Hier schon das Log vom OTL-Fix.

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0bb9616-c416-11df-af39-0021978e01d4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0bb9616-c416-11df-af39-0021978e01d4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0bb9616-c416-11df-af39-0021978e01d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0bb9616-c416-11df-af39-0021978e01d4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0bb9616-c416-11df-af39-0021978e01d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0bb9616-c416-11df-af39-0021978e01d4}\ not found.
C:\WINDOWS\system32\rundll32.exe moved successfully.
C:\Dokumente und Einstellungen\Weber\Lokale Einstellungen\Anwendungsdaten\p01i1trwodu647uj8iie7k1wlox8m26e343gx64up4x moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\p01i1trwodu647uj8iie7k1wlox8m26e343gx64up4x moved successfully.
C:\Dokumente und Einstellungen\Weber\Anwendungsdaten\7235496.exe moved successfully.
C:\Dokumente und Einstellungen\Weber\Anwendungsdaten\2874791.exe moved successfully.
C:\Dokumente und Einstellungen\Weber\Anwendungsdaten\1279607.exe moved successfully.
C:\Dokumente und Einstellungen\Weber\Anwendungsdaten\112175.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
 
User: Weber
->Temp folder emptied: 9544439 bytes
->Temporary Internet Files folder emptied: 83433052 bytes
->Java cache emptied: 7435342 bytes
->FireFox cache emptied: 89899846 bytes
->Opera cache emptied: 3086 bytes
->Flash cache emptied: 58108 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1225817 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11495178 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 194,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 05232011_165759

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Ergebnisse von GMER folgen hoffentlich in einer Stunde.

Hat deutlich über eine Stunde gedauert.

Code: Alles auswählenAufklappen

ATTFilter

GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-23 19:47:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-10 ExcelStor_Technology_J9250S rev.GM2OA52A
Running: pd3irycz.exe; Driver: C:\DOKUME~1\Weber\LOKALE~1\Temp\uwlcypoc.sys


---- System - GMER 1.0.15 ----

SSDT   B802378E                                  ZwCreateKey
SSDT   B8023784                                  ZwCreateThread
SSDT   B8023793                                  ZwDeleteKey
SSDT   B802379D                                  ZwDeleteValueKey
SSDT   B80237A2                                  ZwLoadKey
SSDT   B8023770                                  ZwOpenProcess
SSDT   B8023775                                  ZwOpenThread
SSDT   B80237AC                                  ZwReplaceKey
SSDT   B80237A7                                  ZwRestoreKey
SSDT   B8023798                                  ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text  C:\WINDOWS\system32\DRIVERS\nv4_mini.sys  section is writeable [0xB7221380, 0x5662A5, 0xE8000020]
init   C:\WINDOWS\system32\drivers\monfilt.sys   entry point in "init" section [0xB4CF3280]

---- EOF - GMER 1.0.15 ----
         

Wie geht's jetzt weiter?