Zitat:

"ravag" (ravag) C:\Windows\system32\drivers\ravag.sys Hidden registry entry, rootkit activity | File not found

Bitte mit OSAM deaktiviere + löschen
Anschließend müssen wir den MBR-FIxen, aber mach erstmal das mit OSAM.

nach Deaktivierung und Neustart:

(Success) HKLM\SYSTEM\CurrentControlSet\Services\ravag ravag C:\Windows\system32\drivers\ravag.sys

Ergebnis nach Löschung und Neustart:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:40:09 on 12.08.2010
OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Common
%SystemRoot%\Tasks
|||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
|||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
Control Panel Objects
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "Nero BurnRights" "Nero AG" C:\Nero 7\Nero Toolkit\NeroBurnRights.cpl File exists
|||||| "QuickTime" "Apple Inc." C:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists
|||||| "avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists
"catchme" (catchme) C:\Users\Nine\AppData\Local\Temp\catchme.sys File not found
|||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists
Explorer
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" File not found | COM-object registry key not found
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" File not found | COM-object registry key not found
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" File not found | COM-object registry key not found
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\Haali\mmfinfo.dll File found, but it contains no detailed information
|||||| {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" "Skype Technologies" C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" File not found | COM-object registry key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found
|||||| {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" "Adobe Systems Inc." C:\Program Files\Acrobat 8.0\Acrobat Elements\ContextMenu.dll File exists
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found
|||||| {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\Haali\mmfinfo.dll File found, but it contains no detailed information
|||||| {5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\Haali\mmfinfo.dll File found, but it contains no detailed information
|||||| {327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\Haali\mmfinfo.dll File found, but it contains no detailed information
|||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Program Files\iTunes\iTunesMiniPlayer.dll File exists
{00020d75-0000-0000-c000-000000000046} "lnkfile" File not found | COM-object registry key not found
|||||| {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" "Nero AG" C:\Nero 7\Nero CoverDesigner\CoverEdExtension.dll File exists
|||||| {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found
|||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" "Advanced Micro Devices, Inc." C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll File exists
|||||| {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" "TuneUp Software" C:\TuneUp Utilities 2009\DseShExt-x86.dll File exists
|||||| {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" "TuneUp Software" C:\TuneUp Utilities 2009\SDShelEx-win32.dll File exists
|||||| {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" "TuneUp Software" C:\Windows\System32\uxtuneup.dll File exists
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" C:\WinRAR\rarext.dll File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
|||| "Adobe PDF" "Adobe Systems Incorporated" C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File exists
|| "DVDVideoSoft Toolbar" "Conduit Ltd." C:\Program Files\DVDVideoSoft\tbDVDV.dll File exists
"DVDVideoSoftTB Toolbar" "Conduit Ltd." C:\Program Files\DVDVideoSoftTB\tbDVDV.dll File exists
"ITBar7Layout" File not found | COM-object registry key not found
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
|| {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" "Conduit Ltd." C:\Program Files\DVDVideoSoft\tbDVDV.dll File exists
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" "Conduit Ltd." C:\Program Files\DVDVideoSoftTB\tbDVDV.dll File exists
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_18.dll File exists
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}"
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
|||| "Adobe PDF" "Adobe Systems Incorporated" C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File exists
|| {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" "Conduit Ltd." C:\Program Files\DVDVideoSoft\tbDVDV.dll File exists
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" "Conduit Ltd." C:\Program Files\DVDVideoSoftTB\tbDVDV.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||| {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" "Adobe Systems Incorporated" C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File exists
|||||| {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File exists
|| {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" "Conduit Ltd." C:\Program Files\DVDVideoSoft\tbDVDV.dll File exists
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" "Conduit Ltd." C:\Program Files\DVDVideoSoftTB\tbDVDV.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists
{C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} "VMLoadHBO Class" "TODO: " C:\Users\Nine\AppData\Roaming\VMLoad\addin\VMLoad.dll File exists
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\Users\Nine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
|| "Dropbox.lnk" C:\Users\Nine\AppData\Roaming\Dropbox\bin\Dropbox.exe Shortcut exists | File exists
|||||| "Stardock ObjectDock.lnk" "Stardock" C:\Stardock\ObjectDock\ObjectDock.exe Shortcut exists | File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
|||||| "McAfee Security Scan Plus.lnk" "McAfee, Inc." C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe Shortcut exists | File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"CK POPUP KILLER" "CK Software" C:\CK Popup Killer\PKILL.EXE -hide File exists
|||| "Skype" "Skype Technologies S.A." "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized File exists
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
"StartupPrograms" rdpclip File not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "ATKOSD2" "ASUS" C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe File exists
|||||| "avgnt" "Avira GmbH" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists
|||| "StartCCC" "Advanced Micro Devices, Inc." "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun File exists
|||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "Adobe PDF Port" "Adobe Systems Incorporated." C:\Windows\system32\AdobePDF.dll File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "@%SystemRoot%\System32\TuneUpDefragService.exe,-1" (TuneUp.Defrag) "TuneUp Software" C:\Windows\System32\TuneUpDefragService.exe File exists
|||||| "@%SystemRoot%\System32\TUProgSt.exe,-1" (TuneUp.ProgramStatisticsSvc) "TuneUp Software" C:\Windows\System32\TUProgSt.exe File exists
|||||| "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) "TuneUp Software" C:\Windows\System32\uxtuneup.dll File exists
|||||| "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe File exists
|||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe File exists
|||||| "ASLDR Service" (ASLDRService) C:\Program Files\ATK Hotkey\ASLDRSrv.exe File exists
|||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists
|||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists
|||||| "AVM IGD CTRL Service" (IGDCTRL) "AVM Berlin" C:\Program Files\FRITZ!DSL\IGDCTRL.EXE File exists
|||||| "Bonjour-Dienst" (Bonjour Service) "Apple Inc." C:\Program Files\Bonjour\mDNSResponder.exe File exists
|||||| "FLEXnet Licensing Service" (FLEXnet Licensing Service) "Macrovision Europe Ltd." C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe File exists
|||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
|||||| "HP CUE DeviceDiscovery Service" (hpqddsvc) "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll File exists
|||||| "hpqcxs08" (hpqcxs08) "Hewlett-Packard Co." C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll File exists
|||||| "iPod-Dienst" (iPod Service) "Apple Inc." C:\Program Files\iPod\bin\iPodService.exe File exists
|||||| "McAfee Security Scan Component Host Service" (McComponentHostService) "McAfee, Inc." C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe File exists
|||||| "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File exists
|||||| "Nalpeiron Licensing Service" (ASTSRV) "Nalpeiron Ltd." C:\Windows\system32\ASTSRV.EXE File exists
|||||| "NBService" (NBService) "Nero AG" C:\Nero 7\Nero BackItUp\NBService.exe File exists
|||||| "Net Driver HPZ12" (Net Driver HPZ12) "Hewlett-Packard" C:\Windows\system32\HPZinw12.dll File exists
|||||| "NMIndexingService" (NMIndexingService) "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File exists
|||||| "Pml Driver HPZ12" (Pml Driver HPZ12) "Hewlett-Packard" C:\Windows\system32\HPZipm12.dll File exists
|||||| "UPnPService" (UPnPService) "Magix AG" C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe File exists
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
|||||| "mdnsNSP" "Apple Inc." C:\Program Files\Bonjour\mdnsNSP.dll File exists

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Nun zum MBR:

Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.

hmm..irgendwie klappt das nicht. So ein Mist, grad jetzt wo es fast geschafft ist schein ich mich n bisschen blöd anzustellen
Also wenn ich bei Neustart F2 drücke komm ich in dieses blaue BIOS und dort muss ich doch einfach nur bei Boot Service (oder so ähnlich) auf cd gehen, oder?
Hab ich gemacht, aber er hat trotzdem ganz normal gestartet und kein Fenster angezeigt, wo ich hätte "Computerreperatur" o.ä. eingeben können.. was mach ich denn falsch?

Hast Du das Image richtig auf CD gebrannt? Du darfst es nicht als Daten-CD brennen, sondern musst sagen "Image auf CD brennen"

Im BIOS musst Du nichts unbedingt was verändern. Die meisten Computer lassen sich am Anfang mit der Taste F11 oder einer anderen (sieh im handbuch nach!) am Anfang dazu überreden, dass man ins Bootmenü kommt und dann auswählne kann, von welchem Device man booten möchte. Da natürlich das optische Laufwerk wählen, in dem die richtig gebrannte CD liegt.