Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bildschirm schwarz oder unterschiedlich grieselig (https://www.trojaner-board.de/99883-bildschirm-schwarz-unterschiedlich-grieselig.html)

Wolo 02.06.2011 17:03
Bildschirm schwarz oder unterschiedlich grieselig
 
Hallo, mein Problem ist bestimmt schon zig mal aufgetreten, meine bisherigen Versuche und Recherchen blieben aber ohne Erfolg. (Dell-Laptop)
Wenn ich meinen Rechner hochfahre passiert es immer häufiger, dass der Bildschirm schwarz bleibt, aber Windows "gefühlt" ganz normal startet. Nach ausschalten und erneutem Starten ist der Erstbildschirm (vor Windows) oft mit Punkten unterschiedlicher Farbe in unterschiedlicher Dichte übersäht, Windows startet dann manchmal und manchmal geht es nur noch im abgesicherten Modus. Mein aktueller Norton Antivirus hat trotz mehrmaligem Scan keine "Treffer" identifiziert.
Ich habe mich nun bemüht, Eure angegebenen Vorbereitungen alle durchzuführen > bei OTL-Scan erschien Fehlermeldung "OTL.exe - Datei beschädigt. Die Datei oder Verzeichnis C: ist beschädigt und nicht lesbar. Führen Sie CHKDSK aus"; gleiche Meldung beim Scan mit GMER; > hab' ich beides mal weggeklickt, CHDSK nicht ausgeführt; Extras.txt-Datei wurde nicht erstellt.:daumenrunter:
Bin leider totale Null hierzu, habe aber das Feeling, dass es sich um einen Virus handeln muss, der das normale Hochfahren für die Bildanzeige irgendwie nach einem Zufallsprinzip stört. Hoffentlich kann mir jemand helfen.
Danke

Sorry, hab' das Ergebnis des GMER' vergessen. Iss jetzt dabei.
Danke vielmals für Hilfe.

cosinus 03.06.2011 12:48
War Norton IS vorinstalliert? Ich kann dir davon nur abraten, Suites sind in den allermeisten Fällen kontraproduktiv! Verwende lieber einen reinen Virenscanner wie zB Microsoft Security Essentials und die Windows-Firewall. Beides ist kostenlos.


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.09 17:27:12 | 000,000,089 | ---- | M] () - Q:\Autorun.inf -- [ NTFS ]
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Wolo 03.06.2011 19:51
Hallo, super, dass Du mir hilfst.
Hoffe, ich hab alles richtig verstanden / gemacht
1)
Zitat:
War Norton IS vorinstalliert?
>ja, war bei Kauf schon installiert; ist nach - weiß nicht mehr - abgelaufen; hab' mich dann mit Windows Defender und Windows Firewall durchgeschlagen und ca. vor 6 Monaten neuen Norton IS 2011 CD gekauft
2)
Zitat:
alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!),
> hab' alle Programme geschlossen; hab - soweit ich es gecheckt hab', den Norton deaktiviert und WLAN ausgeschaltet
3)
Zitat:
Mach einen OTL-Fix,
> hab' ich gemacht; Logfile anbei:
Zitat:
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File Q:\Autorun.inf not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.23.0 log created on 06032011_202653
4) hab' in der zwischenzeit natürlich etwas "rumgedoktert" und den Rechner komplett stromfrei gemacht (Akku raus, Speicherbatterie abgeklemmt) > konnte ihn erst nur abgesichert hochfahren, dann "normal" > aber wir lange....
5) hab' die Gelegenheit auch genutzt und nicht benötigte Software deinstalliert und versucht die Toolbars zu deaktivieren

cosinus 03.06.2011 21:00
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Wolo 03.06.2011 21:23
ok. Done. Anbei das Logfile:
Code:
2011/06/03 22:14:41.0995 4304        TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/03 22:14:42.0041 4304        ================================================================================
2011/06/03 22:14:42.0041 4304        SystemInfo:
2011/06/03 22:14:42.0041 4304       
2011/06/03 22:14:42.0041 4304        OS Version: 6.0.6002 ServicePack: 2.0
2011/06/03 22:14:42.0041 4304        Product type: Workstation
2011/06/03 22:14:42.0041 4304        ComputerName: CW-HOME-PC
2011/06/03 22:14:42.0041 4304        UserName: admin
2011/06/03 22:14:42.0041 4304        Windows directory: C:\Windows
2011/06/03 22:14:42.0041 4304        System windows directory: C:\Windows
2011/06/03 22:14:42.0041 4304        Processor architecture: Intel x86
2011/06/03 22:14:42.0041 4304        Number of processors: 2
2011/06/03 22:14:42.0041 4304        Page size: 0x1000
2011/06/03 22:14:42.0041 4304        Boot type: Normal boot
2011/06/03 22:14:42.0041 4304        ================================================================================
2011/06/03 22:14:43.0679 4304        Initialize success
2011/06/03 22:15:27.0578 4696        ================================================================================
2011/06/03 22:15:27.0578 4696        Scan started
2011/06/03 22:15:27.0578 4696        Mode: Manual;
2011/06/03 22:15:27.0578 4696        ================================================================================
2011/06/03 22:15:28.0046 4696        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/03 22:15:28.0093 4696        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/06/03 22:15:28.0124 4696        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/06/03 22:15:28.0139 4696        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/06/03 22:15:28.0171 4696        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/06/03 22:15:28.0217 4696        afcdp          (53696ad8ffc5fac51949a525ff65a689) C:\Windows\system32\DRIVERS\afcdp.sys
2011/06/03 22:15:28.0311 4696        AFD            (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/03 22:15:28.0358 4696        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/06/03 22:15:28.0373 4696        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/03 22:15:28.0405 4696        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/06/03 22:15:28.0420 4696        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/06/03 22:15:28.0436 4696        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/06/03 22:15:28.0451 4696        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/06/03 22:15:28.0483 4696        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/06/03 22:15:28.0514 4696        ApfiltrService  (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/06/03 22:15:28.0545 4696        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/06/03 22:15:28.0639 4696        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/06/03 22:15:28.0670 4696        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/03 22:15:28.0701 4696        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/03 22:15:28.0763 4696        b57nd60x        (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/03 22:15:28.0826 4696        BASFND          (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
2011/06/03 22:15:28.0919 4696        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/03 22:15:29.0075 4696        BHDrvx86        (925a191c8c06124426c63ceb2ea93085) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx86.sys
2011/06/03 22:15:29.0169 4696        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/06/03 22:15:29.0216 4696        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/03 22:15:29.0247 4696        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/03 22:15:29.0263 4696        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/03 22:15:29.0294 4696        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/03 22:15:29.0309 4696        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/03 22:15:29.0341 4696        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/03 22:15:29.0356 4696        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/03 22:15:29.0434 4696        BthEnum        (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/06/03 22:15:29.0481 4696        BTHFILT        (43c96c1ac278bc22e7799c23405635a0) C:\Windows\system32\DRIVERS\BthFilt.sys
2011/06/03 22:15:29.0528 4696        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/03 22:15:29.0575 4696        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/03 22:15:29.0606 4696        BTHPORT        (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/06/03 22:15:29.0653 4696        BTHUSB          (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/03 22:15:29.0731 4696        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/03 22:15:29.0762 4696        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/03 22:15:29.0793 4696        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/06/03 22:15:29.0840 4696        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/03 22:15:29.0933 4696        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/03 22:15:29.0996 4696        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/06/03 22:15:30.0027 4696        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/03 22:15:30.0074 4696        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/06/03 22:15:30.0105 4696        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/06/03 22:15:30.0183 4696        CSC            (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/06/03 22:15:30.0214 4696        DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/03 22:15:30.0261 4696        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/03 22:15:30.0339 4696        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/03 22:15:30.0386 4696        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/03 22:15:30.0433 4696        e1express      (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/06/03 22:15:30.0448 4696        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/03 22:15:30.0495 4696        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/03 22:15:30.0589 4696        eeCtrl          (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/06/03 22:15:30.0667 4696        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/06/03 22:15:30.0745 4696        EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/06/03 22:15:30.0791 4696        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/06/03 22:15:30.0838 4696        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/03 22:15:30.0854 4696        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/03 22:15:30.0885 4696        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/03 22:15:30.0963 4696        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/03 22:15:30.0994 4696        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/03 22:15:31.0010 4696        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/03 22:15:31.0041 4696        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/03 22:15:31.0103 4696        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/03 22:15:31.0119 4696        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/03 22:15:31.0166 4696        guardian2      (c0bdab85f3e8b2138c513255e2bcc4d8) C:\Windows\system32\Drivers\oz776.sys
2011/06/03 22:15:31.0244 4696        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/03 22:15:31.0291 4696        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/03 22:15:31.0322 4696        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/03 22:15:31.0337 4696        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/03 22:15:31.0353 4696        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/03 22:15:31.0384 4696        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/06/03 22:15:31.0462 4696        HSF_DPV        (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/06/03 22:15:31.0540 4696        HSXHWAZL        (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/06/03 22:15:31.0571 4696        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/03 22:15:31.0603 4696        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/06/03 22:15:31.0649 4696        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/03 22:15:31.0712 4696        iaStor          (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
2011/06/03 22:15:31.0743 4696        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/03 22:15:31.0915 4696        IDSVix86        (7c8ce2b83a89ee1cb0c3fee5991e62a2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110602.001\IDSvix86.sys
2011/06/03 22:15:31.0977 4696        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/03 22:15:32.0024 4696        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/03 22:15:32.0071 4696        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/03 22:15:32.0102 4696        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/03 22:15:32.0133 4696        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/03 22:15:32.0164 4696        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/03 22:15:32.0180 4696        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/03 22:15:32.0195 4696        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/06/03 22:15:32.0273 4696        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/03 22:15:32.0305 4696        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/03 22:15:32.0351 4696        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/03 22:15:32.0383 4696        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/03 22:15:32.0414 4696        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/03 22:15:32.0461 4696        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/03 22:15:32.0554 4696        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/03 22:15:32.0585 4696        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/03 22:15:32.0601 4696        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/03 22:15:32.0632 4696        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/03 22:15:32.0648 4696        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/03 22:15:32.0679 4696        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/03 22:15:32.0726 4696        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/06/03 22:15:32.0757 4696        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/06/03 22:15:32.0835 4696        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/03 22:15:32.0882 4696        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/03 22:15:32.0929 4696        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/03 22:15:32.0944 4696        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/03 22:15:32.0960 4696        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/03 22:15:32.0991 4696        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/06/03 22:15:33.0022 4696        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/03 22:15:33.0053 4696        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/03 22:15:33.0131 4696        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/03 22:15:33.0163 4696        mrxsmb          (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/03 22:15:33.0225 4696        mrxsmb10        (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/03 22:15:33.0256 4696        mrxsmb20        (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/03 22:15:33.0287 4696        msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/06/03 22:15:33.0319 4696        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/06/03 22:15:33.0365 4696        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/03 22:15:33.0428 4696        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/03 22:15:33.0490 4696        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/03 22:15:33.0521 4696        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/03 22:15:33.0568 4696        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/03 22:15:33.0599 4696        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/03 22:15:33.0615 4696        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/03 22:15:33.0646 4696        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/03 22:15:33.0677 4696        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/03 22:15:33.0709 4696        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/03 22:15:33.0818 4696        NAVENG          (920d9701bba90dbb7ccfd3536ea4d6f9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110603.002\NAVENG.SYS
2011/06/03 22:15:33.0896 4696        NAVEX15        (31b1a9b53c3319b97f7874347cd992d2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110603.002\NAVEX15.SYS
2011/06/03 22:15:34.0005 4696        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/03 22:15:34.0036 4696        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/03 22:15:34.0052 4696        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/03 22:15:34.0083 4696        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/03 22:15:34.0099 4696        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/03 22:15:34.0114 4696        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/03 22:15:34.0145 4696        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/03 22:15:34.0239 4696        NETw4v32        (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/06/03 22:15:34.0426 4696        NETw5v32        (f0c42e0cdce558d658fa53a222b4ccb1) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/06/03 22:15:34.0473 4696        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/03 22:15:34.0551 4696        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/03 22:15:34.0582 4696        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/03 22:15:34.0645 4696        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/03 22:15:34.0676 4696        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/03 22:15:34.0691 4696        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/03 22:15:34.0894 4696        nvlddmkm        (615024cafe830d0bdccafddac8a23650) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/03 22:15:35.0019 4696        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/06/03 22:15:35.0035 4696        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/06/03 22:15:35.0066 4696        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/06/03 22:15:35.0128 4696        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/03 22:15:35.0206 4696        Parport        (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/06/03 22:15:35.0237 4696        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/03 22:15:35.0300 4696        Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/03 22:15:35.0347 4696        PBADRV          (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
2011/06/03 22:15:35.0393 4696        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/03 22:15:35.0409 4696        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/06/03 22:15:35.0440 4696        pcmcia          (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/03 22:15:35.0503 4696        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/03 22:15:35.0643 4696        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/03 22:15:35.0659 4696        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/06/03 22:15:35.0721 4696        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/03 22:15:35.0783 4696        PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/03 22:15:35.0861 4696        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/06/03 22:15:35.0955 4696        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/03 22:15:35.0986 4696        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/03 22:15:36.0049 4696        R300            (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/03 22:15:36.0080 4696        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/03 22:15:36.0158 4696        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/03 22:15:36.0205 4696        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/03 22:15:36.0236 4696        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/03 22:15:36.0267 4696        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/03 22:15:36.0314 4696        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/03 22:15:36.0361 4696        rdpdr          (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/06/03 22:15:36.0376 4696        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/03 22:15:36.0407 4696        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/03 22:15:36.0454 4696        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/03 22:15:36.0548 4696        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/03 22:15:36.0563 4696        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/03 22:15:36.0610 4696        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/03 22:15:36.0641 4696        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/03 22:15:36.0673 4696        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/06/03 22:15:36.0704 4696        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/03 22:15:36.0735 4696        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/06/03 22:15:36.0766 4696        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/03 22:15:36.0782 4696        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/03 22:15:36.0797 4696        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/03 22:15:36.0829 4696        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/06/03 22:15:36.0907 4696        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/06/03 22:15:36.0938 4696        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/06/03 22:15:36.0969 4696        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/03 22:15:37.0000 4696        snapman        (eb49860e776ce860dc3cfb9edb1ba517) C:\Windows\system32\DRIVERS\snapman.sys
2011/06/03 22:15:37.0016 4696        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/03 22:15:37.0078 4696        SRTSP          (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS
2011/06/03 22:15:37.0109 4696        SRTSPX          (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
2011/06/03 22:15:37.0156 4696        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/03 22:15:37.0219 4696        srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/03 22:15:37.0234 4696        srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/03 22:15:37.0297 4696        STHDA          (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2011/06/03 22:15:37.0343 4696        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/03 22:15:37.0359 4696        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/03 22:15:37.0437 4696        SymDS          (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS
2011/06/03 22:15:37.0515 4696        SymEFA          (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
2011/06/03 22:15:37.0546 4696        SymEvent        (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/06/03 22:15:37.0593 4696        SymIM          (8d49cdbb93c3e58e1bfc39fb29444c0a) C:\Windows\system32\DRIVERS\SymIMv.sys
2011/06/03 22:15:37.0671 4696        SymIRON        (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS
2011/06/03 22:15:37.0733 4696        SYMTDIv        (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS
2011/06/03 22:15:37.0765 4696        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/03 22:15:37.0796 4696        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/03 22:15:37.0858 4696        Tcpip          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/03 22:15:37.0905 4696        Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/03 22:15:37.0936 4696        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/03 22:15:37.0967 4696        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/03 22:15:38.0045 4696        tdrpman273      (431801fcc97034e04a6eff81136578d7) C:\Windows\system32\DRIVERS\tdrpm273.sys
2011/06/03 22:15:38.0092 4696        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/03 22:15:38.0123 4696        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/03 22:15:38.0155 4696        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/03 22:15:38.0233 4696        tifsfilter      (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
2011/06/03 22:15:38.0295 4696        timounter      (a34d7024bb7140ec785c86bc065d4f60) C:\Windows\system32\DRIVERS\timntr.sys
2011/06/03 22:15:38.0357 4696        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/03 22:15:38.0373 4696        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/03 22:15:38.0404 4696        tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/03 22:15:38.0435 4696        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/06/03 22:15:38.0498 4696        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/03 22:15:38.0576 4696        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/03 22:15:38.0591 4696        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/06/03 22:15:38.0623 4696        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/03 22:15:38.0638 4696        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/03 22:15:38.0669 4696        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/03 22:15:38.0716 4696        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/03 22:15:38.0794 4696        USBCCID        (e0b8489aeda9ea33361037be6a8cf1ca) C:\Windows\system32\DRIVERS\usbccid.sys
2011/06/03 22:15:38.0810 4696        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/03 22:15:38.0857 4696        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/03 22:15:38.0935 4696        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/03 22:15:38.0950 4696        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/03 22:15:38.0981 4696        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/06/03 22:15:39.0013 4696        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/03 22:15:39.0028 4696        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/03 22:15:39.0091 4696        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/03 22:15:39.0106 4696        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/03 22:15:39.0137 4696        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/06/03 22:15:39.0169 4696        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/06/03 22:15:39.0184 4696        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/06/03 22:15:39.0247 4696        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/03 22:15:39.0278 4696        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/03 22:15:39.0309 4696        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/03 22:15:39.0340 4696        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/06/03 22:15:39.0418 4696        VSTHWBS2        (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2011/06/03 22:15:39.0465 4696        VST_DPV        (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/06/03 22:15:39.0543 4696        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/03 22:15:39.0574 4696        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/03 22:15:39.0574 4696        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/03 22:15:39.0621 4696        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/06/03 22:15:39.0668 4696        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/03 22:15:39.0761 4696        winachsf        (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/03 22:15:39.0855 4696        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/03 22:15:39.0933 4696        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/03 22:15:39.0980 4696        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/03 22:15:40.0011 4696        XAudio          (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/03 22:15:40.0042 4696        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/03 22:15:40.0073 4696        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
2011/06/03 22:15:40.0136 4696        ================================================================================
2011/06/03 22:15:40.0136 4696        Scan finished
2011/06/03 22:15:40.0136 4696        ================================================================================
2011/06/03 22:15:40.0151 2984        Detected object count: 0
2011/06/03 22:15:40.0151 2984        Actual detected object count: 0
Hab' ich es auch richtig gemacht?:dummguck:

cosinus 03.06.2011 21:28
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Wolo 03.06.2011 21:57
So, auch das hab' ich hingekriegt; hab' Combofix über einen anderen Rechner heruntergeladen und dann von Stick auf den Desktop gespeichert > hoffe, das war ok. so.
Hab' es durchlaufen lassen > auch nach Abschluss hört die HDD nicht mehr auf zu rödeln.
Anbei das Logfile:
Code:
ComboFix 11-06-03.04 - admin 03.06.2011  22:39:28.1.2 - x86
Microsoft® Windows Vista™ Business  6.0.6002.2.1252.49.1031.18.2045.964 [GMT 2:00]
ausgeführt von:: c:\users\admin\Desktop\cofi.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-05-03 bis 2011-06-03  ))))))))))))))))))))))))))))))
.
.
2011-06-03 20:45 . 2011-06-03 20:45        --------        d-----w-        c:\users\Wolpi\AppData\Local\temp
2011-06-03 20:45 . 2011-06-03 20:45        --------        d-----w-        c:\users\Vero\AppData\Local\temp
2011-06-03 20:45 . 2011-06-03 20:45        --------        d-----w-        c:\users\Sevi\AppData\Local\temp
2011-06-03 20:45 . 2011-06-03 20:45        --------        d-----w-        c:\users\Nidda\AppData\Local\temp
2011-06-03 20:45 . 2011-06-03 20:45        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-06-03 20:37 . 2011-06-03 20:37        --------        d-----w-        C:\32788R22FWJFW
2011-06-03 06:10 . 2011-06-03 06:10        --------        d-----w-        C:\found.000
2011-06-03 06:02 . 2011-06-03 06:02        --------        d-----w-        c:\programdata\WindowsSearch
2011-06-02 13:40 . 2011-06-02 13:40        --------        d-----w-        C:\rsit
2011-06-02 12:27 . 2011-06-02 12:27        --------        d-----w-        C:\_OTL
2011-06-02 12:04 . 2011-06-02 12:04        --------        d-----w-        c:\program files\MSECache
2011-06-02 10:06 . 2011-06-02 10:06        --------        d-----w-        c:\users\admin\AppData\Roaming\Malwarebytes
2011-06-02 10:06 . 2011-05-29 07:11        39984        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-02 10:06 . 2011-06-02 10:06        --------        d-----w-        c:\programdata\Malwarebytes
2011-06-02 10:06 . 2011-06-02 10:06        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-06-02 10:06 . 2011-05-29 07:11        22712        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-05-29 20:00 . 2010-09-06 09:26        189520        ----a-w-        c:\windows\system32\drivers\tmcomm.sys
2011-05-29 19:53 . 2011-06-02 13:40        --------        d-----w-        c:\program files\Trend Micro
2011-05-29 19:53 . 2011-05-29 19:53        388096        ----a-r-        c:\users\admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-29 16:16 . 2011-05-29 16:17        --------        d-----w-        c:\program files\CCleaner
2011-05-28 18:45 . 2011-05-28 18:51        --------        d-----w-        c:\users\admin\AppData\Local\NPE
2011-05-28 14:47 . 2011-05-28 14:47        --------        d-----w-        c:\program files\SystemRequirementsLab
2011-05-22 13:49 . 2011-05-22 13:49        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-13 17:33 . 2011-04-07 12:01        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-05-10 15:01 . 2011-05-10 15:01        --------        d-----w-        c:\users\Vero\AppData\Local\CrashDumps
2011-05-10 10:50 . 2011-05-12 06:16        --------        d-----w-        c:\windows\system32\drivers\NIS\1206000.01D
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 18:33 . 2008-09-16 17:55        0        ----a-w-        c:\users\admin\AppData\Local\WavXMapDrive.bat
2011-06-01 17:51 . 2011-01-15 16:00        0        ----a-w-        c:\users\Vero\AppData\Local\WavXMapDrive.bat
2011-05-30 05:40 . 2011-04-04 16:37        0        ----a-w-        c:\users\Gast\AppData\Local\WavXMapDrive.bat
2011-05-28 15:36 . 2011-01-15 14:41        0        ----a-w-        c:\users\Nidda\AppData\Local\WavXMapDrive.bat
2011-05-28 12:34 . 2011-01-15 16:23        0        ----a-w-        c:\users\Sevi\AppData\Local\WavXMapDrive.bat
2011-05-11 17:32 . 2011-01-13 18:43        126584        ----a-w-        c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-10 09:39 . 2011-04-10 09:39        161792        ----a-w-        c:\windows\system32\msls31.dll
2011-04-10 09:39 . 2011-04-10 09:39        1126912        ----a-w-        c:\windows\system32\wininet.dll
2011-04-10 09:39 . 2011-04-10 09:39        86528        ----a-w-        c:\windows\system32\iesysprep.dll
2011-04-10 09:39 . 2011-04-10 09:39        76800        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2011-04-10 09:39 . 2011-04-10 09:39        74752        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2011-04-10 09:39 . 2011-04-10 09:39        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2011-04-10 09:39 . 2011-04-10 09:39        63488        ----a-w-        c:\windows\system32\tdc.ocx
2011-04-10 09:39 . 2011-04-10 09:39        367104        ----a-w-        c:\windows\system32\html.iec
2011-04-10 09:39 . 2011-04-10 09:39        74752        ----a-w-        c:\windows\system32\iesetup.dll
2011-04-10 09:39 . 2011-04-10 09:39        23552        ----a-w-        c:\windows\system32\licmgr10.dll
2011-04-10 09:39 . 2011-04-10 09:39        152064        ----a-w-        c:\windows\system32\wextract.exe
2011-04-10 09:39 . 2011-04-10 09:39        150528        ----a-w-        c:\windows\system32\iexpress.exe
2011-04-10 09:39 . 2011-04-10 09:39        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-04-10 09:39 . 2011-04-10 09:39        420864        ----a-w-        c:\windows\system32\vbscript.dll
2011-04-10 09:39 . 2011-04-10 09:39        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2011-04-10 09:39 . 2011-04-10 09:39        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2011-04-10 09:39 . 2011-04-10 09:39        11776        ----a-w-        c:\windows\system32\mshta.exe
2011-04-10 09:39 . 2011-04-10 09:39        101888        ----a-w-        c:\windows\system32\admparse.dll
2011-04-10 09:39 . 2011-04-10 09:39        35840        ----a-w-        c:\windows\system32\imgutil.dll
2011-04-10 09:39 . 2011-04-10 09:39        1797632        ----a-w-        c:\windows\system32\jscript9.dll
2011-04-10 09:39 . 2011-04-10 09:39        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2011-03-31 03:04 . 2011-02-20 13:31        35960        ----a-r-        c:\windows\system32\drivers\SymIMV.sys
2011-03-12 21:55 . 2011-04-28 15:08        876032        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-17 18:26        1162240        ----a-w-        c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-17 18:26        1136640        ----a-w-        c:\windows\system32\mfc42.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-20 159744]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-02-01 5583056]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-06 391240]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2570688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-03 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-03 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-03 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-12-03 81920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-1-9 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-03-13 179712]
R3 BTHFILT;Bluetooth-Befehlsfilter;c:\windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824]
R3 EraserUtilDrv11110;EraserUtilDrv11110;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys [x]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2008-01-21 251904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-02-13 752128]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx86.sys [2011-04-15 802936]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110602.001\IDSvix86.sys [2011-03-14 353912]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-02-13 3246040]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
S2 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-02-13 167968]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 105592]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-05-28 4233728]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 59621311
*Deregistered* - 59621311
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-03 c:\windows\Tasks\Norton Internet Security - admin - Vollständiger Systemscan.job
- c:\program files\Norton Internet Security\Engine\18.6.0.29\navw32.exe [2011-05-10 00:28]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-03 22:45
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-06-03  22:48:19
ComboFix-quarantined-files.txt  2011-06-03 20:48
.
Vor Suchlauf: 12 Verzeichnis(se), 17.910.284.288 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 18.111.729.664 Bytes frei
.
- - End Of File - - 44FA832BAB3628CE256A725EE25D5624

cosinus 03.06.2011 22:40
Ok. Starte den Rechner neu, dann Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Wolo 04.06.2011 10:38
Hallo Arne, so jetz hab' ich glaub' ich alles abgearbeitet.
anbei Log von GMER:
Code:
GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-04 11:15:26
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 Hitachi_HTS725016A9A362 rev.PCBOC70E
Running: gmer.exe; Driver: C:\Users\admin\AppData\Local\Temp\ugdiafow.sys


---- System - GMER 1.0.15 ----

SSDT            91701350                                                                                            ZwAlertResumeThread
SSDT            91701690                                                                                            ZwAlertThread
SSDT            917FF7F0                                                                                            ZwAllocateVirtualMemory
SSDT            879C1070                                                                                            ZwAlpcConnectPort
SSDT            91901778                                                                                            ZwAssignProcessToJobObject
SSDT            91901D20                                                                                            ZwCreateMutant
SSDT            91901498                                                                                            ZwCreateSymbolicLinkObject
SSDT            87FDFD68                                                                                            ZwCreateThread
SSDT            91901858                                                                                            ZwDebugActiveProcess
SSDT            917FF9C0                                                                                            ZwDuplicateObject
SSDT            91782E70                                                                                            ZwFreeVirtualMemory
SSDT            91701190                                                                                            ZwImpersonateAnonymousToken
SSDT            91701270                                                                                            ZwImpersonateThread
SSDT            879C1108                                                                                            ZwLoadDriver
SSDT            91782D70                                                                                            ZwMapViewOfSection
SSDT            91901C40                                                                                            ZwOpenEvent
SSDT            87F89B90                                                                                            ZwOpenProcess
SSDT            917FF8E0                                                                                            ZwOpenProcessToken
SSDT            91901A80                                                                                            ZwOpenSection
SSDT            87F89AA0                                                                                            ZwOpenThread
SSDT            91901688                                                                                            ZwProtectVirtualMemory
SSDT            91982C40                                                                                            ZwResumeThread
SSDT            91982EE0                                                                                            ZwSetContextThread
SSDT            91982FC0                                                                                            ZwSetInformationProcess
SSDT            91901938                                                                                            ZwSetSystemInformation
SSDT            91901B60                                                                                            ZwSuspendProcess
SSDT            91982D20                                                                                            ZwSuspendThread
SSDT            87FDFE68                                                                                            ZwTerminateProcess
SSDT            91982E00                                                                                            ZwTerminateThread
SSDT            91782C90                                                                                            ZwUnmapViewOfSection
SSDT            91782F60                                                                                            ZwWriteVirtualMemory
SSDT            91901588                                                                                            ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 11D                                                                        820C18A0 8 Bytes  [50, 13, 70, 91, 90, 16, 70, ...] {PUSH EAX; ADC ESI, [EAX-0x6f]; NOP ; PUSH SS; JO 0xffffffffffffff99}
.text          ntkrnlpa.exe!KeSetEvent + 131                                                                        820C18B4 4 Bytes  [F0, F7, 7F, 91]
.text          ntkrnlpa.exe!KeSetEvent + 13D                                                                        820C18C0 4 Bytes  [70, 10, 9C, 87]
.text          ntkrnlpa.exe!KeSetEvent + 191                                                                        820C1914 4 Bytes  [78, 17, 90, 91] {JS 0x19; NOP ; XCHG ECX, EAX}
.text          ntkrnlpa.exe!KeSetEvent + 1F5                                                                        820C1978 4 Bytes  [20, 1D, 90, 91]
.text          ...                                                                                                 
.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                            section is writeable [0x8D60F380, 0x3590D2, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[3656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [742D7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                [7432A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]            [742DBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]      [742CF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                [742D75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [742CE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [74308395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]    [742DDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]            [742CFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [742CFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]              [742C71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]      [7435CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [742FC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]            [742CD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                      [742C6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [742C687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]        [742D2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device                                                                                                              Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)

AttachedDevice                                                                                                      tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

Device                                                                                                              fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device                                                                                                              pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                              SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device                                                                                                              rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device                                                                                                              volmgr.sys (Volume Manager Driver/Microsoft Corporation)

AttachedDevice                                                                                                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device                                                                                                              usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Udp                                                                              SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                            SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021864665a1                         
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0021864665a1 (not active ControlSet)     

---- Files - GMER 1.0.15 ----

File            C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\NCW\ncwmh.db-journal    0 bytes

---- EOF - GMER 1.0.15 ----
und noch das Log von OSAM:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:19:50 on 04.06.2011

OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Norton Internet Security - admin - Vollständiger Systemscan.job" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\navw32.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ASFConfig.cpl" - "Broadcom Corporation" - C:\Windows\system32\ASFConfig.cpl
"BACSCPL.cpl" - ? - C:\Windows\system32\BACSCPL.cpl
"DMdm32.cpl" - ? - C:\Windows\system32\DMdm32.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
"nView.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nView.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CinePlayer DVD Decoder Options" - "Sonic Solutions" - C:\Program Files\Sonic\CinePlayer Decoder Pack\cmdvdpak.cpl
"PROSet Tools" - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\iproset.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\Windows\System32\DRIVERS\tifsfilt.sys
"Acronis Try&Decide and Restore Points filter (build 273)" (tdrpman273) - "Acronis" - C:\Windows\System32\DRIVERS\tdrpm273.sys
"afcdp" (afcdp) - "Acronis" - C:\Windows\System32\DRIVERS\afcdp.sys
"BASFND" (BASFND) - "Broadcom Corporation" - C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
"BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx86.sys
"catchme" (catchme) - ? - C:\Users\admin\AppData\Local\Temp\catchme.sys  (File not found)
"EraserUtilDrv11110" (EraserUtilDrv11110) - ? - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys  (File not found)
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"IDSVix86" (IDSVix86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110602.001\IDSvix86.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110603.002\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110603.002\NAVEX15.SYS
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1206000.01D\SYMDS.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
"Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1206000.01D\SYMEFA.SYS
"Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS
"Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS
"Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
"Symantec Vista Network Dispatch Driver" (SYMTDIv) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS
"ugdiafow" (ugdiafow) - ? - C:\Users\admin\AppData\Local\Temp\ugdiafow.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis Secure Zone" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Windows\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Windows\system32\nvshell.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Windows\system32\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} "DellSystem.Scanner" - ? - C:\Windows\Downloaded Program Files\DellSystem.dll / hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10q.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
{49312E18-AA92-4CC2-BB97-55DEA7BCADD6} "WMI Class" - ? - C:\Windows\system32\Dell\SYSTEM~1\SysPro.exe / hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Symantec Intrusion Prevention" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Symantec NCO BHO" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Digital Line Detect.lnk" - "Avanquest Software " - C:\Program Files\Digital Line Detect\DLG.exe  (Shortcut exists | File exists)
"QuickSet.lnk" - "Dell Inc." - C:\Program Files\Dell\QuickSet\quickset.exe  (Shortcut exists | File exists)
"WinZip Quick Pick.lnk" - "WinZip Computing, S.L." - C:\Program Files\WinZip\WZQKPICK.EXE  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"PDVDDXSrv" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"SAOB Monitor" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TrueImageMonitor.exe" - "Acronis" - "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Acronis Nonstop Backup-Dienst" (afcdpsrv) - "Acronis" - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
"Bluetooth Feature Support" (BthFilterHelper) - "CSR, plc" - C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
"Broadcom ASF IP and SMBIOS Mailbox Monitor" (ASFIPmon) - "Broadcom Corporation" - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
"Dell Internal Network Card Power Management" (nicconfigsvc) - "Dell Inc." - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Norton Internet Security" (NIS) - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
"NTRU TSS v1.2.1.29 TCS" (tcsd_win32.exe) - ? - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe  (File found, but it contains no detailed information)
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
und zu guter letzt noch MBR-Log:
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Business Edition
Windows Information:                Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:        Dell Inc.
BIOS Manufacturer:                Dell Inc.
System Manufacturer:                Dell Inc.
System Product Name:                Latitude D630
Logical Drives Mask:                0x0002003c

Kernel Drivers (total 181):
  0x82015000 \SystemRoot\system32\ntkrnlpa.exe
  0x823CF000 \SystemRoot\system32\hal.dll
  0x80400000 \SystemRoot\system32\kdcom.dll
  0x80407000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80477000 \SystemRoot\system32\PSHED.dll
  0x80488000 \SystemRoot\system32\BOOTVID.dll
  0x80490000 \SystemRoot\system32\CLFS.SYS
  0x804D1000 \SystemRoot\system32\CI.dll
  0x80606000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80682000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8068F000 \SystemRoot\system32\drivers\acpi.sys
  0x806D5000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806DE000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806E6000 \SystemRoot\system32\drivers\pci.sys
  0x8070D000 \SystemRoot\System32\drivers\partmgr.sys
  0x8071C000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8071F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x80729000 \SystemRoot\system32\drivers\volmgr.sys
  0x80738000 \SystemRoot\System32\drivers\volmgrx.sys
  0x80782000 \SystemRoot\system32\DRIVERS\intelide.sys
  0x80789000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x80797000 \SystemRoot\system32\DRIVERS\pcmcia.sys
  0x807C4000 \SystemRoot\system32\drivers\pciide.sys
  0x807CB000 \SystemRoot\System32\drivers\mountmgr.sys
  0x82603000 \SystemRoot\system32\drivers\iastorv.sys
  0x826A4000 \SystemRoot\system32\drivers\iastor.sys
  0x82762000 \SystemRoot\system32\drivers\atapi.sys
  0x8276A000 \SystemRoot\system32\drivers\ataport.SYS
  0x82788000 \SystemRoot\system32\drivers\fltmgr.sys
  0x88206000 \SystemRoot\system32\drivers\NIS\1206000.01D\SYMDS.SYS
  0x8825D000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8826D000 \SystemRoot\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
  0x88328000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x88332000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8840F000 \SystemRoot\system32\drivers\ndis.sys
  0x8851A000 \SystemRoot\system32\drivers\msrpc.sys
  0x88545000 \SystemRoot\system32\drivers\NETIO.SYS
  0x88607000 \SystemRoot\System32\drivers\tcpip.sys
  0x886F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8870C000 \SystemRoot\system32\DRIVERS\timntr.sys
  0x8880C000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8891C000 \SystemRoot\system32\drivers\volsnap.sys
  0x88A08000 \SystemRoot\system32\DRIVERS\tdrpm273.sys
  0x88ABE000 \SystemRoot\System32\Drivers\spldr.sys
  0x88AC6000 \SystemRoot\system32\DRIVERS\snapman.sys
  0x88AEE000 \SystemRoot\system32\DRIVERS\PBADRV.sys
  0x88AF9000 \SystemRoot\System32\Drivers\mup.sys
  0x88B08000 \SystemRoot\System32\drivers\ecache.sys
  0x88B2F000 \SystemRoot\system32\drivers\disk.sys
  0x88B40000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x88B61000 \SystemRoot\system32\drivers\crcdisk.sys
  0x88B8A000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x88B95000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x88B9E000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8D60F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8DD53000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8DDF3000 \SystemRoot\System32\drivers\watchdog.sys
  0x8D600000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x88BAD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x88BEB000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x88955000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8EA00000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
  0x8EE13000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x8EE23000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x8EE31000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8EE44000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0x8EE70000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8EE7B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8EE86000 \SystemRoot\system32\DRIVERS\serial.sys
  0x8EEA0000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x8EEAA000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8EEC2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8EEC6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8EECF000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8EEFE000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8EF3F000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8EF4A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8EF61000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8EF6C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8EF8F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8EF9E000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8EFB2000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8FC06000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0x8FC8F000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8FC9F000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8FCA1000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8FCCB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8FCD5000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8FCE2000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8FD17000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8FD28000 \SystemRoot\system32\drivers\stwrt.sys
  0x8FD7D000 \SystemRoot\system32\drivers\portcls.sys
  0x8FDAA000 \SystemRoot\system32\drivers\drmk.sys
  0x8879E000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x90607000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x9070A000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x907BE000 \SystemRoot\system32\drivers\modem.sys
  0x907CB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x907D4000 \SystemRoot\System32\Drivers\Null.SYS
  0x907DB000 \SystemRoot\System32\Drivers\Beep.SYS
  0x907E2000 \SystemRoot\System32\drivers\vga.sys
  0x8FDCF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x907EE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x907F6000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8FDF0000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8EFC7000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8EFD5000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8EFDE000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x88580000 \SystemRoot\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS
  0x885D9000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
  0x889E2000 \SystemRoot\system32\DRIVERS\smb.sys
  0x883A3000 \SystemRoot\system32\drivers\afd.sys
  0x827BA000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x887DB000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8EFF4000 \SystemRoot\system32\DRIVERS\SymIMv.sys
  0x887F1000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x883EB000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x807DB000 \SystemRoot\system32\drivers\NIS\1206000.01D\Ironx86.SYS
  0x88800000 \SystemRoot\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
  0x805B1000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x889F6000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x91001000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110602.001\IDSvix86.sys
  0x9105C000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
  0x910BA000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
  0x910D8000 \SystemRoot\System32\Drivers\dfsc.sys
  0x910EF000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx86.sys
  0x911B7000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x911C0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x911D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x911D7000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x911D9000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x911E1000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x911EE000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x88A00000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x88B6A000 \SystemRoot\System32\Drivers\oz776.sys
  0x88B7A000 \SystemRoot\System32\Drivers\SMCLIB.SYS
  0x9A050000 \SystemRoot\System32\win32k.sys
  0x88400000 \SystemRoot\System32\drivers\Dxapi.sys
  0x827EC000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x9A270000 \SystemRoot\System32\TSDDD.dll
  0x9A290000 \SystemRoot\System32\cdd.dll
  0x9B009000 \SystemRoot\system32\drivers\luafv.sys
  0x9B024000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
  0x9B02E000 \SystemRoot\system32\drivers\spsys.sys
  0x9B0DE000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9B0EE000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9B118000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9B122000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9B135000 \SystemRoot\system32\drivers\HTTP.sys
  0x9B1A2000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9B1BF000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9B1D8000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA040F000 \SystemRoot\system32\drivers\mrxdav.sys
  0xA0430000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA044F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA0488000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA04A0000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA04C8000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA052F000 \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
  0xA0531000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xA1608000 \SystemRoot\system32\drivers\peauth.sys
  0xA16E6000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA16F0000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA16FC000 \SystemRoot\system32\DRIVERS\xaudio.sys
  0xA1704000 \SystemRoot\system32\DRIVERS\afcdp.sys
  0xA172C000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xA1742000 \SystemRoot\System32\Drivers\NIS\1206000.01D\SRTSP.SYS
  0xA17C8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xA05B5000 \SystemRoot\System32\Drivers\fastfat.SYS
  0xA17DD000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xA05DD000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xB9206000 \??\C:\Users\admin\AppData\Local\Temp\ugdiafow.sys
  0xB921F000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110603.002\NAVEX15.SYS
  0xB9396000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110603.002\NAVENG.SYS
  0xB93AA000 \SystemRoot\system32\DRIVERS\BthFilt.sys
  0xB93B2000 \SystemRoot\System32\Drivers\BTHUSB.sys
  0xA0535000 \SystemRoot\System32\Drivers\bthport.sys
  0xB93BF000 \SystemRoot\system32\DRIVERS\rfcomm.sys
  0xB93E8000 \SystemRoot\system32\DRIVERS\BthEnum.sys
  0xAC60C000 \SystemRoot\system32\DRIVERS\bthpan.sys
  0x77280000 \Windows\System32\ntdll.dll

Processes (total 76):
      0 System Idle Process
      4 System
    560 C:\Windows\System32\smss.exe
    764 csrss.exe
    816 C:\Windows\System32\wininit.exe
    828 csrss.exe
    860 C:\Windows\System32\services.exe
    884 C:\Windows\System32\lsass.exe
    892 C:\Windows\System32\lsm.exe
    1040 C:\Windows\System32\winlogon.exe
    1064 C:\Windows\System32\svchost.exe
    1116 C:\Windows\System32\nvvsvc.exe
    1144 C:\Windows\System32\svchost.exe
    1292 C:\Windows\System32\svchost.exe
    1344 C:\Windows\System32\svchost.exe
    1364 C:\Windows\System32\svchost.exe
    1452 C:\Windows\System32\audiodg.exe
    1480 C:\Windows\System32\svchost.exe
    1504 C:\Windows\System32\SLsvc.exe
    1536 C:\Windows\System32\svchost.exe
    1652 C:\Windows\System32\nvvsvc.exe
    1776 C:\Windows\System32\svchost.exe
    1904 C:\Windows\System32\wlanext.exe
    1980 C:\Windows\System32\spoolsv.exe
    196 C:\Windows\System32\svchost.exe
    732 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    544 C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    1076 C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    1492 C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
    1680 C:\Windows\System32\svchost.exe
    2044 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    2088 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2124 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
    2268 C:\Windows\System32\svchost.exe
    2284 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    2336 C:\Windows\System32\stacsv.exe
    2412 C:\Windows\System32\svchost.exe
    2444 C:\Windows\System32\svchost.exe
    2472 C:\Windows\System32\SearchIndexer.exe
    2544 C:\Windows\System32\drivers\XAudio.exe
    2588 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    2764 WmiPrvSE.exe
    3520 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
    3576 C:\Windows\System32\dwm.exe
    3628 C:\Windows\System32\taskeng.exe
    3656 C:\Windows\explorer.exe
    3896 C:\Program Files\DellTPad\Apoint.exe
    3904 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    3912 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    3924 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    3936 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    3956 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    3972 C:\Program Files\FreePDF_XP\fpassist.exe
    2076 C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
    2188 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1640 C:\Windows\System32\rundll32.exe
    1684 C:\Windows\System32\rundll32.exe
    1272 C:\Program Files\DellTPad\ApMsgFwd.exe
    124 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    3276 C:\Program Files\Digital Line Detect\DLG.exe
    2276 C:\Program Files\Dell\QuickSet\quickset.exe
    2920 C:\Program Files\DellTPad\hidfind.exe
    2908 C:\Program Files\DellTPad\ApntEx.exe
    3856 C:\Windows\System32\svchost.exe
    3836 dllhost.exe
    4632 WUDFHost.exe
    5916 C:\Windows\System32\taskeng.exe
    4436 C:\Program Files\Windows Sidebar\sidebar.exe
    576 C:\Program Files\Windows Sidebar\sidebar.exe
    1432 C:\Program Files\Internet Explorer\iexplore.exe
    5076 C:\Program Files\Internet Explorer\iexplore.exe
    3312 C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe
    5900 C:\Windows\System32\SearchProtocolHost.exe
    5912 C:\Windows\System32\SearchFilterHost.exe
    1636 C:\Users\admin\Desktop\MBRCheck.exe
    5064 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000b`40100000  (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x0000000b`c0100000  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS725016A9A362, Rev: PCBOC70E

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0  Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
Viele Grüße
Wolo

cosinus 04.06.2011 12:16
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Wolo 06.06.2011 06:28
HAllo Arne,
bis auf ein paar TrackingCookies, die SuperAntispyware gefunden hat, gab es wohl "keine Treffer". Soll oder kann ich die Cookies in Karantäne einfach entfernen?
Hier nun die log-files:
von Malwarebytes
Code:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6776

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

05.06.2011 21:36:52
mbam-log-2011-06-05 (21-36-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|L:\|M:\|N:\|O:\|P:\|Q:\|R:\|)
Durchsuchte Objekte: 491265
Laufzeit: 1 Stunde(n), 27 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
und von SuperAntiSpyware:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/05/2011 at 11:15 PM

Application Version : 4.53.1000

Core Rules Database Version : 7205
Trace Rules Database Version: 5017

Scan type      : Complete Scan
Total Scan Time : 01:16:04

Memory items scanned      : 710
Memory threats detected  : 0
Registry items scanned    : 8559
Registry threats detected : 0
File items scanned        : 65938
File threats detected    : 87

Adware.Tracking Cookie
        C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@doubleclick[1].txt
        C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@mediaplex[1].txt
        C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@apmebf[2].txt
        C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@fastclick[1].txt
        C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@serving-sys[2].txt
        C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@ad3.adfarm1.adition[2].txt
        C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@ad2.adfarm1.adition[2].txt
        C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@bs.serving-sys[1].txt
        C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@ad.zanox[2].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@ad.ad-srv[1].txt
        C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\****@webmasterplan[2].txt
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@doubleclick[1].txt
        N:\Users\admin\AppData\Local\Temp\Low\Cookies\admin@2o7[1].txt
        149.memecounter.com [ N:\Users\admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\88S6T4GJ ]
        mediathek.daserste.de [ N:\Users\admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\88S6T4GJ ]
        memecounter.com [ N:\Users\admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\88S6T4GJ ]
        www.eccemedia.tv [ N:\Users\admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\88S6T4GJ ]
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@adfarm1.adition[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@track.webtrekk[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@e-2dj6wfkiqhdjaeo.stats.esomniture[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@doubleclick[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@2o7[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@komtrack[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@www.googleadservices[5].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@www.googleadservices[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ad.adnet[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@clicks.pangora[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ad.ad-srv[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@dealtime[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@adsrv1.admediate[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@collective-media[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@adsrv.admediate[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@a7.adserver01[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@www.die-fans-media[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@bs.serving-sys[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@tto2.traffictrack[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@e-2dj6wjkoujdzolq.stats.esomniture[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@delivery.ads.coupling-media[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ads.archinoah[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@im.banner.t-online[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@go.dynamic-tracking[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ads.heias[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@tracking.3gnet[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ad.adition[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@e-2dj6wjlywjd5clp.stats.esomniture[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@www.etracker[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@rsstats[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@smartadserver[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@e-2dj6wmlyooajkhp.stats.esomniture[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@adtech[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ads.famdirekt[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@112.2o7[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ad.yieldmanager[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@vodafonegroup.122.2o7[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atdmt[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@eu.clickandbuy[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@tracking.mindshare[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ad.peterzahlt[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@advertising[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@content.yieldmanager[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ad.peterzahlt[3].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@tracking.quisma[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@eas.apm.emediate[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ad.zanox[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@fastclick[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@tradedoubler[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@unitymedia[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@statse.webtrendslive[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@himedia.individuad[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@nextag[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ww251.smartadserver[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@traffictrack[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@mediaplex[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@xiti[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@webmasterplan[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@de.at.atwola[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@zanox-affiliate[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@www.googleadservices[11].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@serving-sys[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@e-2dj6wfmykiazsao.stats.esomniture[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@apmebf[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@bizrate[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@e-2dj6wdlyeidzakp.stats.esomniture[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@zanox[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ads.eteleon[1].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@clickandbuy[2].txt
        N:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@www.traffictrack[2].txt
und sicherheitshalber hab' ich ESET auch noch gemacht:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=416de338d873eb49929339fcb1c7229a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-05 11:51:01
# local_time=2011-06-06 01:51:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 288721 288721 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 12669963 144843438 0 0
# compatibility_mode=8192 67108863 100 0 211 211 0 0
# scanned=289600
# found=0
# cleaned=0
# scan_time=7124
Danke schon mal, dass Du Dir das ansiehst. Viele Grüße Wolo

cosinus 06.06.2011 11:46
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Wolo 07.06.2011 17:37
Hallo Arne,
Zitat:
Noch Probleme oder weitere Funde in der Zwischenzeit?
nein, momentan scheint alles wieder normal zu laufen.
Ich werde es mal die nächsten Tage verfolgen und mich bei erneuten Anzeichen / Symptomen melden.
Bevor wir das Thema abschliessen, noch zwei Dinge:
1) kann ich die ganzen downgeloadeten Scanner etc. wieder löschen? Muss ich dabei etwas beachten und gibt es da irgendwelche "versteckte Files", die ich manuell löschen muss?
2) Danke für die tolle Anleitung und Verfolgung bei dem für mich anfänglich nicht lösbarem Problem.
Viele Grüße
Wolo

cosinus 07.06.2011 21:23
Die Programme können alle wieder runter. Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Wolo 11.06.2011 12:53
Hallo Arne,
Updates ist ok.
Jetzt bleibt mir doch noch eine Frage:
Wie bringe ich denn unter C-Laufwerk den Ordner Qoobox gelöscht? Wurde im Rahmen der Combofix erstellt; der lässt mich auch als Admin "nix" damit machen (auch nich die Unterordner)


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:16 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19