Trojaner-Board - Trojaner muollo lässt sich nicht entfernen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Trojaner muollo lässt sich nicht entfernen (https://www.trojaner-board.de/99239-trojaner-muollo-laesst-entfernen.html)

Trojaner muollo lässt sich nicht entfernen

Moin moin,

Das spuckte spybot S&D heraus:
Win32.Muollo: [SBI $CA7F4F5E] Autorun-Einstellungen ({523FD411-CA09-5E4F-4E33-4C715ED06521}) (Registrierungsdatenbank-Wert, fixed)
HKEY_USERS\S-1-5-21-1598736755-777327258-245303262-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{523FD411-CA09-5E4F-4E33-4C715ED06521}

Win32.Muollo: [SBI $CA7F4F5E] Programmdatei (Datei, fixed)
C:\Users\The One\AppData\Roaming\Tesar\zouvr.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Win32.Muollo: [SBI $51A4B09C] Programm-Verzeichnis (Verzeichnis, fixed)
C:\Users\The One\AppData\Roaming\Tesar\

Es kam auch, bevor ich die Systemwiederherstellung von windows machte, die Meldung das Windows einen kritischen Fehler gefunden habe, und in 1 minute heruntergefahren wird. Mein System hat sich 4 mal neugestartet bis ich dann per abgesicherten Modus die windows systemwiederherstellung gemacht habe.

Die logfiles von Mbam und OTL sind als Anhang

Danke im vorraus :)

War das der erste und einzige Scan mit Malwarebytes? Oder schon öfter gescannt? Wenn ja, zu jedem Scan gibt es auch ein Log, dann bitte alle posten.

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6600

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

17.05.2011 23:28:57
mbam-log-2011-05-17 (23-28-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 302288
Laufzeit: 47 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 11

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{523FD411-CA09-5E4F-4E33-4C715ED06521} (Trojan.ZbotR.Gen) -> Value: {523FD411-CA09-5E4F-4E33-4C715ED06521} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Trojan.Agent.WIMP) -> Value: NvCplDaemonTool -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\The One\AppData\Local\Temp\5rbrk10k.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\The One\AppData\Local\Temp\a4kasbhx.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\The One\AppData\Local\Temp\zwnxt084.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\The One\AppData\Local\Temp\eiqkj12k.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\The One\AppData\Local\Temp\lr2du639.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\The One\AppData\Local\Temp\td8wj2gn.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\The One\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
c:\Recycle.Bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\Users\The One\qhloadE0.dll (Trojan.Agent.WIMP) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Oh den habe ich wohl vergessen ^^
Das ist der Log vom aller ersten scan.

Zitat:

Oh habe ich wohl vergessen mit reinzupacken ^^
das die logdatei vom aller ersten scan.

Das ist dasselbe Log nochmal. Beide vom 17.05.2011 um 23:28:57

jaa tut mir leid, war ein doppel post -.-

ich habe zwei mbam logs, weil cih zwei scans durchgeführt habe. Hoffe das ich es damit nicht verschlimmert habe.

Der log vom 18-5-2011 um 13:30

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6609

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

18.05.2011 13:30:42
mbam-log-2011-05-18 (13-30-42).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 112
Laufzeit: 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Der log vom 17.5.2011 um 23:28

Zitat:

Das sind auch die einzigen logs. Doppelpost ggf. löschen. Mein fehler :)

gruß aschi

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Search"

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {a6fd85ed-e919-4a43-a5af-8da18bda539f}:1.0.8

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="

FF - prefs.js..network.proxy.type: 0

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "SweetIM Search"

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"

FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search"

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"

O4 - HKCU..\Run: [{523FD411-CA09-5E4F-4E33-4C715ED06521}] C:\Users\The One\AppData\Roaming\Tesar\zouvr.exe (Jehluw Xgnqpgyf)

O4 - HKCU..\Run: [RGSC]  File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{1d1dfc9e-fd8c-11df-a88f-002421bbb0a0}\Shell - "" = AutoRun

O33 - MountPoints2\{1d1dfc9e-fd8c-11df-a88f-002421bbb0a0}\Shell\AutoRun\command - "" = E:\Install.exe

O33 - MountPoints2\{68f2b47b-ebf4-11df-8e8f-002421bbb0a0}\Shell - "" = AutoRun

O33 - MountPoints2\{68f2b47b-ebf4-11df-8e8f-002421bbb0a0}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe

O33 - MountPoints2\{84260d35-3e1f-11de-8a31-002421bbb0a0}\Shell - "" = AutoRun

O33 - MountPoints2\{84260d35-3e1f-11de-8a31-002421bbb0a0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{994f7eb2-df8f-11df-b958-002421bbb0a0}\Shell - "" = AutoRun

O33 - MountPoints2\{994f7eb2-df8f-11df-b958-002421bbb0a0}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{9da19e52-0adb-11e0-b3b8-002421bbb0a0}\Shell - "" = AutoRun

O33 - MountPoints2\{9da19e52-0adb-11e0-b3b8-002421bbb0a0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{bdf8ef97-ec21-11df-ae89-002421bbb0a0}\Shell - "" = AutoRun

O33 - MountPoints2\{bdf8ef97-ec21-11df-ae89-002421bbb0a0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{dadf8ce6-e7ef-11df-b26a-002421bbb0a0}\Shell - "" = AutoRun

O33 - MountPoints2\{dadf8ce6-e7ef-11df-b26a-002421bbb0a0}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{f1791fa6-df79-11df-9d1b-002421bbb0a0}\Shell - "" = AutoRun

O33 - MountPoints2\{f1791fa6-df79-11df-9d1b-002421bbb0a0}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{f1791fc3-df79-11df-9d1b-002421bbb0a0}\Shell - "" = AutoRun

O33 - MountPoints2\{f1791fc3-df79-11df-9d1b-002421bbb0a0}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe

[2011.05.07 01:13:47 | 000,000,000 | ---D | C] -- C:\Users\The One\AppData\Roaming\Tesar

[2011.05.07 01:13:47 | 000,000,000 | ---D | C] -- C:\Users\The One\AppData\Roaming\Eksyc
 

:Commands

[purity]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Danke dir schonmal für die hilfe :)

Hier der Inhalt der Logdatei die sich geöffnet hat

Zitat:

========== OTL ==========
Prefs.js: "SweetIM Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "SweetIM Search" removed from browser.search.selectedEngine
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {a6fd85ed-e919-4a43-a5af-8da18bda539f}:1.0.8 removed from extensions.enabledItems
Prefs.js: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 removed from extensions.enabledItems
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
Prefs.js: "SweetIM Search" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from sweetim.toolbar.previous.browser.search.defaulturl
Prefs.js: "Search" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "www.google.de" removed from browser.startup.homepage
Prefs.js: "chrome://browser-region/locale/region.properties" removed from sweetim.toolbar.previous.keyword.URL
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{523FD411-CA09-5E4F-4E33-4C715ED06521} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{523FD411-CA09-5E4F-4E33-4C715ED06521}\ not found.
C:\Users\The One\AppData\Roaming\Tesar\zouvr.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RGSC deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d1dfc9e-fd8c-11df-a88f-002421bbb0a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d1dfc9e-fd8c-11df-a88f-002421bbb0a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d1dfc9e-fd8c-11df-a88f-002421bbb0a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d1dfc9e-fd8c-11df-a88f-002421bbb0a0}\ not found.
File E:\Install.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68f2b47b-ebf4-11df-8e8f-002421bbb0a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68f2b47b-ebf4-11df-8e8f-002421bbb0a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68f2b47b-ebf4-11df-8e8f-002421bbb0a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68f2b47b-ebf4-11df-8e8f-002421bbb0a0}\ not found.
File E:\USBAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84260d35-3e1f-11de-8a31-002421bbb0a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84260d35-3e1f-11de-8a31-002421bbb0a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84260d35-3e1f-11de-8a31-002421bbb0a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84260d35-3e1f-11de-8a31-002421bbb0a0}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{994f7eb2-df8f-11df-b958-002421bbb0a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{994f7eb2-df8f-11df-b958-002421bbb0a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{994f7eb2-df8f-11df-b958-002421bbb0a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{994f7eb2-df8f-11df-b958-002421bbb0a0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9da19e52-0adb-11e0-b3b8-002421bbb0a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9da19e52-0adb-11e0-b3b8-002421bbb0a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9da19e52-0adb-11e0-b3b8-002421bbb0a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9da19e52-0adb-11e0-b3b8-002421bbb0a0}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdf8ef97-ec21-11df-ae89-002421bbb0a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bdf8ef97-ec21-11df-ae89-002421bbb0a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdf8ef97-ec21-11df-ae89-002421bbb0a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bdf8ef97-ec21-11df-ae89-002421bbb0a0}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dadf8ce6-e7ef-11df-b26a-002421bbb0a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dadf8ce6-e7ef-11df-b26a-002421bbb0a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dadf8ce6-e7ef-11df-b26a-002421bbb0a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dadf8ce6-e7ef-11df-b26a-002421bbb0a0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1791fa6-df79-11df-9d1b-002421bbb0a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1791fa6-df79-11df-9d1b-002421bbb0a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1791fa6-df79-11df-9d1b-002421bbb0a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1791fa6-df79-11df-9d1b-002421bbb0a0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1791fc3-df79-11df-9d1b-002421bbb0a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1791fc3-df79-11df-9d1b-002421bbb0a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1791fc3-df79-11df-9d1b-002421bbb0a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1791fc3-df79-11df-9d1b-002421bbb0a0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
C:\Users\The One\AppData\Roaming\Tesar folder moved successfully.
C:\Users\The One\AppData\Roaming\Eksyc folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 05182011_160947

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

auf meine eigenen dateien kann ich glücklicherweise noch zurückgreifen :)

hier die logdatei

Zitat:

2011/05/18 16:17:16.0112 0456 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/18 16:17:16.0253 0456 ================================================================================
2011/05/18 16:17:16.0253 0456 SystemInfo:
2011/05/18 16:17:16.0253 0456
2011/05/18 16:17:16.0253 0456 OS Version: 6.0.6001 ServicePack: 1.0
2011/05/18 16:17:16.0253 0456 Product type: Workstation
2011/05/18 16:17:16.0253 0456 ComputerName: THEONE-PC
2011/05/18 16:17:16.0253 0456 UserName: The One
2011/05/18 16:17:16.0253 0456 Windows directory: C:\Windows
2011/05/18 16:17:16.0253 0456 System windows directory: C:\Windows
2011/05/18 16:17:16.0253 0456 Processor architecture: Intel x86
2011/05/18 16:17:16.0253 0456 Number of processors: 2
2011/05/18 16:17:16.0253 0456 Page size: 0x1000
2011/05/18 16:17:16.0253 0456 Boot type: Normal boot
2011/05/18 16:17:16.0253 0456 ================================================================================
2011/05/18 16:17:16.0534 0456 Initialize success
2011/05/18 16:17:43.0987 3768 ================================================================================
2011/05/18 16:17:43.0987 3768 Scan started
2011/05/18 16:17:43.0987 3768 Mode: Manual;
2011/05/18 16:17:43.0987 3768 ================================================================================
2011/05/18 16:17:44.0784 3768 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/05/18 16:17:44.0816 3768 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/18 16:17:44.0847 3768 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/18 16:17:44.0878 3768 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/18 16:17:44.0894 3768 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/18 16:17:44.0956 3768 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/05/18 16:17:44.0987 3768 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/18 16:17:45.0003 3768 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/18 16:17:45.0034 3768 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/18 16:17:45.0066 3768 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/18 16:17:45.0097 3768 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/18 16:17:45.0112 3768 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/18 16:17:45.0144 3768 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/18 16:17:45.0175 3768 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/18 16:17:45.0206 3768 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/18 16:17:45.0237 3768 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/18 16:17:45.0269 3768 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/05/18 16:17:45.0409 3768 atikmdag (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/18 16:17:45.0581 3768 ATITool (7f7d2992069aabc80c2e744b4e676171) C:\Windows\system32\DRIVERS\ATITool.sys
2011/05/18 16:17:45.0628 3768 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/18 16:17:45.0722 3768 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/18 16:17:45.0737 3768 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/18 16:17:45.0769 3768 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/18 16:17:45.0784 3768 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/18 16:17:45.0816 3768 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/18 16:17:45.0831 3768 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/18 16:17:45.0847 3768 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/18 16:17:45.0878 3768 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/18 16:17:45.0894 3768 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/18 16:17:45.0925 3768 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/18 16:17:45.0987 3768 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/18 16:17:46.0019 3768 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/05/18 16:17:46.0050 3768 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/18 16:17:46.0081 3768 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/05/18 16:17:46.0175 3768 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/18 16:17:46.0191 3768 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/18 16:17:46.0284 3768 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/05/18 16:17:46.0331 3768 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/05/18 16:17:46.0362 3768 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/18 16:17:46.0550 3768 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/18 16:17:46.0597 3768 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/18 16:17:46.0644 3768 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/05/18 16:17:46.0675 3768 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/18 16:17:46.0769 3768 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/05/18 16:17:46.0800 3768 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/05/18 16:17:46.0831 3768 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/18 16:17:46.0862 3768 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/18 16:17:46.0878 3768 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/18 16:17:46.0956 3768 FLASHSYS (d3d9311624edd435f42cda7eaa0a6aed) C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys
2011/05/18 16:17:46.0987 3768 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/18 16:17:47.0019 3768 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/05/18 16:17:47.0081 3768 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/18 16:17:47.0144 3768 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/18 16:17:47.0159 3768 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/18 16:17:47.0191 3768 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/05/18 16:17:47.0222 3768 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/18 16:17:47.0269 3768 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/18 16:17:47.0300 3768 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/18 16:17:47.0347 3768 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/18 16:17:47.0394 3768 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/18 16:17:47.0519 3768 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/18 16:17:47.0566 3768 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
2011/05/18 16:17:47.0847 3768 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/18 16:17:47.0894 3768 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/18 16:17:47.0909 3768 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/18 16:17:47.0956 3768 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/18 16:17:48.0034 3768 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/18 16:17:48.0081 3768 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/05/18 16:17:48.0112 3768 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/18 16:17:48.0128 3768 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/18 16:17:48.0206 3768 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/18 16:17:48.0222 3768 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/18 16:17:48.0253 3768 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/18 16:17:48.0284 3768 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/18 16:17:48.0331 3768 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/18 16:17:48.0362 3768 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/18 16:17:48.0378 3768 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/18 16:17:48.0409 3768 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/18 16:17:48.0425 3768 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/05/18 16:17:48.0487 3768 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/18 16:17:48.0566 3768 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/18 16:17:48.0612 3768 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/18 16:17:48.0628 3768 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/18 16:17:48.0644 3768 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/18 16:17:48.0675 3768 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/18 16:17:48.0706 3768 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/18 16:17:48.0737 3768 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/18 16:17:48.0769 3768 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/18 16:17:48.0800 3768 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/18 16:17:48.0831 3768 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/18 16:17:48.0878 3768 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/18 16:17:48.0909 3768 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/18 16:17:48.0925 3768 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/18 16:17:48.0987 3768 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/18 16:17:49.0019 3768 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/05/18 16:17:49.0050 3768 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/18 16:17:49.0066 3768 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/18 16:17:49.0081 3768 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/18 16:17:49.0112 3768 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/18 16:17:49.0128 3768 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/18 16:17:49.0206 3768 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/18 16:17:49.0253 3768 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/18 16:17:49.0331 3768 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/18 16:17:49.0347 3768 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/18 16:17:49.0362 3768 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/18 16:17:49.0409 3768 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/05/18 16:17:49.0472 3768 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/18 16:17:49.0503 3768 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/18 16:17:49.0519 3768 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/05/18 16:17:49.0566 3768 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/18 16:17:49.0597 3768 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/05/18 16:17:49.0644 3768 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/18 16:17:49.0659 3768 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/18 16:17:49.0706 3768 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/18 16:17:49.0737 3768 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/18 16:17:49.0769 3768 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/18 16:17:49.0831 3768 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/18 16:17:49.0909 3768 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/18 16:17:49.0941 3768 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/05/18 16:17:49.0972 3768 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/18 16:17:50.0019 3768 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/05/18 16:17:50.0066 3768 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/18 16:17:50.0097 3768 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/18 16:17:50.0284 3768 nvlddmkm (1f144bd1fecb52fe4dc18fafe70ff7af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/18 16:17:50.0487 3768 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/18 16:17:50.0534 3768 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/18 16:17:50.0581 3768 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/18 16:17:50.0675 3768 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/18 16:17:50.0737 3768 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/05/18 16:17:50.0769 3768 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/05/18 16:17:50.0800 3768 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/18 16:17:50.0831 3768 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/05/18 16:17:50.0862 3768 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/18 16:17:50.0894 3768 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/18 16:17:50.0941 3768 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/18 16:17:51.0019 3768 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/18 16:17:51.0081 3768 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/18 16:17:51.0128 3768 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/18 16:17:51.0159 3768 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/18 16:17:51.0206 3768 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/18 16:17:51.0237 3768 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/18 16:17:51.0378 3768 R300 (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/18 16:17:51.0425 3768 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/18 16:17:51.0487 3768 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/18 16:17:51.0534 3768 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/18 16:17:51.0597 3768 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/18 16:17:51.0612 3768 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/18 16:17:51.0644 3768 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/18 16:17:51.0691 3768 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/18 16:17:51.0722 3768 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/18 16:17:51.0753 3768 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/05/18 16:17:51.0831 3768 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/18 16:17:51.0862 3768 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/18 16:17:51.0894 3768 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/18 16:17:51.0941 3768 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/18 16:17:51.0972 3768 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/18 16:17:51.0987 3768 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/05/18 16:17:52.0019 3768 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/18 16:17:52.0066 3768 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/18 16:17:52.0081 3768 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/18 16:17:52.0128 3768 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/18 16:17:52.0144 3768 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/18 16:17:52.0206 3768 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/18 16:17:52.0222 3768 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/18 16:17:52.0253 3768 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/18 16:17:52.0316 3768 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/05/18 16:17:52.0362 3768 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/05/18 16:17:52.0394 3768 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/18 16:17:52.0456 3768 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/05/18 16:17:52.0456 3768 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/05/18 16:17:52.0456 3768 sptd - detected LockedFile.Multi.Generic (1)
2011/05/18 16:17:52.0487 3768 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/05/18 16:17:52.0550 3768 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/18 16:17:52.0581 3768 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/18 16:17:52.0675 3768 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/18 16:17:52.0706 3768 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/18 16:17:52.0737 3768 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/18 16:17:52.0753 3768 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/18 16:17:52.0816 3768 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/05/18 16:17:52.0862 3768 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/18 16:17:52.0894 3768 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/18 16:17:52.0925 3768 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/18 16:17:52.0941 3768 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/18 16:17:52.0972 3768 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/18 16:17:53.0003 3768 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/18 16:17:53.0112 3768 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/18 16:17:53.0144 3768 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/18 16:17:53.0175 3768 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/18 16:17:53.0222 3768 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/18 16:17:53.0284 3768 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/18 16:17:53.0331 3768 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/18 16:17:53.0362 3768 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/18 16:17:53.0394 3768 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/18 16:17:53.0425 3768 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/18 16:17:53.0472 3768 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/18 16:17:53.0519 3768 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/18 16:17:53.0566 3768 usbbus (adb68aa60ef991ce2e217223fa20b4ff) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/05/18 16:17:53.0612 3768 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/18 16:17:53.0644 3768 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/18 16:17:53.0675 3768 UsbDiag (d4a6201dd361f019e44483645b490e4e) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/05/18 16:17:53.0722 3768 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/18 16:17:53.0753 3768 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/18 16:17:53.0784 3768 USBModem (a2b99411e10287f327a9820d260e7fe4) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/05/18 16:17:53.0800 3768 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/18 16:17:53.0847 3768 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/18 16:17:53.0894 3768 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/18 16:17:53.0941 3768 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/18 16:17:54.0019 3768 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/18 16:17:54.0066 3768 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/18 16:17:54.0097 3768 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/18 16:17:54.0128 3768 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/18 16:17:54.0159 3768 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/18 16:17:54.0206 3768 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/18 16:17:54.0237 3768 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/05/18 16:17:54.0284 3768 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/05/18 16:17:54.0316 3768 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/18 16:17:54.0362 3768 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/18 16:17:54.0409 3768 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/18 16:17:54.0409 3768 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/18 16:17:54.0456 3768 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/18 16:17:54.0519 3768 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/18 16:17:54.0644 3768 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/18 16:17:54.0706 3768 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/18 16:17:54.0753 3768 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/18 16:17:54.0816 3768 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/18 16:17:54.0941 3768 ZSMC211 (9d1f9c88f973b68ca1db0ae72f00ec8d) C:\Windows\system32\Drivers\ZS211.sys
2011/05/18 16:17:55.0019 3768 ================================================================================
2011/05/18 16:17:55.0019 3768 Scan finished
2011/05/18 16:17:55.0019 3768 ================================================================================
2011/05/18 16:17:55.0019 3092 Detected object count: 1
2011/05/18 16:18:00.0487 3092 LockedFile.Multi.Generic(sptd) - User select action: Skip

Ist dien Startmenü auch vollständig/komplett?

Zitat:

Zitat von cosinus (Beitrag 660290)

Ist dien Startmenü auch vollständig/komplett?

Ja, ist vollkommen komplett.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Moin, also ich hab es gestartet, es kamen auch Warnmeldungen die ich alle akzeptiert habe, es kam kurz ein kleines, blaues fenster und das wars auch. Es ist nach 2-3 std jetzt nichts passiert. Das Fenster bleib auch nur für, noch nichtmal, 1 sec da. Kein Textlog oder sonstiges... Danke dir für die bisherige hilfe :)

hab doch hinbekommen

Hier die Logfile:

Combofix Logfile:

Code:

ComboFix 11-05-17.03 - The One 18.05.2011  18:56:03.1.2 - x86

Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.49.1031.18.2046.1121 [GMT 2:00]

ausgeführt von:: c:\users\The One\Desktop\cofi.exe.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\The One\AppData\Roaming\Local

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\3ab2392bf5752604cd57c42955dce824.ddr

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\5.ddi

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\6.ddi

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\iamlegend.avi.ddr

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\Scarface.170.min.intro.avi(2).ddr

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\Scarface.170.min.intro.avi(3).ddr

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\Scarface.170.min.intro.avi(4).ddr

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\Scarface.170.min.intro.avi(5).ddr

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\Scarface.170.min.intro.avi.ddr

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\3ab2392bf5752604cd57c42955dce824

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\iamlegend.avi

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Scarface.170.min.intro(2).avi

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Scarface.170.min.intro(3).avi

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Scarface.170.min.intro(4).avi

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Scarface.170.min.intro.avi

c:\users\The One\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Scarface.170.min.intro.avi(5).ddp

c:\users\The One\AppData\Roaming\Tesar\zouvr.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-04-18 bis 2011-05-18  ))))))))))))))))))))))))))))))

.

.

2011-05-18 17:01 . 2011-05-18 17:01        --------        d-----w-        c:\users\The One\AppData\Local\temp

2011-05-18 17:01 . 2011-05-18 17:01        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-05-18 14:10 . 2011-05-18 16:49        --------        d-----w-        c:\users\The One\AppData\Roaming\Eksyc

2011-05-18 14:09 . 2011-05-18 14:09        --------        d-----w-        C:\_OTL

2011-05-18 11:29 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-18 11:29 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-05-18 09:54 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{50E1AE3E-FC37-4619-A8FA-7346F6049EB6}\mpengine.dll

2011-05-17 20:39 . 2011-05-17 20:39        --------        d-----w-        c:\users\The One\AppData\Roaming\Malwarebytes

2011-05-17 20:38 . 2011-05-17 20:38        --------        d-----w-        c:\programdata\Malwarebytes

2011-05-17 20:38 . 2011-05-18 12:36        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-05-11 11:56 . 2011-04-07 12:01        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

2011-05-09 16:05 . 2004-10-22 00:18        749568        ----a-w-        c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll

2011-05-09 16:05 . 2004-10-22 00:17        69715        ----a-w-        c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll

2011-05-09 16:05 . 2004-10-22 00:17        274432        ----a-w-        c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll

2011-05-09 16:05 . 2004-10-22 00:16        180224        ----a-w-        c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll

2011-05-09 16:05 . 2004-10-22 00:16        5632        ----a-w-        c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe

2011-05-09 16:05 . 2011-05-09 16:05        323716        ----a-w-        c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll

2011-05-09 16:05 . 2011-05-09 16:05        192644        ----a-w-        c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll

2011-05-08 12:56 . 2011-05-08 12:56        --------        d-----w-        c:\windows\ShellNew

2011-05-07 22:59 . 2007-04-06 12:21        77824        ----a-w-        c:\windows\ZS211Cap.exe

2011-05-07 22:59 . 2007-04-06 09:06        57344        ----a-w-        c:\windows\ZSSnp211.exe

2011-05-07 22:59 . 2006-08-09 15:37        81920        ----a-w-        c:\windows\system32\ZS211STI.dll

2011-05-07 22:59 . 2006-07-14 12:36        172115        ----a-w-        c:\windows\system32\ZS211Prp.Ax

2011-05-07 22:59 . 2011-05-07 22:59        --------        d-----w-        c:\program files\Vimicro

2011-05-07 22:59 . 2007-06-13 07:24        1469312        ----a-w-        c:\windows\system32\drivers\ZS211.sys

2011-05-07 22:59 . 2006-08-18 14:58        49152        ----a-w-        c:\windows\Domino.exe

2011-05-07 22:59 . 2006-03-14 12:28        172032        ----a-w-        c:\windows\amcap.exe

2011-05-06 16:07 . 2011-05-06 16:07        --------        d-----w-        c:\program files\Sanny Builder 3

2011-05-06 14:09 . 2005-05-26 13:34        2297552        ----a-w-        c:\windows\system32\d3dx9_26.dll

2011-05-06 14:09 . 2008-10-15 04:22        4379984        ----a-w-        c:\windows\system32\D3DX9_40.dll

2011-05-06 13:48 . 2011-05-06 13:48        --------        d-----w-        c:\users\The One\AppData\Roaming\NVIDIA

2011-05-06 13:47 . 2011-05-06 13:48        --------        d-----w-        c:\users\The One\AppData\Roaming\ENBSeries Configurator for GTA San Andreas

2011-05-06 13:47 . 2011-05-06 13:48        --------        d-----w-        c:\program files\ENBSeries Configurator for GTA San Andreas

2011-05-05 20:54 . 2011-05-18 09:45        --------        d-----w-        c:\users\UpdatusUser

2011-05-05 20:49 . 2011-04-08 05:14        944232        ----a-w-        c:\windows\system32\nvdispco3220140.dll

2011-05-05 20:49 . 2011-04-08 05:14        855656        ----a-w-        c:\windows\system32\nvgenco322060.dll

2011-05-05 20:49 . 2011-04-08 05:14        6299752        ----a-w-        c:\windows\system32\nvwgf2um.dll

2011-05-05 20:49 . 2011-04-08 05:14        57960        ----a-w-        c:\windows\system32\OpenCL.dll

2011-05-05 20:49 . 2011-04-08 05:14        5180824        ----a-w-        c:\windows\system32\nvcuda.dll

2011-05-05 20:49 . 2011-04-08 05:14        2765928        ----a-w-        c:\windows\system32\nvcuvid.dll

2011-05-05 20:49 . 2011-04-08 05:14        2074216        ----a-w-        c:\windows\system32\nvcuvenc.dll

2011-05-05 20:49 . 2011-04-08 05:14        15227496        ----a-w-        c:\windows\system32\nvoglv32.dll

2011-05-05 20:49 . 2011-04-08 05:14        13007464        ----a-w-        c:\windows\system32\nvcompiler.dll

2011-05-05 20:49 . 2011-04-08 05:14        10690024        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys

2011-05-05 17:14 . 2011-05-05 17:14        --------        d-----w-        c:\users\The One\AppData\Local\ApplicationHistory

2011-05-05 12:33 . 2011-05-05 12:33        --------        d-----w-        c:\program files\San Andreas Mod Installer

2011-05-05 12:33 . 2011-05-05 12:33        --------        d-----w-        c:\windows\San Andreas Mod Installer

2011-05-04 20:49 . 2011-05-04 20:49        98304        ----a-w-        c:\windows\system32\CmdLineExt.dll

2011-05-03 20:23 . 2011-05-03 20:23        --------        d-----w-        c:\programdata\G & G Soft

2011-04-27 12:16 . 2011-03-03 14:56        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll

2011-04-27 12:16 . 2011-03-03 13:01        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll

2011-04-26 12:16 . 2011-05-01 13:14        --------        d-----w-        c:\programdata\NFS Underground

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-09 16:55 . 2011-04-09 16:55        15453336        ----a-w-        c:\windows\system32\xlive.dll

2011-04-09 16:55 . 2011-04-09 16:55        13642904        ----a-w-        c:\windows\system32\xlivefnt.dll

2011-04-08 05:14 . 2011-05-05 20:49        10920        ----a-w-        c:\windows\system32\drivers\nvBridge.kmd

2011-04-08 05:14 . 2011-02-09 16:43        10071656        ----a-w-        c:\windows\system32\nvd3dum.dll

2011-04-08 05:14 . 2011-02-09 16:43        2034280        ----a-w-        c:\windows\system32\nvapi.dll

2011-04-07 20:43 . 2011-04-07 20:43        580200        ----a-w-        c:\windows\system32\easyUpdatusAPIU.dll

2011-04-07 20:43 . 2011-04-07 20:43        612456        ----a-w-        c:\windows\system32\nvvsvc.exe

2011-04-07 20:43 . 2011-04-07 20:43        2582120        ----a-w-        c:\windows\system32\nvsvcr.dll

2011-04-07 20:43 . 2011-04-07 20:43        111208        ----a-w-        c:\windows\system32\nvmctray.dll

2011-04-07 20:43 . 2011-04-07 20:43        3701352        ----a-w-        c:\windows\system32\nvcpl.dll

2011-04-07 20:43 . 2011-04-07 20:43        2565224        ----a-w-        c:\windows\system32\nvsvc.dll

2011-03-10 16:12 . 2011-04-14 16:50        1161728        ----a-w-        c:\windows\system32\mfc42u.dll

2011-03-10 16:12 . 2011-04-14 16:50        1136640        ----a-w-        c:\windows\system32\mfc42.dll

2011-03-03 15:00 . 2011-04-14 16:50        738816        ----a-w-        c:\windows\system32\inetcomm.dll

2011-03-03 14:56 . 2011-04-27 12:16        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll

2011-03-03 14:56 . 2011-04-27 12:16        459776        ----a-w-        c:\windows\apppatch\AcSpecfc.dll

2011-03-03 14:56 . 2011-04-27 12:16        541696        ----a-w-        c:\windows\apppatch\AcLayers.dll

2011-03-03 14:56 . 2011-04-27 12:16        2153984        ----a-w-        c:\windows\apppatch\AcGenral.dll

2011-03-03 12:53 . 2011-04-14 16:50        2040832        ----a-w-        c:\windows\system32\win32k.sys

2011-03-02 14:49 . 2011-04-14 16:50        86528        ----a-w-        c:\windows\system32\dnsrslvr.dll

2011-02-22 12:52 . 2011-04-14 16:50        213504        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys

2011-02-22 12:52 . 2011-04-14 16:50        79360        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys

2011-02-22 12:51 . 2011-04-14 16:50        105984        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys

2011-02-22 12:51 . 2011-04-14 16:50        69632        ----a-w-        c:\windows\system32\drivers\bowser.sys

2011-02-18 15:48 . 2011-04-14 16:50        833024        ----a-w-        c:\windows\system32\wininet.dll

2011-02-18 15:45 . 2011-04-14 16:50        78336        ----a-w-        c:\windows\system32\ieencode.dll

2011-02-18 14:36 . 2011-02-18 14:36        41984        ----a-w-        c:\windows\system32\drivers\usbaapl.sys

2011-02-18 14:36 . 2011-02-18 14:36        4184352        ----a-w-        c:\windows\system32\usbaaplrc.dll

2011-02-18 14:09 . 2011-04-14 16:50        389632        ----a-w-        c:\windows\system32\html.iec

2011-02-18 13:48 . 2011-04-14 16:50        1383424        ----a-w-        c:\windows\system32\mshtml.tlb

2011-02-18 13:31 . 2011-04-14 16:50        304640        ----a-w-        c:\windows\system32\drivers\srv.sys

2011-02-18 13:31 . 2011-04-14 16:50        146432        ----a-w-        c:\windows\system32\drivers\srv2.sys

2011-02-18 13:31 . 2011-04-14 16:50        102400        ----a-w-        c:\windows\system32\drivers\srvnet.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]

"Skytel"="Skytel.exe" [2008-06-25 1826816]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]

"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]

2010-12-08 21:15        63360        ----a-w-        c:\program files\DivX\DivX Plus Web Player\DDMService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-12-08 19:17        1226608        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2010-11-08 13:47        328568        ----a-w-        c:\program files\uTorrent\uTorrent.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

.

R3 cpuz129;cpuz129;c:\users\THEONE~1\AppData\Local\Temp\cpuz_x32.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [2007-12-14 9216]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-01 691696]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - KLMD25

*NewlyCreated* - MBAMSWISSARMY

*Deregistered* - klmd25

*Deregistered* - MBAMSwissArmy

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork        REG_MULTI_SZ           PLA DPS BFE mpssvc

.

.

------- Zusätzlicher Suchlauf -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\The One\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

FF - ProfilePath - c:\users\The One\AppData\Roaming\Mozilla\Firefox\Profiles\j7dg20k2.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - 

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-{523FD411-CA09-5E4F-4E33-4C715ED06521} - c:\users\The One\AppData\Roaming\Tesar\zouvr.exe

AddRemove-New Great Effects 1.6 Uninstall - c:\program files\Rockstar Games\mods\New Great Effects1.6\NGE_Uninstall.exe

AddRemove-{91CD08AA-5402-4C64-A9CA-C7B4A479C003}_is1 - c:\program files\Counter Strike Source\unins000.exe

AddRemove-Counter-Strike 1.6: New Era - c:\users\The One\The one\counter strike\uninst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-18 19:01

Windows 6.0.6001 Service Pack 1 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

  msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1598736755-777327258-245303262-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:54,e0,ab,a1,4d,08,0f,43,9a,76,e9,f2,db,d5,ba,ec,5c,90,d6,a0,14,a2,63,

   86,23,ba,2a,1a,fc,a9,e1,04,97,c1,50,8b,bb,89,0d,f3,eb,e4,7a,22,a8,44,74,79,\

"??"=hex:90,c2,9c,2a,df,93,29,c1,9f,04,05,e4,4f,e8,c3,ab

.

[HKEY_USERS\S-1-5-21-1598736755-777327258-245303262-1000\Software\SecuROM\License information*]

"datasecu"=hex:d3,cf,b0,1b,eb,4f,43,e6,97,02,de,a5,33,00,c2,6b,aa,a9,50,ee,ac,

   78,1c,3b,b7,19,81,c2,72,bb,ab,29,89,a7,24,13,df,fd,22,5d,c5,e9,5d,24,fc,f6,\

"rkeysecu"=hex:8f,77,c5,b8,79,dc,6c,81,23,0c,98,0d,92,c3,a2,9e

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2011-05-18  19:04:06

ComboFix-quarantined-files.txt  2011-05-18 17:04

.

Vor Suchlauf: 13 Verzeichnis(se), 83.587.645.440 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 83.545.038.848 Bytes frei

.

- - End Of File - - 313FC5E09F64889694F2A71AD63B15FA

--- --- ---