Log gekürzt, volles Log im Anhang

Code: Alles auswählenAufklappen

ATTFilter

11:39:47.0780 5256  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
11:39:48.0880 5256  ============================================================
11:39:48.0880 5256  Current date / time: 2012/10/17 11:39:48.0880
11:39:48.0880 5256  SystemInfo:
11:39:48.0880 5256  
11:39:48.0880 5256  OS Version: 6.0.6002 ServicePack: 2.0
11:39:48.0881 5256  Product type: Workstation
11:39:48.0881 5256  ComputerName: NINA-PC
11:39:48.0881 5256  UserName: Nina
11:39:48.0881 5256  Windows directory: C:\Windows
11:39:48.0881 5256  System windows directory: C:\Windows
11:39:48.0881 5256  Processor architecture: Intel x86
11:39:48.0881 5256  Number of processors: 2
11:39:48.0881 5256  Page size: 0x1000
11:39:48.0881 5256  Boot type: Normal boot
11:39:48.0882 5256  ============================================================
11:39:49.0002 5256  BG loaded
11:39:49.0653 5256  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x3A38B, SectorsPerTrack: 0x20, TracksPerCylinder: 0x40, Type 'K0', Flags 0x00000050
11:39:49.0677 5256  Drive \Device\Harddisk1\DR2 - Size: 0x3C780000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:39:49.0679 5256  ============================================================
11:39:49.0679 5256  \Device\Harddisk0\DR0:
11:39:49.0679 5256  MBR partitions:
11:39:49.0679 5256  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDAC800, BlocksNum 0xE8E2800
11:39:49.0692 5256  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF68F800, BlocksNum 0xDB35800
11:39:49.0693 5256  \Device\Harddisk1\DR2:
11:39:49.0694 5256  MBR partitions:
11:39:49.0694 5256  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1E3BE0
11:39:49.0694 5256  ============================================================
11:39:49.0769 5256  C: <-> \Device\Harddisk0\DR0\Partition1
11:39:49.0859 5256  D: <-> \Device\Harddisk0\DR0\Partition2
11:39:49.0860 5256  ============================================================
11:39:49.0860 5256  Initialize success
11:39:49.0860 5256  ============================================================
11:39:59.0820 5872  ============================================================
11:39:59.0820 5872  Scan started
11:39:59.0821 5872  Mode: Manual; SigCheck; TDLFS; 
11:39:59.0821 5872  ============================================================
11:40:04.0760 5872  ================ Scan system memory ========================
11:40:04.0761 5872  System memory - ok
11:40:04.0761 5872  ================ Scan services =============================
11:40:06.0098 5872  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
11:40:06.0386 5872  ACPI - ok
11:40:06.0847 5872  [ FE1E7BDA5639D5EC9BD575137D0C3516 ] AcrSch2Svc      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
11:40:07.0079 5872  AcrSch2Svc - ok
...
11:49:59.0250 4400  C:\Windows\System32\wsqmcons.exe - ok
11:49:59.0261 4400  [ 8A38B5E8493A9D103083B8620AC5F3A1 ] C:\Windows\System32\tdh.dll
11:49:59.0261 4400  C:\Windows\System32\tdh.dll - ok
11:49:59.0268 4400  [ 2A965923FE3D6D5119A770D9B40B1C16 ] C:\Program Files\ASUS\ASUS Live Update\LiveUpdt.exe
11:49:59.0268 4400  C:\Program Files\ASUS\ASUS Live Update\LiveUpdt.exe - ok
11:49:59.0272 4400  ============================================================
11:49:59.0272 4400  Scan finished
11:49:59.0272 4400  ============================================================
11:49:59.0287 3684  Detected object count: 11
11:49:59.0287 3684  Actual detected object count: 11
11:51:43.0665 3684  ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0665 3684  ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:43.0665 3684  ASMMAP ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0665 3684  ASMMAP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:43.0668 3684  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0668 3684  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:43.0670 3684  AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0670 3684  AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:43.0672 3684  AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0672 3684  AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:43.0674 3684  AVerScheduleService ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0674 3684  AVerScheduleService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:43.0677 3684  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0678 3684  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:43.0681 3684  ghaio ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0681 3684  ghaio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:43.0688 3684  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0688 3684  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:43.0692 3684  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0692 3684  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:51:43.0696 3684  spmgr ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0696 3684  spmgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Soweit ich erkennen kann, scheinen alle Anzeichen einer Infektion beseitigt zu sein. MSE läuft wieder. Windows update konnte wiederhergestellt werden.

Jetzt bleibt noch die Firewall und das Sicherheitscenter. Die Firewall lässt sich mit Fehler 5 nicht mehr aktivieren, ebenso der Sicherheitscenterdienst.

Leider habe ich keine passendes deutsches Windows Vista Home Pemium incl. SP2 Medium hier, um ein inplace Upgrade zu machen.