062 4980	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:18:47.0140 4980	usbccgp - ok
14:18:47.0140 4980	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:18:47.0218 4980	usbehci - ok
14:18:47.0218 4980	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:18:47.0296 4980	usbhub - ok
14:18:47.0312 4980	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:18:47.0390 4980	usbohci - ok
14:18:47.0421 4980	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:18:47.0500 4980	USBSTOR - ok
14:18:47.0515 4980	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:18:47.0593 4980	VgaSave - ok
14:18:47.0609 4980	ViaIde - ok
14:18:47.0609 4980	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
14:18:47.0687 4980	VolSnap - ok
14:18:47.0703 4980	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:18:47.0781 4980	Wanarp - ok
14:18:47.0812 4980	Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:18:47.0828 4980	Wdf01000 - ok
14:18:47.0843 4980	WDICA - ok
14:18:47.0875 4980	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:18:47.0937 4980	wdmaud - ok
14:18:47.0968 4980	WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:18:48.0046 4980	WmiAcpi - ok
14:18:48.0093 4980	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:18:48.0125 4980	WpdUsb - ok
14:18:48.0140 4980	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:18:48.0171 4980	WudfPf - ok
14:18:48.0171 4980	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:18:48.0187 4980	WudfRd - ok
14:18:48.0218 4980	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
14:18:48.0359 4980	\Device\Harddisk0\DR0 - ok
14:18:48.0375 4980	Boot (0x1200)   (ddfa81ffb0b5f6df68589331c0170dc1) \Device\Harddisk0\DR0\Partition0
14:18:48.0375 4980	\Device\Harddisk0\DR0\Partition0 - ok
14:18:48.0406 4980	Boot (0x1200)   (cf4e7cbeb8e7a03a07e7300dafd9c0c3) \Device\Harddisk0\DR0\Partition1
14:18:48.0406 4980	\Device\Harddisk0\DR0\Partition1 - ok
14:18:48.0406 4980	============================================================
14:18:48.0406 4980	Scan finished
14:18:48.0406 4980	============================================================
14:18:48.0531 4864	Detected object count: 1
14:18:48.0531 4864	Actual detected object count: 1
14:19:14.0546 4864	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
14:19:14.0546 4864	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:22:33.0921 2620	Deinitialize success

cosinus · 12.12.2011, 14:29

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Systemfix entfernt - PC wieder sauber?

Log-Analyse und Auswertung: Systemfix entfernt - PC wieder sauber?