ThinkPoint vollständig entfernt?

cosinus · 17.11.2010, 00:05

Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\Qoobox in eine Datei zippen
3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Jonas66 · 17.11.2010, 00:13

Datei: Qoobox.zip empfangen
Vorgang erfolgreich abgeschlossen.

cosinus · 17.11.2010, 08:39

Das Log bringt mir leider nichts...
Führ mal im abgesicherten Modus das Kaspersky-TDSS-Tool aus => http://www.trojaner-board.de/82358-t...entfernen.html

Jonas66 · 17.11.2010, 08:54

Hat nichts gefunden, hier der Log:

Code:

ATTFilter

2010/11/17 08:45:33.0598	TDSS rootkit removing tool 2.4.7.1 Nov 16 2010 08:18:13
2010/11/17 08:45:33.0598	================================================================================
2010/11/17 08:45:33.0598	SystemInfo:
2010/11/17 08:45:33.0598	
2010/11/17 08:45:33.0598	OS Version: 6.0.6000 ServicePack: 0.0
2010/11/17 08:45:33.0598	Product type: Workstation
2010/11/17 08:45:33.0598	ComputerName: FUJITSUSIEMENSS
2010/11/17 08:45:33.0598	UserName: ***
2010/11/17 08:45:33.0598	Windows directory: C:\Windows
2010/11/17 08:45:33.0598	System windows directory: C:\Windows
2010/11/17 08:45:33.0598	Processor architecture: Intel x86
2010/11/17 08:45:33.0598	Number of processors: 2
2010/11/17 08:45:33.0598	Page size: 0x1000
2010/11/17 08:45:33.0598	Boot type: Safe boot with network
2010/11/17 08:45:33.0598	================================================================================
2010/11/17 08:45:34.0768	Initialize success
2010/11/17 08:45:44.0128	================================================================================
2010/11/17 08:45:44.0128	Scan started
2010/11/17 08:45:44.0128	Mode: Manual; 
2010/11/17 08:45:44.0128	================================================================================
2010/11/17 08:45:44.0409	ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2010/11/17 08:45:44.0471	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/11/17 08:45:44.0534	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/11/17 08:45:44.0565	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/11/17 08:45:44.0612	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/11/17 08:45:44.0659	AFD             (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2010/11/17 08:45:44.0721	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/11/17 08:45:44.0768	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/11/17 08:45:44.0830	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/11/17 08:45:44.0861	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/11/17 08:45:44.0924	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/11/17 08:45:44.0955	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/11/17 08:45:44.0986	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/11/17 08:45:45.0142	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/11/17 08:45:45.0205	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/11/17 08:45:45.0283	AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/17 08:45:45.0345	atapi           (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2010/11/17 08:45:45.0439	avgntflt        (1eb7d72a82f94f7e9496d363fce00b68) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/11/17 08:45:45.0485	avipbb          (f8c56231ed5ecf7d1b46b0330880ccef) C:\Windows\system32\DRIVERS\avipbb.sys
2010/11/17 08:45:45.0548	Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2010/11/17 08:45:45.0735	bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/17 08:45:45.0766	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/17 08:45:45.0797	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/11/17 08:45:45.0875	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/11/17 08:45:45.0953	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/11/17 08:45:46.0000	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/17 08:45:46.0016	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/11/17 08:45:46.0156	BthEnum         (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/11/17 08:45:46.0312	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/11/17 08:45:46.0359	BthPan          (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2010/11/17 08:45:46.0468	BTHPORT         (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
2010/11/17 08:45:46.0515	BTHUSB          (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
2010/11/17 08:45:46.0765	cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/17 08:45:46.0827	cdrom           (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/17 08:45:46.0889	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/11/17 08:45:46.0936	CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2010/11/17 08:45:47.0014	CmBatt          (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/17 08:45:47.0045	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/11/17 08:45:47.0061	Compbatt        (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/17 08:45:47.0077	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/11/17 08:45:47.0123	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/11/17 08:45:47.0201	DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2010/11/17 08:45:47.0279	disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2010/11/17 08:45:47.0357	drmkaud         (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2010/11/17 08:45:47.0404	DXGKrnl         (a2b160c1bb13ee3303c342e551373c59) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/17 08:45:47.0482	E100B           (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2010/11/17 08:45:47.0545	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/11/17 08:45:47.0623	Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2010/11/17 08:45:47.0685	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/11/17 08:45:47.0794	enodpl          (b4556f3d468c8dcb0b259d9d866cd4c4) C:\Windows\system32\drivers\enodpl.sys
2010/11/17 08:45:47.0825	fastfat         (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2010/11/17 08:45:47.0872	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/17 08:45:47.0919	FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2010/11/17 08:45:47.0950	Filetrace       (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2010/11/17 08:45:47.0997	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/17 08:45:48.0044	FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2010/11/17 08:45:48.0091	Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/17 08:45:48.0153	FTDIBUS         (47b9cf937ac479046da289bd5a769ce9) C:\Windows\system32\drivers\ftdibus.sys
2010/11/17 08:45:48.0200	FTSER2K         (216b9a2191676034999785c7f94fa5d6) C:\Windows\system32\drivers\ftser2k.sys
2010/11/17 08:45:48.0247	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/17 08:45:48.0293	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/11/17 08:45:48.0403	grmnusb         (d956358054e99e6ffac69cd87e893a89) C:\Windows\system32\drivers\grmnusb.sys
2010/11/17 08:45:48.0481	hamachi         (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
2010/11/17 08:45:48.0543	HdAudAddService (de4020f928a2f8a6327f5687f36d361b) C:\Windows\system32\drivers\CHDART.sys
2010/11/17 08:45:48.0590	HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/17 08:45:48.0637	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\DRIVERS\hidbth.sys
2010/11/17 08:45:48.0699	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/11/17 08:45:48.0761	HidUsb          (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/17 08:45:48.0808	hotcore2        (65c8824cbe8c17219a98b445610d2c75) C:\Windows\system32\drivers\hotcore2.sys
2010/11/17 08:45:48.0839	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/11/17 08:45:48.0917	HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/11/17 08:45:48.0980	HSF_DPV         (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/11/17 08:45:49.0058	HSXHWAZL        (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/11/17 08:45:49.0136	HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2010/11/17 08:45:49.0198	hwdatacard      (1720966d9c7ea5e2d78b6db92d2f9171) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2010/11/17 08:45:49.0276	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/11/17 08:45:49.0339	i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/17 08:45:49.0463	ialm            (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/11/17 08:45:49.0573	iaStor          (de01bf14ffb150c779fd561bd0e3c5c5) C:\Windows\system32\drivers\iastor.sys
2010/11/17 08:45:49.0651	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/11/17 08:45:49.0791	igfx            (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/11/17 08:45:49.0853	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/11/17 08:45:49.0900	intelide        (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys
2010/11/17 08:45:49.0931	intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/17 08:45:49.0978	IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/17 08:45:50.0025	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/17 08:45:50.0072	IPNAT           (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/17 08:45:50.0119	IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2010/11/17 08:45:50.0165	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/11/17 08:45:50.0212	iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/17 08:45:50.0243	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/11/17 08:45:50.0290	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/11/17 08:45:50.0353	JGOGO           (c995c0e8b4503fac38793bb0236ad246) C:\Windows\system32\drivers\jgogo.sys
2010/11/17 08:45:50.0399	JRAID           (6568289bc2e9ca3e8082817f0933685b) C:\Windows\system32\drivers\jraid.sys
2010/11/17 08:45:50.0446	kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/17 08:45:50.0509	kbdhid          (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/17 08:45:50.0587	KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/17 08:45:50.0665	lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/17 08:45:50.0711	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/17 08:45:50.0743	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/17 08:45:50.0805	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/17 08:45:50.0836	luafv           (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2010/11/17 08:45:50.0883	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/11/17 08:45:50.0930	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/11/17 08:45:50.0992	Modem           (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2010/11/17 08:45:51.0055	monitor         (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/17 08:45:51.0101	mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/17 08:45:51.0133	mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/17 08:45:51.0164	MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2010/11/17 08:45:51.0195	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/11/17 08:45:51.0242	mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/17 08:45:51.0273	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/17 08:45:51.0335	MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2010/11/17 08:45:51.0382	mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/17 08:45:51.0429	mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/17 08:45:51.0445	mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/17 08:45:51.0491	msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2010/11/17 08:45:51.0523	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/11/17 08:45:51.0569	Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2010/11/17 08:45:51.0601	msisadrv        (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2010/11/17 08:45:51.0647	MSKSSRV         (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/17 08:45:51.0694	MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/17 08:45:51.0725	MSPQM           (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2010/11/17 08:45:51.0757	MsRPC           (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2010/11/17 08:45:51.0788	mssmbios        (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/17 08:45:51.0819	MSTEE           (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2010/11/17 08:45:51.0866	Mup             (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2010/11/17 08:45:51.0928	NativeWifiP     (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/17 08:45:51.0991	NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2010/11/17 08:45:52.0037	NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/17 08:45:52.0069	Ndisuio         (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/17 08:45:52.0100	NdisWan         (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/17 08:45:52.0131	NDProxy         (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2010/11/17 08:45:52.0147	NetBIOS         (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/17 08:45:52.0178	netbt           (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/17 08:45:52.0318	NETw3v32        (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
2010/11/17 08:45:52.0396	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/11/17 08:45:52.0427	Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2010/11/17 08:45:52.0474	nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/17 08:45:52.0568	Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2010/11/17 08:45:52.0630	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/11/17 08:45:52.0661	Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2010/11/17 08:45:52.0708	nvatabus        (7d960340be5b0e008bb94e4c3b991339) C:\Windows\system32\drivers\nvatabus.sys
2010/11/17 08:45:52.0739	nvraid          (52f54c59a0ec7920c23638313e99e43c) C:\Windows\system32\drivers\nvraid.sys
2010/11/17 08:45:52.0771	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/11/17 08:45:52.0802	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/11/17 08:45:52.0895	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/17 08:45:52.0958	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/11/17 08:45:52.0973	partmgr         (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2010/11/17 08:45:53.0020	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/11/17 08:45:53.0051	pci             (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2010/11/17 08:45:53.0083	pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2010/11/17 08:45:53.0129	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/11/17 08:45:53.0192	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/11/17 08:45:53.0317	PptpMiniport    (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/17 08:45:53.0348	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/11/17 08:45:53.0426	PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/17 08:45:53.0488	qkbfiltr        (3a9036152131478f2d6e1e8531df6825) C:\Windows\system32\DRIVERS\qkbfiltr.sys
2010/11/17 08:45:53.0582	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/11/17 08:45:53.0644	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/11/17 08:45:53.0675	QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/17 08:45:53.0707	RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/17 08:45:53.0753	Rasl2tp         (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/17 08:45:53.0769	RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/17 08:45:53.0800	rdbss           (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/17 08:45:53.0831	RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/17 08:45:53.0878	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/11/17 08:45:53.0894	RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/17 08:45:53.0941	RDPWD           (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2010/11/17 08:45:54.0003	RFCOMM          (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/11/17 08:45:54.0050	rimmptsk        (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/11/17 08:45:54.0097	rimsptsk        (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/11/17 08:45:54.0143	RimUsb          (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2010/11/17 08:45:54.0190	RimVSerPort     (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2010/11/17 08:45:54.0253	rismxdp         (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/11/17 08:45:54.0315	ROOTMODEM       (d49d61312b273de069584d48c81c8b1d) C:\Windows\system32\Drivers\RootMdm.sys
2010/11/17 08:45:54.0362	rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/17 08:45:54.0471	SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/17 08:45:54.0487	SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/11/17 08:45:54.0533	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/11/17 08:45:54.0611	sdbus           (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
2010/11/17 08:45:54.0643	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/17 08:45:54.0705	Sentinel        (aebba7428a6c40cce3c5abde45190b24) C:\Windows\System32\Drivers\SENTINEL.SYS
2010/11/17 08:45:54.0736	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/17 08:45:54.0767	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/11/17 08:45:54.0814	sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2010/11/17 08:45:54.0892	sffdisk         (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/11/17 08:45:54.0923	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/17 08:45:54.0970	sffp_sd         (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/11/17 08:45:55.0001	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/11/17 08:45:55.0048	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/11/17 08:45:55.0079	SiSRaid2        (b8a2f8dcdc75f19962d975727f393920) C:\Windows\system32\drivers\sisraid2.sys
2010/11/17 08:45:55.0111	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/11/17 08:45:55.0173	SLEE_15_DRIVER  (40c0e715e1ebb2d1990c7d79cc0d79e3) C:\Windows\system32\drivers\Sleen15.sys
2010/11/17 08:45:55.0204	Smb             (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2010/11/17 08:45:55.0251	Sntnlusb        (a1ff7d99b199cea1f3df371ba70d2780) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS
2010/11/17 08:45:55.0298	spldr           (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2010/11/17 08:45:55.0376	srv             (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2010/11/17 08:45:55.0423	srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/17 08:45:55.0469	srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/17 08:45:55.0532	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/11/17 08:45:55.0579	swenum          (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/17 08:45:55.0625	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/11/17 08:45:55.0657	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/11/17 08:45:55.0703	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/11/17 08:45:55.0766	SynTP           (2d2c815364a878c7e358d5f549711197) C:\Windows\system32\DRIVERS\SynTP.sys
2010/11/17 08:45:55.0828	tandpl          (126d7b3b4c7b724491c604060e1f4e14) C:\Windows\system32\drivers\tandpl.sys
2010/11/17 08:45:55.0906	Tcpip           (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\drivers\tcpip.sys
2010/11/17 08:45:55.0969	Tcpip6          (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/17 08:45:56.0000	tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/17 08:45:56.0031	TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2010/11/17 08:45:56.0062	TDTCP           (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2010/11/17 08:45:56.0093	tdx             (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/17 08:45:56.0156	TermDD          (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/17 08:45:56.0218	tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/17 08:45:56.0265	tunmp           (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/17 08:45:56.0296	tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/17 08:45:56.0343	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/11/17 08:45:56.0405	udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/17 08:45:56.0452	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/17 08:45:56.0483	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/11/17 08:45:56.0530	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/11/17 08:45:56.0561	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/11/17 08:45:56.0608	umbus           (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/17 08:45:56.0686	USBAAPL         (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/11/17 08:45:56.0749	usbaudio        (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
2010/11/17 08:45:56.0811	usbccgp         (51480458e6e9863f856ebf35aae801b4) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/17 08:45:56.0873	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/11/17 08:45:56.0920	usbehci         (11fa3acbf0de0286829c69e01fe705e4) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/17 08:45:56.0951	usbhub          (6a7858a38b5105731e219e7c6a238730) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/17 08:45:56.0998	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/11/17 08:45:57.0029	usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/17 08:45:57.0092	usbscan         (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2010/11/17 08:45:57.0139	USBSTOR         (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/17 08:45:57.0154	usbuhci         (4013315fed70a2d293b998cbba4022ee) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/17 08:45:57.0263	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/17 08:45:57.0310	VgaSave         (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2010/11/17 08:45:57.0373	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/11/17 08:45:57.0404	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/11/17 08:45:57.0435	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/11/17 08:45:57.0497	viamraid        (9f3f276c7300ed211129757a411b605f) C:\Windows\system32\drivers\viamraid.sys
2010/11/17 08:45:57.0560	volmgr          (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2010/11/17 08:45:57.0622	volmgrx         (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2010/11/17 08:45:57.0653	volsnap         (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2010/11/17 08:45:57.0700	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/11/17 08:45:57.0747	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/11/17 08:45:57.0778	Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/17 08:45:57.0794	Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/17 08:45:57.0856	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/11/17 08:45:57.0919	Wdf01000        (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/17 08:45:58.0028	winachsf        (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/11/17 08:45:58.0106	WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/11/17 08:45:58.0184	WpdUsb          (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/11/17 08:45:58.0215	ws2ifsl         (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/17 08:45:58.0262	WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/17 08:45:58.0309	XAudio          (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2010/11/17 08:45:58.0402	================================================================================
2010/11/17 08:45:58.0402	Scan finished
2010/11/17 08:45:58.0402	================================================================================
2010/11/17 08:46:10.0570	Deinitialize success

Kleine Zwischenfrage an dieser Stelle: Für wie wahrscheinlich erachtest du es, dass das System wieder einwandfrei laufen wird? Ich überlege, ob ich bei dieser Gelegenheit mal auf Windows 7 umsteige und das System neu aufsetze.

cosinus · 17.11.2010, 14:24

Hm, keine Funde. Mach mal im abgesicherten Modus einen Lauf mit GMER damit konnte ich letztens erst bei einem Nachbarn das Windows auf seinem Netbook retten ohne format c:

Jonas66 · 17.11.2010, 18:28

Code:

ATTFilter

GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-17 16:46:18
Windows 6.0.6000  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD12 rev.04.0
Running: vc8x5ep7.exe; Driver: C:\Users\***\AppData\Local\Temp\pwadyaoc.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                                         [7429FBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                                     [7426B9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                               [7425A31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                                 [7425CBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                                      [74258AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                                             [7426CF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                                     [74257D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                                      [74257CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                                       [74256A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                                               [742EC1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                                                  [74277F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                                     [742590CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                               [74262179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                                              [742621A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                                        [74267F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                                         [74267D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                                          [742983D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                                      Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid                                                                                                             556
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations                                                                            \??\C:\Users\***\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\index.dat??\??\C:\Users\***\AppData\Local\MICROS~1\Windows\History\History.IE5\index.dat??\??\C:\Users\***\AppData\Local\MICROS~1\Windows\History\History.IE5\MSHIST~2\index.dat??\??\C:\Users\***\AppData\Roaming\MICROS~1\Windows\IETLDC~1\index.dat??\??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir??\??\C:\test0123?\??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management@ExistingPageFiles                                                                    \??\C:\pagefile.sys?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId                                                            1613
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime                                                          304253038
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@VideoInitTime                                                     0
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID                                                                                             012d0853-d0d1-4298-8770-a885e89
Reg             HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter                                                                               2
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011e2fc3aa1                                                                                  
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011e2fc3aa1@00119f595885                                                                     0x9B 0x52 0x19 0x33 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011e2fc3aa1@000f86903db2                                                                     0xAB 0x1F 0x6D 0x3E ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@ReadyBootPlanUsage                                                                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootStatus                                                                                      0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                                              21881
Reg             HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS                                                                                         667
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{611233CE-9FF0-4A73-8032-8E8A799B114D}@LeaseObtainedTime                                  1289894347
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{611233CE-9FF0-4A73-8032-8E8A799B114D}@T1                                                 1290196747
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{611233CE-9FF0-4A73-8032-8E8A799B114D}@T2                                                 1290423547
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{611233CE-9FF0-4A73-8032-8E8A799B114D}@LeaseTerminatesTime                                1290499147
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{0cd3b578-61f0-4015-88eb-134b6d596d34}@Dhcpv6Iaid                                        151001975
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{0cd3b578-61f0-4015-88eb-134b6d596d34}@Dhcpv6State                                       0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{0cd3b578-61f0-4015-88eb-134b6d596d34}@NameServer                                        
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{0cd3b578-61f0-4015-88eb-134b6d596d34}@Domain                                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{4e92352a-72ec-43a1-9c52-226a806baf9e}@Dhcpv6Iaid                                        318898260
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{4e92352a-72ec-43a1-9c52-226a806baf9e}@Dhcpv6State                                       0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{57c4973b-2757-46fc-8abc-d867c898a568}@Dhcpv6Iaid                                        335564886
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{57c4973b-2757-46fc-8abc-d867c898a568}@Dhcpv6State                                       0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{57c4973b-2757-46fc-8abc-d867c898a568}@NameServer                                        
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{57c4973b-2757-46fc-8abc-d867c898a568}@Domain                                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{611233ce-9ff0-4a73-8032-8e8a799b114d}@Dhcpv6Iaid                                        201333540
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{611233ce-9ff0-4a73-8032-8e8a799b114d}@Dhcpv6State                                       0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{611233ce-9ff0-4a73-8032-8e8a799b114d}@NameServer                                        
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{611233ce-9ff0-4a73-8032-8e8a799b114d}@Domain                                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid                                        117445666
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State                                       0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ee0f16a9-2cd9-49cd-8cf6-b391af9f1768}@Dhcpv6Iaid                                        369119318
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ee0f16a9-2cd9-49cd-8cf6-b391af9f1768}@Dhcpv6State                                       0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ee0f16a9-2cd9-49cd-8cf6-b391af9f1768}@NameServer                                        
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ee0f16a9-2cd9-49cd-8cf6-b391af9f1768}@Domain                                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid                                        100668450
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State                                       0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{fb65f9d8-0bbf-4b39-aa3a-41e0418a8b6f}@Dhcpv6Iaid                                        301994466
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{fb65f9d8-0bbf-4b39-aa3a-41e0418a8b6f}@Dhcpv6State                                       0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{fb65f9d8-0bbf-4b39-aa3a-41e0418a8b6f}@NameServer                                        
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{fb65f9d8-0bbf-4b39-aa3a-41e0418a8b6f}@Domain                                            
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011e2fc3aa1 (not active ControlSet)                                                              
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011e2fc3aa1@00119f595885                                                                         0x9B 0x52 0x19 0x33 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011e2fc3aa1@000f86903db2                                                                         0xAB 0x1F 0x6D 0x3E ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021091A0070400000000000F01FEC\Usage@OneNoteFilesIntl_1031             1030751820
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021092B0070400000000000F01FEC\Usage@MsoExportPdf                      1030765387
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021092B0070400000000000F01FEC\Usage@MsoExportXps                      1030765277
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109A10070400000000000F01FEC\Usage@OutlookMAPI2Intl_1031             1030780924
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109A10070400000000000F01FEC\Usage@OUTLOOKFilesIntl_1031             1030750994
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10001400000000000F01FEC\Usage@SpellingAndGrammarFilesExp1_1040  1030753026
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10070400000000000F01FEC\Usage@SpellingAndGrammarFiles_1031      1030754482
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10090400000000000F01FEC\Usage@SpellingAndGrammarFiles_1033      1030754437
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F100C0400000000000F01FEC\Usage@SpellingAndGrammarFiles_1036      1030753075
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119030000000000000000F01FEC\Usage@OUTLOOKFiles                      1030753500
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119030000000000000000F01FEC\Usage@ProductFiles                      1030758609
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119030000000000000000F01FEC\Usage@EXCELFiles                        1030756779
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119030000000000000000F01FEC\Usage@WORDFiles                         1030754513
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119150000000000000000F01FEC\Usage@ProductFiles                      1030751132
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119150000000000000000F01FEC\Usage@AlwaysInstalled                   1030751425
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\704000001E872D116BF00006799C897E\Usage@SpellingFiles                     1030758874
Reg             HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{52C5ACC0-8173-4A6A-8B23-B88FD2EABB0C}                                                           

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                                                        sector 09: copy of MBR

---- EOF - GMER 1.0.15 ----

Im normalen Modus hochfahren geht nach wie vor nicht. Wenn ich neu aufsetze, kann ich dann alle Dateien mitnehmen? Ich wollte die Outlook Daten mit MOBackup und die Firefox Daten mit MozBackup sichern. Kann ich das machen, oder besteht dabei die Gefahr, dass ich ein Rootkit mitnehme?

cosinus · 17.11.2010, 19:27

Ich seh da keine Hinweise, leider

Es wird wohl auf format c: hinauslaufen. Du kannst selbstverständlich relevante Daten sichern, aber bitte nichts Ausführbares. Dann nimmste auch keine Schädlinge mit.

Tut mit Leid für dich! Dass nach der CF-Anwendung das System nicht mehr richtig hochfährt ist ziemlich selten.

Jonas66 · 18.11.2010, 08:24

Ja, letztlich hat CF dem System den Rest gegeben, aber auf Dauer mit den Rootkits leben, wäre ja auch keine Lösung gewesen. Da das System seit 3 Jahren lief, hatte es das eh mal nötig. Die Passwörter sollte ich wahrscheinlich alle ändern, oder? Wie wahrscheinlich ist es, das Passwörter ausgespäht wurden?

Ansonsten,

für die investierte Zeit und bis hoffentlich nicht so bald wieder

cosinus · 18.11.2010, 13:43

Zitat:

Wie wahrscheinlich ist es, das Passwörter ausgespäht wurden?

Bei Befall kann das immer sein. Aber unmöglich eine genaue Prozentzahl anzugeben!
Änder einfach alle Passwörter wenn das System wieder frisch ist.

17.11.2010, 08:39	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	ThinkPoint vollständig entfernt? Das Log bringt mir leider nichts... Führ mal im abgesicherten Modus das Kaspersky-TDSS-Tool aus => http://www.trojaner-board.de/82358-t...entfernen.html __________________ __________________

17.11.2010, 14:24	#20
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	ThinkPoint vollständig entfernt? Hm, keine Funde. Mach mal im abgesicherten Modus einen Lauf mit GMER damit konnte ich letztens erst bei einem Nachbarn das Windows auf seinem Netbook retten ohne format c: __________________ Logfiles bitte immer in CODE-Tags posten

ThinkPoint vollständig entfernt?

Plagegeister aller Art und deren Bekämpfung: ThinkPoint vollständig entfernt?