Hi,

nein, düse morgen um 04:00 uhr los, alles schon gepackt ...
Bin dann erst wieder am freitag verfügbar...

chris

dann *daumen drück*

PC hängt immer noch ...

rattert die festplatte noch?
das ist ungewöhnlich, oder du hast sehr viele temporäre files die beim löschen alle noch von trendmicro gescannt werden...
chris

temporäre gestern alle über CCleaner wegmachen lassen, also wenn is nur n bisschen von heute da .... festplatte is auch relativ still

kann irgendwas dauerhaft schiefgehen, wenn ich ihn einfach resette, neu hochfahren lasse und dann nochmal versuche? würd dieses mal dann die firewall etc. abdrehen (vorher halt vom inet trennen), vllt is da was schiefgelaufen

versuche mal den affengriff (ctrl+alt+del) und dann feststellen was 100% kapazität verbrät..
eigentlich sollte er beim löschen der temp. daten sein, bei einem ntfs-filesystem sollte das aber kein problem sein... vielleicht hängt er beim löschen der malwaredatei...
chris

hab ich eben schon versucht, keine Chance, tut sich nix mehr.

hi,
dann boote den rechner neu... hmm, gmer läuft nicht richtig und otl auch nicht...
chris

Alles klar
ich versuchs einfach nochmal, denke da is wirklich was mit TrendMicro daneben gegangen, der reagiert öfters mal etwas .. harsch wenn ihm einer in die Gefilde kommt^^

klappte auf anhieb, reboot läuft.

Ich mach dann das TDSS Teil,

hier der OTL log:

All processes killed
========== OTL ==========
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0ed4tg7Y.exe moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Dominik!
->Temp folder emptied: 49929 bytes
->Temporary Internet Files folder emptied: 12269610 bytes
->Java cache emptied: 2416441 bytes
->FireFox cache emptied: 36361722 bytes
->Flash cache emptied: 5691 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 2513 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1139177 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
RecycleBin emptied: 428 bytes

Total Files Cleaned = 50,00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05032010_214309

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

TDSS log:

21:52:33:859 1200 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
21:52:33:859 1200 ================================================================================
21:52:33:859 1200 SystemInfo:

21:52:33:859 1200 OS Version: 5.1.2600 ServicePack: 3.0
21:52:33:859 1200 Product type: Workstation
21:52:33:859 1200 ComputerName: DOMINIK
21:52:33:859 1200 UserName: Dominik!
21:52:33:859 1200 Windows directory: C:\WINDOWS
21:52:33:859 1200 Processor architecture: Intel x86
21:52:33:859 1200 Number of processors: 2
21:52:33:859 1200 Page size: 0x1000
21:52:33:859 1200 Boot type: Normal boot
21:52:33:859 1200 ================================================================================
21:52:33:875 1200 UnloadDriverW: NtUnloadDriver error 2
21:52:33:875 1200 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
21:52:33:937 1200 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
21:52:33:937 1200 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:52:33:937 1200 wfopen_ex: Trying to KLMD file open
21:52:33:937 1200 wfopen_ex: File opened ok (Flags 2)
21:52:33:937 1200 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
21:52:33:937 1200 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:52:33:937 1200 wfopen_ex: Trying to KLMD file open
21:52:33:937 1200 wfopen_ex: File opened ok (Flags 2)
21:52:33:937 1200 Initialize success
21:52:33:937 1200
21:52:33:937 1200 Scanning Services ...
21:52:34:390 1200 Raw services enum returned 307 services
21:52:34:390 1200
21:52:34:390 1200 Scanning Kernel memory ...
21:52:34:390 1200 Devices to scan: 2
21:52:34:390 1200
21:52:34:390 1200 Driver Name: Disk
21:52:34:390 1200 IRP_MJ_CREATE : B80FEBB0
21:52:34:390 1200 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:52:34:390 1200 IRP_MJ_CLOSE : B80FEBB0
21:52:34:390 1200 IRP_MJ_READ : B80F8D1F
21:52:34:390 1200 IRP_MJ_WRITE : B80F8D1F
21:52:34:390 1200 IRP_MJ_QUERY_INFORMATION : 804F4562
21:52:34:390 1200 IRP_MJ_SET_INFORMATION : 804F4562
21:52:34:390 1200 IRP_MJ_QUERY_EA : 804F4562
21:52:34:390 1200 IRP_MJ_SET_EA : 804F4562
21:52:34:390 1200 IRP_MJ_FLUSH_BUFFERS : B80F92E2
21:52:34:390 1200 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:52:34:390 1200 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:52:34:390 1200 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:52:34:390 1200 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:52:34:390 1200 IRP_MJ_DEVICE_CONTROL : B80F93BB
21:52:34:390 1200 IRP_MJ_INTERNAL_DEVICE_CONTROL : B80FCF28
21:52:34:390 1200 IRP_MJ_SHUTDOWN : B80F92E2
21:52:34:390 1200 IRP_MJ_LOCK_CONTROL : 804F4562
21:52:34:390 1200 IRP_MJ_CLEANUP : 804F4562
21:52:34:390 1200 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:52:34:390 1200 IRP_MJ_QUERY_SECURITY : 804F4562
21:52:34:390 1200 IRP_MJ_SET_SECURITY : 804F4562
21:52:34:390 1200 IRP_MJ_POWER : B80FAC82
21:52:34:390 1200 IRP_MJ_SYSTEM_CONTROL : B80FF99E
21:52:34:390 1200 IRP_MJ_DEVICE_CHANGE : 804F4562
21:52:34:390 1200 IRP_MJ_QUERY_QUOTA : 804F4562
21:52:34:390 1200 IRP_MJ_SET_QUOTA : 804F4562
21:52:34:453 1200 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:52:34:453 1200
21:52:34:453 1200 Driver Name: atapi
21:52:34:453 1200 IRP_MJ_CREATE : B7F4C86C
21:52:34:453 1200 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:52:34:453 1200 IRP_MJ_CLOSE : B7F4C86C
21:52:34:453 1200 IRP_MJ_READ : 804F4562
21:52:34:453 1200 IRP_MJ_WRITE : 804F4562
21:52:34:453 1200 IRP_MJ_QUERY_INFORMATION : 804F4562
21:52:34:453 1200 IRP_MJ_SET_INFORMATION : 804F4562
21:52:34:453 1200 IRP_MJ_QUERY_EA : 804F4562
21:52:34:453 1200 IRP_MJ_SET_EA : 804F4562
21:52:34:453 1200 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:52:34:453 1200 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:52:34:453 1200 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:52:34:453 1200 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:52:34:453 1200 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:52:34:453 1200 IRP_MJ_DEVICE_CONTROL : B7F4C882
21:52:34:453 1200 IRP_MJ_INTERNAL_DEVICE_CONTROL : B7F4903C
21:52:34:453 1200 IRP_MJ_SHUTDOWN : 804F4562
21:52:34:453 1200 IRP_MJ_LOCK_CONTROL : 804F4562
21:52:34:453 1200 IRP_MJ_CLEANUP : 804F4562
21:52:34:453 1200 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:52:34:453 1200 IRP_MJ_QUERY_SECURITY : 804F4562
21:52:34:453 1200 IRP_MJ_SET_SECURITY : 804F4562
21:52:34:453 1200 IRP_MJ_POWER : B7F4C8A2
21:52:34:453 1200 IRP_MJ_SYSTEM_CONTROL : B7F52BE0
21:52:34:453 1200 IRP_MJ_DEVICE_CHANGE : 804F4562
21:52:34:453 1200 IRP_MJ_QUERY_QUOTA : 804F4562
21:52:34:453 1200 IRP_MJ_SET_QUOTA : 804F4562
21:52:34:500 1200 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
21:52:34:500 1200
21:52:34:500 1200 Completed
21:52:34:500 1200
21:52:34:500 1200 Results:
21:52:34:500 1200 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
21:52:34:500 1200 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:52:34:500 1200 File objects infected / cured / cured on reboot: 0 / 0 / 0
21:52:34:500 1200
21:52:34:500 1200 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
21:52:34:500 1200 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
21:52:34:515 1200 KLMD(ARK) unloaded successfully

hi,

was macht das task-verzeichnis...?
soweit so gut...
MAM updaten und noch mal fullscan&bereinigen...

chris

nach dem neustart war Tasks wieder randvoll, hab einfach gelöscht und seitdem nix mehr neues dazu gekommen.

Ich mach MBAM mal an ... das kann dauern^^

Ich möcht dich nu aber nicht um deinen schlaf bringen, wenn du weg musst sag bescheid ... is ja mein problem net deins, wär nur nett wenn du eventuell jmd anderem von kompetenzteam sagen würdest, dass es mich gibt

Grüße

Hi,

frage mal bei cosinus nach...

chris