Windows 7 Recovery Trojaner

Cordoba1984 · 26.05.2011, 06:29

2011/05/26 07:28:02.0893 3088 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/26 07:28:03.0018 3088 ================================================================================
2011/05/26 07:28:03.0018 3088 SystemInfo:
2011/05/26 07:28:03.0018 3088
2011/05/26 07:28:03.0018 3088 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/26 07:28:03.0018 3088 Product type: Workstation
2011/05/26 07:28:03.0018 3088 ComputerName: MAZZAUNDNADD-PC
2011/05/26 07:28:03.0018 3088 UserName: Mazza und Naddl
2011/05/26 07:28:03.0018 3088 Windows directory: C:\Windows
2011/05/26 07:28:03.0018 3088 System windows directory: C:\Windows
2011/05/26 07:28:03.0018 3088 Processor architecture: Intel x86
2011/05/26 07:28:03.0018 3088 Number of processors: 2
2011/05/26 07:28:03.0018 3088 Page size: 0x1000
2011/05/26 07:28:03.0018 3088 Boot type: Normal boot
2011/05/26 07:28:03.0018 3088 ================================================================================
2011/05/26 07:28:03.0548 3088 Initialize success
2011/05/26 07:28:10.0444 0152 ================================================================================
2011/05/26 07:28:10.0444 0152 Scan started
2011/05/26 07:28:10.0444 0152 Mode: Manual;
2011/05/26 07:28:10.0444 0152 ================================================================================
2011/05/26 07:28:11.0083 0152 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/26 07:28:11.0130 0152 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/26 07:28:11.0177 0152 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/26 07:28:11.0239 0152 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/26 07:28:11.0286 0152 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/26 07:28:11.0380 0152 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/26 07:28:11.0458 0152 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/05/26 07:28:11.0504 0152 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/26 07:28:11.0551 0152 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/05/26 07:28:11.0614 0152 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/26 07:28:11.0645 0152 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/05/26 07:28:11.0676 0152 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/26 07:28:11.0738 0152 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/26 07:28:11.0785 0152 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/26 07:28:11.0832 0152 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/05/26 07:28:11.0863 0152 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/26 07:28:11.0894 0152 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/05/26 07:28:12.0004 0152 AnyDVD (11fce73ff0e59b48899a6ff5d3dfb710) C:\Windows\system32\Drivers\AnyDVD.sys
2011/05/26 07:28:12.0066 0152 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/05/26 07:28:12.0128 0152 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/05/26 07:28:12.0175 0152 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/26 07:28:12.0206 0152 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/26 07:28:12.0253 0152 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/26 07:28:12.0362 0152 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/26 07:28:12.0425 0152 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/26 07:28:12.0503 0152 avmeject (263cf9d248fd5e020a1333ed4f7eaa88) C:\Windows\system32\drivers\avmeject.sys
2011/05/26 07:28:12.0596 0152 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/05/26 07:28:12.0659 0152 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/26 07:28:12.0721 0152 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/05/26 07:28:12.0830 0152 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/26 07:28:12.0908 0152 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/26 07:28:12.0940 0152 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/26 07:28:12.0955 0152 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/26 07:28:13.0018 0152 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/05/26 07:28:13.0049 0152 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/26 07:28:13.0080 0152 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/26 07:28:13.0111 0152 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/26 07:28:13.0142 0152 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/26 07:28:13.0252 0152 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/26 07:28:13.0314 0152 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/26 07:28:13.0392 0152 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/26 07:28:13.0454 0152 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/05/26 07:28:13.0517 0152 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/26 07:28:13.0564 0152 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/26 07:28:13.0626 0152 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/05/26 07:28:13.0688 0152 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/26 07:28:13.0735 0152 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/26 07:28:13.0766 0152 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/26 07:28:13.0813 0152 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/05/26 07:28:13.0860 0152 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/05/26 07:28:13.0907 0152 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/05/26 07:28:14.0000 0152 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/05/26 07:28:14.0047 0152 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/26 07:28:14.0234 0152 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/05/26 07:28:14.0375 0152 ElbyCDIO (309ac30471a0f1c3a89dee1c81230576) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/05/26 07:28:14.0453 0152 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/26 07:28:14.0484 0152 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/26 07:28:14.0531 0152 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/05/26 07:28:14.0578 0152 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/05/26 07:28:14.0624 0152 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/26 07:28:14.0671 0152 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/05/26 07:28:14.0718 0152 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/05/26 07:28:14.0765 0152 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/26 07:28:14.0827 0152 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/05/26 07:28:14.0874 0152 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/05/26 07:28:14.0890 0152 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/26 07:28:14.0936 0152 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/26 07:28:14.0983 0152 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/26 07:28:15.0014 0152 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/26 07:28:15.0061 0152 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/26 07:28:15.0108 0152 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/05/26 07:28:15.0170 0152 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/26 07:28:15.0202 0152 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/26 07:28:15.0217 0152 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/26 07:28:15.0264 0152 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/26 07:28:15.0311 0152 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/26 07:28:15.0342 0152 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/26 07:28:15.0404 0152 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/05/26 07:28:15.0467 0152 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/26 07:28:15.0514 0152 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/26 07:28:15.0576 0152 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/05/26 07:28:15.0623 0152 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/26 07:28:15.0732 0152 IntcAzAudAddService (2deb2538c9372568bb67b5fdf2359790) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/26 07:28:15.0919 0152 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/26 07:28:15.0966 0152 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/26 07:28:16.0028 0152 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/26 07:28:16.0060 0152 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/05/26 07:28:16.0106 0152 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/05/26 07:28:16.0138 0152 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/26 07:28:16.0169 0152 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/26 07:28:16.0216 0152 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/26 07:28:16.0231 0152 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/26 07:28:16.0294 0152 kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
2011/05/26 07:28:16.0387 0152 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/26 07:28:16.0418 0152 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/26 07:28:16.0512 0152 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/26 07:28:16.0574 0152 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/26 07:28:16.0606 0152 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/26 07:28:16.0637 0152 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/26 07:28:16.0652 0152 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/26 07:28:16.0699 0152 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/05/26 07:28:16.0730 0152 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/26 07:28:16.0777 0152 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/26 07:28:16.0840 0152 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/05/26 07:28:16.0871 0152 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/26 07:28:16.0918 0152 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/26 07:28:16.0949 0152 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/26 07:28:16.0964 0152 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/05/26 07:28:17.0011 0152 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/26 07:28:17.0058 0152 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/26 07:28:17.0089 0152 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/05/26 07:28:17.0136 0152 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/26 07:28:17.0183 0152 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/26 07:28:17.0214 0152 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/26 07:28:17.0292 0152 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/26 07:28:17.0323 0152 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/26 07:28:17.0401 0152 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/05/26 07:28:17.0432 0152 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/26 07:28:17.0479 0152 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/26 07:28:17.0542 0152 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/26 07:28:17.0573 0152 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/26 07:28:17.0604 0152 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/05/26 07:28:17.0635 0152 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/05/26 07:28:17.0682 0152 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/26 07:28:17.0713 0152 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/05/26 07:28:17.0744 0152 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/26 07:28:17.0776 0152 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/05/26 07:28:17.0822 0152 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/26 07:28:17.0869 0152 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/05/26 07:28:17.0932 0152 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/26 07:28:17.0963 0152 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/26 07:28:17.0994 0152 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/26 07:28:18.0025 0152 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/26 07:28:18.0041 0152 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/05/26 07:28:18.0088 0152 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/26 07:28:18.0103 0152 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/26 07:28:18.0197 0152 netr28u (9929b7d15cb87ee2dcb2060dae623a62) C:\Windows\system32\DRIVERS\netr28u.sys
2011/05/26 07:28:18.0306 0152 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/26 07:28:18.0337 0152 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/05/26 07:28:18.0384 0152 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/26 07:28:18.0462 0152 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/05/26 07:28:18.0509 0152 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/05/26 07:28:18.0556 0152 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2011/05/26 07:28:18.0821 0152 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/26 07:28:19.0180 0152 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/05/26 07:28:19.0242 0152 nvrd32 (f2abab0c99237ce4e97478af2e0438a0) C:\Windows\system32\drivers\nvrd32.sys
2011/05/26 07:28:19.0289 0152 nvsmu (7ec12a73067baca25a8e3e2a58ae83d8) C:\Windows\system32\drivers\nvsmu.sys
2011/05/26 07:28:19.0351 0152 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/05/26 07:28:19.0382 0152 nvstor32 (8ffb327669b980549bd318d939a34f9b) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/05/26 07:28:19.0445 0152 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/26 07:28:19.0492 0152 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/26 07:28:19.0570 0152 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/05/26 07:28:19.0601 0152 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/05/26 07:28:19.0648 0152 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/26 07:28:19.0710 0152 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/05/26 07:28:19.0757 0152 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/26 07:28:19.0788 0152 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/26 07:28:19.0850 0152 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\Windows\system32\Drivers\pcouffin.sys
2011/05/26 07:28:19.0897 0152 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/05/26 07:28:19.0944 0152 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/05/26 07:28:20.0069 0152 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/26 07:28:20.0100 0152 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/05/26 07:28:20.0194 0152 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/26 07:28:20.0240 0152 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/26 07:28:20.0318 0152 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/26 07:28:20.0381 0152 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/26 07:28:20.0428 0152 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/26 07:28:20.0443 0152 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/26 07:28:20.0474 0152 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/26 07:28:20.0537 0152 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/26 07:28:20.0584 0152 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/26 07:28:20.0615 0152 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/26 07:28:20.0630 0152 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/26 07:28:20.0677 0152 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/26 07:28:20.0708 0152 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/26 07:28:20.0755 0152 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/26 07:28:20.0771 0152 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/26 07:28:20.0802 0152 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/05/26 07:28:20.0833 0152 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/05/26 07:28:20.0911 0152 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/26 07:28:20.0942 0152 RxFilter (9235d02fabbd1deee6b7adb0a0a23300) C:\Windows\system32\DRIVERS\RxFilter.sys
2011/05/26 07:28:21.0005 0152 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/26 07:28:21.0036 0152 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/26 07:28:21.0145 0152 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/26 07:28:21.0223 0152 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/26 07:28:21.0270 0152 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/05/26 07:28:21.0317 0152 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/26 07:28:21.0410 0152 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/26 07:28:21.0457 0152 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/26 07:28:21.0504 0152 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/26 07:28:21.0535 0152 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/26 07:28:21.0598 0152 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/05/26 07:28:21.0629 0152 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/26 07:28:21.0676 0152 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/26 07:28:21.0707 0152 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/05/26 07:28:21.0769 0152 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/05/26 07:28:21.0832 0152 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/05/26 07:28:21.0972 0152 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/05/26 07:28:22.0050 0152 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/26 07:28:22.0128 0152 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/26 07:28:22.0206 0152 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/26 07:28:22.0284 0152 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/26 07:28:22.0378 0152 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/26 07:28:22.0471 0152 tbhsd (77bd6143c6dce0a1bf7b5571bed860dc) C:\Windows\system32\drivers\tbhsd.sys
2011/05/26 07:28:22.0565 0152 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/05/26 07:28:22.0643 0152 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/26 07:28:22.0721 0152 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/26 07:28:22.0752 0152 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/05/26 07:28:22.0783 0152 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/26 07:28:22.0830 0152 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/26 07:28:22.0861 0152 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/26 07:28:22.0970 0152 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/26 07:28:23.0002 0152 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/26 07:28:23.0033 0152 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/26 07:28:23.0048 0152 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/26 07:28:23.0095 0152 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/26 07:28:23.0158 0152 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/26 07:28:23.0204 0152 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/26 07:28:23.0251 0152 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/26 07:28:23.0329 0152 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/26 07:28:23.0392 0152 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/26 07:28:23.0438 0152 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/26 07:28:23.0516 0152 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/26 07:28:23.0548 0152 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/26 07:28:23.0594 0152 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/26 07:28:23.0641 0152 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/26 07:28:23.0672 0152 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/26 07:28:23.0688 0152 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
2011/05/26 07:28:23.0750 0152 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/26 07:28:23.0782 0152 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/26 07:28:23.0813 0152 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/05/26 07:28:23.0860 0152 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/26 07:28:23.0891 0152 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/05/26 07:28:23.0922 0152 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/05/26 07:28:23.0953 0152 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/26 07:28:23.0984 0152 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/26 07:28:24.0016 0152 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/05/26 07:28:24.0047 0152 volsnap (7c28b63e4c9e5c3be7ffe53789593619) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/26 07:28:24.0062 0152 Suspicious file (Forged): C:\Windows\system32\DRIVERS\volsnap.sys. Real md5: 7c28b63e4c9e5c3be7ffe53789593619, Fake md5: 80a764f8c4abd7a49c4ee9e3706adcc3
2011/05/26 07:28:24.0062 0152 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/05/26 07:28:24.0094 0152 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/26 07:28:24.0125 0152 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/05/26 07:28:24.0172 0152 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/26 07:28:24.0187 0152 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/26 07:28:24.0203 0152 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/26 07:28:24.0265 0152 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/05/26 07:28:24.0328 0152 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/26 07:28:24.0468 0152 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/26 07:28:24.0499 0152 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/05/26 07:28:24.0593 0152 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/26 07:28:24.0655 0152 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/26 07:28:24.0749 0152 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/26 07:28:24.0811 0152 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/05/26 07:28:24.0874 0152 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/26 07:28:24.0936 0152 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/05/26 07:28:24.0967 0152 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
2011/05/26 07:28:24.0967 0152 ================================================================================
2011/05/26 07:28:24.0967 0152 Scan finished
2011/05/26 07:28:24.0967 0152 ================================================================================
2011/05/26 07:28:24.0983 3640 Detected object count: 1
2011/05/26 07:28:24.0983 3640 Actual detected object count: 1
2011/05/26 07:29:09.0459 3640 volsnap (7c28b63e4c9e5c3be7ffe53789593619) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/26 07:29:09.0459 3640 Suspicious file (Forged): C:\Windows\system32\DRIVERS\volsnap.sys. Real md5: 7c28b63e4c9e5c3be7ffe53789593619, Fake md5: 80a764f8c4abd7a49c4ee9e3706adcc3
2011/05/26 07:29:10.0754 3640 Backup copy found, using it..
2011/05/26 07:29:10.0770 3640 C:\Windows\system32\DRIVERS\volsnap.sys - will be cured after reboot
2011/05/26 07:29:10.0770 3640 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure

cosinus · 26.05.2011, 09:51

TDSS wurde erkannt und entfernt. Bitte Windows neu starten und zur Kontrolle ein neues Log mit dem Kaspersky-TDSS-Killer machen.

Cordoba1984 · 26.05.2011, 10:18

Ok vielen Dank erstmal. Wenn ich heute Abend nach Hause komme werde ich auf jeden Fall noch einmal einen scan machen und die Log posten...

Aber: Heute morgen waren trotz Neustart unter "alle programme" noch keine Programme sichtbar! Zumindest nicht die Icons. Es stand überall "leer". Was kann man da machen???

Vielen Dank...

cosinus · 26.05.2011, 10:41

Durch die Infektion wurde dein Startmenü leergefegt, bei mir bisher bekannten Varianten verschiebt der Schädling alle Verknüpfungen nach %tmp%\smtmp

Eigentlich sollte unhide die Verküpfungen selbst zurück an die richtige Stelle kopieren. Wenn nicht, mach es selbst.

Deine Verknüpfungen sollten jetzt hier sein:

C:\Users\[DEIN_NAME]\AppData\Local\Temp\smtmp

Sie müssen passend nach

C:\ProgramData\Microsoft\Windows\Start Menu\Programs

kopiert werden.

Cordoba1984 · 26.05.2011, 18:02

Okay, der erneute Scan mit TDSS hat ergeben, dass keine Schädlinge gefunden wurden.

Jedoch finde ich dies nicht:
C:\Users\[DEIN_NAME]\AppData\Local\Temp\"smtmp"

Bis "Temp" ist alles klar, aber "smtmp" finde ich nicht...

DANKE!!!

cosinus · 26.05.2011, 19:54

Lässt du dir auch alle Dateien anzeigen? versteckte und geschützte Systemdateien? => http://www.trojaner-board.de/59624-a...-sichtbar.html

Cordoba1984 · 26.05.2011, 20:23

Ja, habe alle Dateien sichtbar gemacht. Trotzdem finde ich leider die Datei nicht...

cosinus · 26.05.2011, 20:36

Dann isses weg. Vllt findest du noch was über die Dateisuche wieder - oder hast du selbst den Tempbereich mit sowas wie CCleaner o.ä. geleert?

Cordoba1984 · 26.05.2011, 20:46

Ja, hab ich :-(

Kann man da noch was machen??

Cordoba1984 · 26.05.2011, 20:49

Bei den Programmen und "Alle Programme" ist auch noch "Windows 7 Recovery" Darin ist einmal das "Programm" und einmal "Uninstall Windows 7 Recovery"
Ich hab mich nicht getraut eine Datei von beiden anzuklicken. Ist das ein echtes Programm oder ist das der Kram, den ich seit Tagen versuche weg zu bekommen???

Ich muss mich an diese Stelle noch mal ausdrücklich bei Dir bedanken! Echt wahnsinn, wie du dich für "fremde" Leute einsetzt und wie viel Ahnung du hast!! Respekt!

cosinus · 26.05.2011, 20:55

Nö, dann sind die Verknüpfungen weg. Soweit bekannt, verschiebt der Schädling die nur nach temp, wenn dann dieser Ordner gelöscht wird ist er weg. Und das Startmenü leer

Mach bitte den TDSS-Killer zur Kontrolle nochmal.

Cordoba1984 · 26.05.2011, 20:58

2011/05/26 21:57:36.0659 3124 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/26 21:57:36.0815 3124 ================================================================================
2011/05/26 21:57:36.0815 3124 SystemInfo:
2011/05/26 21:57:36.0815 3124
2011/05/26 21:57:36.0815 3124 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/26 21:57:36.0815 3124 Product type: Workstation
2011/05/26 21:57:36.0815 3124 ComputerName: MAZZAUNDNADD-PC
2011/05/26 21:57:36.0815 3124 UserName: Mazza und Naddl
2011/05/26 21:57:36.0815 3124 Windows directory: C:\Windows
2011/05/26 21:57:36.0815 3124 System windows directory: C:\Windows
2011/05/26 21:57:36.0815 3124 Processor architecture: Intel x86
2011/05/26 21:57:36.0815 3124 Number of processors: 2
2011/05/26 21:57:36.0815 3124 Page size: 0x1000
2011/05/26 21:57:36.0815 3124 Boot type: Normal boot
2011/05/26 21:57:36.0815 3124 ================================================================================
2011/05/26 21:57:37.0112 3124 Initialize success
2011/05/26 21:57:40.0029 1452 ================================================================================
2011/05/26 21:57:40.0029 1452 Scan started
2011/05/26 21:57:40.0029 1452 Mode: Manual;
2011/05/26 21:57:40.0029 1452 ================================================================================
2011/05/26 21:57:40.0435 1452 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/26 21:57:40.0450 1452 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/26 21:57:40.0481 1452 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/26 21:57:40.0544 1452 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/26 21:57:40.0575 1452 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/26 21:57:40.0606 1452 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/26 21:57:40.0653 1452 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/05/26 21:57:40.0700 1452 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/26 21:57:40.0747 1452 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/05/26 21:57:40.0793 1452 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/26 21:57:40.0840 1452 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/05/26 21:57:40.0871 1452 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/26 21:57:40.0887 1452 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/26 21:57:40.0918 1452 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/26 21:57:40.0965 1452 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/05/26 21:57:41.0027 1452 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/26 21:57:41.0074 1452 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/05/26 21:57:41.0199 1452 AnyDVD (11fce73ff0e59b48899a6ff5d3dfb710) C:\Windows\system32\Drivers\AnyDVD.sys
2011/05/26 21:57:41.0277 1452 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/05/26 21:57:41.0324 1452 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/05/26 21:57:41.0355 1452 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/26 21:57:41.0386 1452 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/26 21:57:41.0417 1452 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/26 21:57:41.0480 1452 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/26 21:57:41.0527 1452 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/26 21:57:41.0573 1452 avmeject (263cf9d248fd5e020a1333ed4f7eaa88) C:\Windows\system32\drivers\avmeject.sys
2011/05/26 21:57:41.0651 1452 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/05/26 21:57:41.0683 1452 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/26 21:57:41.0729 1452 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/05/26 21:57:41.0776 1452 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/26 21:57:41.0823 1452 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/26 21:57:41.0870 1452 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/26 21:57:41.0901 1452 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/26 21:57:41.0948 1452 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/05/26 21:57:41.0979 1452 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/26 21:57:42.0010 1452 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/26 21:57:42.0041 1452 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/26 21:57:42.0073 1452 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/26 21:57:42.0104 1452 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/26 21:57:42.0182 1452 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/26 21:57:42.0244 1452 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/26 21:57:42.0307 1452 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/05/26 21:57:42.0400 1452 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/26 21:57:42.0431 1452 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/26 21:57:42.0463 1452 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/05/26 21:57:42.0494 1452 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/26 21:57:42.0541 1452 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/26 21:57:42.0587 1452 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/26 21:57:42.0665 1452 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/05/26 21:57:42.0712 1452 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/05/26 21:57:42.0759 1452 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/05/26 21:57:42.0837 1452 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/05/26 21:57:42.0899 1452 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/26 21:57:43.0055 1452 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/05/26 21:57:43.0149 1452 ElbyCDIO (309ac30471a0f1c3a89dee1c81230576) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/05/26 21:57:43.0196 1452 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/26 21:57:43.0243 1452 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/26 21:57:43.0274 1452 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/05/26 21:57:43.0305 1452 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/05/26 21:57:43.0352 1452 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/26 21:57:43.0383 1452 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/05/26 21:57:43.0414 1452 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/05/26 21:57:43.0445 1452 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/26 21:57:43.0477 1452 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/05/26 21:57:43.0508 1452 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/05/26 21:57:43.0523 1452 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/26 21:57:43.0570 1452 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/26 21:57:43.0617 1452 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/26 21:57:43.0664 1452 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/26 21:57:43.0742 1452 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/26 21:57:43.0804 1452 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/05/26 21:57:43.0898 1452 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/26 21:57:43.0945 1452 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/26 21:57:44.0007 1452 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/26 21:57:44.0038 1452 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/26 21:57:44.0101 1452 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/26 21:57:44.0179 1452 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/26 21:57:44.0241 1452 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/05/26 21:57:44.0288 1452 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/26 21:57:44.0335 1452 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/26 21:57:44.0397 1452 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/05/26 21:57:44.0444 1452 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/26 21:57:44.0569 1452 IntcAzAudAddService (2deb2538c9372568bb67b5fdf2359790) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/26 21:57:44.0631 1452 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/26 21:57:44.0662 1452 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/26 21:57:44.0709 1452 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/26 21:57:44.0740 1452 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/05/26 21:57:44.0771 1452 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/05/26 21:57:44.0803 1452 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/26 21:57:44.0849 1452 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/26 21:57:44.0881 1452 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/26 21:57:44.0912 1452 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/26 21:57:44.0974 1452 kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
2011/05/26 21:57:45.0005 1452 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/26 21:57:45.0068 1452 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/26 21:57:45.0161 1452 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/26 21:57:45.0224 1452 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/26 21:57:45.0255 1452 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/26 21:57:45.0271 1452 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/26 21:57:45.0302 1452 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/26 21:57:45.0349 1452 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/05/26 21:57:45.0380 1452 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/26 21:57:45.0427 1452 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/26 21:57:45.0473 1452 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/05/26 21:57:45.0489 1452 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/26 21:57:45.0536 1452 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/26 21:57:45.0583 1452 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/26 21:57:45.0614 1452 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/05/26 21:57:45.0661 1452 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/26 21:57:45.0692 1452 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/26 21:57:45.0739 1452 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/05/26 21:57:45.0801 1452 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/26 21:57:45.0832 1452 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/26 21:57:45.0848 1452 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/26 21:57:45.0895 1452 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/26 21:57:45.0910 1452 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/26 21:57:45.0957 1452 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/05/26 21:57:45.0988 1452 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/26 21:57:46.0019 1452 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/26 21:57:46.0066 1452 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/26 21:57:46.0113 1452 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/26 21:57:46.0144 1452 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/05/26 21:57:46.0175 1452 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/05/26 21:57:46.0207 1452 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/26 21:57:46.0222 1452 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/05/26 21:57:46.0253 1452 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/26 21:57:46.0285 1452 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/05/26 21:57:46.0347 1452 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/26 21:57:46.0409 1452 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/05/26 21:57:46.0441 1452 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/26 21:57:46.0472 1452 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/26 21:57:46.0503 1452 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/26 21:57:46.0550 1452 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/26 21:57:46.0565 1452 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/05/26 21:57:46.0597 1452 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/26 21:57:46.0628 1452 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/26 21:57:46.0721 1452 netr28u (9929b7d15cb87ee2dcb2060dae623a62) C:\Windows\system32\DRIVERS\netr28u.sys
2011/05/26 21:57:46.0784 1452 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/26 21:57:46.0815 1452 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/05/26 21:57:46.0862 1452 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/26 21:57:46.0924 1452 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/05/26 21:57:46.0955 1452 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/05/26 21:57:47.0033 1452 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2011/05/26 21:57:47.0314 1452 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/26 21:57:47.0486 1452 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/05/26 21:57:47.0548 1452 nvrd32 (f2abab0c99237ce4e97478af2e0438a0) C:\Windows\system32\drivers\nvrd32.sys
2011/05/26 21:57:47.0595 1452 nvsmu (7ec12a73067baca25a8e3e2a58ae83d8) C:\Windows\system32\drivers\nvsmu.sys
2011/05/26 21:57:47.0626 1452 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/05/26 21:57:47.0673 1452 nvstor32 (8ffb327669b980549bd318d939a34f9b) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/05/26 21:57:47.0735 1452 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/26 21:57:47.0767 1452 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/26 21:57:47.0829 1452 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/05/26 21:57:47.0860 1452 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/05/26 21:57:47.0907 1452 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/26 21:57:47.0954 1452 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/05/26 21:57:48.0001 1452 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/26 21:57:48.0032 1452 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/26 21:57:48.0079 1452 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\Windows\system32\Drivers\pcouffin.sys
2011/05/26 21:57:48.0125 1452 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/05/26 21:57:48.0157 1452 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/05/26 21:57:48.0235 1452 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/26 21:57:48.0266 1452 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/05/26 21:57:48.0313 1452 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/26 21:57:48.0344 1452 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/26 21:57:48.0422 1452 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/26 21:57:48.0515 1452 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/26 21:57:48.0547 1452 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/26 21:57:48.0609 1452 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/26 21:57:48.0640 1452 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/26 21:57:48.0687 1452 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/26 21:57:48.0749 1452 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/26 21:57:48.0796 1452 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/26 21:57:48.0812 1452 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/26 21:57:48.0843 1452 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/26 21:57:48.0859 1452 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/26 21:57:48.0905 1452 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/26 21:57:48.0937 1452 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/26 21:57:48.0983 1452 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/05/26 21:57:49.0015 1452 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/05/26 21:57:49.0124 1452 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/26 21:57:49.0155 1452 RxFilter (9235d02fabbd1deee6b7adb0a0a23300) C:\Windows\system32\DRIVERS\RxFilter.sys
2011/05/26 21:57:49.0249 1452 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/26 21:57:49.0295 1452 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/26 21:57:49.0373 1452 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/26 21:57:49.0467 1452 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/26 21:57:49.0514 1452 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/05/26 21:57:49.0561 1452 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/26 21:57:49.0639 1452 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/26 21:57:49.0670 1452 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/26 21:57:49.0701 1452 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/26 21:57:49.0732 1452 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/26 21:57:49.0748 1452 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/05/26 21:57:49.0779 1452 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/26 21:57:49.0810 1452 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/26 21:57:49.0841 1452 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/05/26 21:57:49.0888 1452 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/05/26 21:57:49.0966 1452 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/05/26 21:57:50.0029 1452 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/05/26 21:57:50.0075 1452 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/26 21:57:50.0107 1452 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/26 21:57:50.0169 1452 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/26 21:57:50.0216 1452 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/26 21:57:50.0263 1452 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/26 21:57:50.0309 1452 tbhsd (77bd6143c6dce0a1bf7b5571bed860dc) C:\Windows\system32\drivers\tbhsd.sys
2011/05/26 21:57:50.0372 1452 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/05/26 21:57:50.0434 1452 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/26 21:57:50.0497 1452 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/26 21:57:50.0543 1452 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/05/26 21:57:50.0559 1452 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/26 21:57:50.0606 1452 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/26 21:57:50.0621 1452 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/26 21:57:50.0684 1452 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/26 21:57:50.0731 1452 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/26 21:57:50.0762 1452 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/26 21:57:50.0793 1452 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/26 21:57:50.0840 1452 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/26 21:57:50.0871 1452 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/26 21:57:50.0918 1452 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/26 21:57:50.0965 1452 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/26 21:57:50.0996 1452 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/26 21:57:51.0058 1452 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/26 21:57:51.0089 1452 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/26 21:57:51.0136 1452 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/26 21:57:51.0167 1452 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/26 21:57:51.0214 1452 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/26 21:57:51.0261 1452 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/26 21:57:51.0308 1452 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/26 21:57:51.0339 1452 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
2011/05/26 21:57:51.0401 1452 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/26 21:57:51.0464 1452 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/26 21:57:51.0495 1452 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/05/26 21:57:51.0526 1452 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/26 21:57:51.0573 1452 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/05/26 21:57:51.0604 1452 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/05/26 21:57:51.0635 1452 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/26 21:57:51.0667 1452 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/26 21:57:51.0682 1452 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/05/26 21:57:51.0745 1452 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/26 21:57:51.0791 1452 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/26 21:57:51.0854 1452 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/05/26 21:57:51.0916 1452 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/26 21:57:51.0947 1452 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/26 21:57:51.0963 1452 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/26 21:57:52.0025 1452 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/05/26 21:57:52.0072 1452 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/26 21:57:52.0197 1452 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/26 21:57:52.0228 1452 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/05/26 21:57:52.0337 1452 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/26 21:57:52.0415 1452 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/26 21:57:52.0478 1452 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/26 21:57:52.0556 1452 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/05/26 21:57:52.0603 1452 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/26 21:57:52.0649 1452 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/05/26 21:57:52.0681 1452 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
2011/05/26 21:57:52.0681 1452 ================================================================================
2011/05/26 21:57:52.0681 1452 Scan finished
2011/05/26 21:57:52.0681 1452 ================================================================================
2011/05/26 21:57:52.0696 3380 Detected object count: 0
2011/05/26 21:57:52.0696 3380 Actual detected object count: 0

cosinus · 26.05.2011, 21:07

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Cordoba1984 · 27.05.2011, 06:02

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-05-26.02 - Mazza und Naddl 27.05.2011   6:55.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3326.2551 [GMT 2:00]
ausgeführt von:: D:\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\midas.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-27 bis 2011-05-27  ))))))))))))))))))))))))))))))
.
.
2011-05-26 20:10 . 2011-05-26 20:10	--------	d-----w-	c:\program files\PFPortChecker
2011-05-26 05:36 . 2011-05-26 05:36	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 20:06 . 2011-05-25 20:06	--------	d-----w-	C:\_OTL
2011-05-25 16:05 . 2011-04-22 19:36	26496	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2011-05-24 16:28 . 2011-05-09 20:46	6962000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{81410CD2-B29A-464E-9356-24C975E2408A}\mpengine.dll
2011-05-23 19:51 . 2011-05-23 19:51	--------	d-----w-	c:\users\Mazza und Naddl\AppData\Local\Diagnostics
2011-05-23 19:43 . 2011-05-23 19:43	--------	d-----w-	c:\program files\CCleaner
2011-05-23 16:13 . 2011-05-23 16:13	--------	d-----w-	c:\windows\system32\SPReview
2011-05-20 10:43 . 2011-05-20 10:43	--------	d-----w-	c:\program files\Loaris
2011-05-20 08:15 . 2011-05-20 08:15	--------	d-----w-	c:\program files\Christian anmachen
2011-05-20 07:50 . 2011-05-20 07:50	--------	d-----w-	c:\users\Mazza und Naddl\AppData\Roaming\Malwarebytes
2011-05-20 07:50 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-20 07:50 . 2011-05-20 07:50	--------	d-----w-	c:\programdata\Malwarebytes
2011-05-20 07:50 . 2011-05-20 08:15	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-05-17 09:37 . 2011-04-09 05:56	123904	----a-w-	c:\windows\system32\poqexec.exe
2011-05-15 19:37 . 2011-05-15 21:50	--------	d-----w-	c:\users\Mazza und Naddl\AppData\Roaming\Apple Computer
2011-05-15 19:37 . 2011-05-15 19:37	--------	d-----w-	c:\users\Mazza und Naddl\AppData\Local\Apple Computer
2011-05-15 19:37 . 2011-05-15 19:37	--------	dc----w-	c:\windows\system32\DRVSTORE
2011-05-15 19:37 . 2009-05-18 11:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-15 19:37 . 2008-04-17 10:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2011-05-15 19:37 . 2011-05-15 19:37	--------	d-----w-	c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-05-15 19:37 . 2011-05-15 19:37	--------	d-----w-	c:\program files\iPod
2011-05-15 19:37 . 2011-05-15 19:37	--------	d-----w-	c:\program files\iTunes
2011-05-15 19:35 . 2011-05-15 19:37	--------	d-----w-	c:\programdata\Apple Computer
2011-05-15 19:35 . 2011-05-15 19:35	--------	d-----w-	c:\program files\Bonjour
2011-05-15 19:35 . 2011-05-15 19:35	--------	d-----w-	c:\programdata\Apple
2011-05-10 21:46 . 2011-03-25 03:06	284160	----a-w-	c:\windows\system32\drivers\usbport.sys
2011-05-10 21:46 . 2011-03-25 03:06	43008	----a-w-	c:\windows\system32\drivers\usbehci.sys
2011-05-10 21:46 . 2011-03-25 03:06	258560	----a-w-	c:\windows\system32\drivers\usbhub.sys
2011-05-10 21:46 . 2011-03-25 03:06	75776	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2011-05-10 21:46 . 2011-03-25 03:06	20480	----a-w-	c:\windows\system32\drivers\usbohci.sys
2011-05-10 21:46 . 2011-03-25 03:06	24064	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2011-05-10 21:46 . 2011-03-25 03:06	5888	----a-w-	c:\windows\system32\drivers\usbd.sys
2011-05-10 21:46 . 2011-04-09 06:13	3957632	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-05-10 21:46 . 2011-04-09 06:13	3901824	----a-w-	c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-26 05:31 . 2009-07-13 23:11	245328	----a-w-	c:\windows\system32\drivers\volsnap.sys
2011-04-26 04:31 . 2011-04-26 04:31	86528	----a-w-	c:\windows\system32\iesysprep.dll
2011-04-26 04:31 . 2011-04-26 04:31	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-04-26 04:31 . 2011-04-26 04:31	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-04-26 04:31 . 2011-04-26 04:31	74752	----a-w-	c:\windows\system32\iesetup.dll
2011-04-26 04:31 . 2011-04-26 04:31	63488	----a-w-	c:\windows\system32\tdc.ocx
2011-04-26 04:31 . 2011-04-26 04:31	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-04-26 04:31 . 2011-04-26 04:31	367104	----a-w-	c:\windows\system32\html.iec
2011-04-26 04:31 . 2011-04-26 04:31	23552	----a-w-	c:\windows\system32\licmgr10.dll
2011-04-26 04:31 . 2011-04-26 04:31	161792	----a-w-	c:\windows\system32\msls31.dll
2011-04-26 04:31 . 2011-04-26 04:31	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2011-04-26 04:31 . 2011-04-26 04:31	1126912	----a-w-	c:\windows\system32\wininet.dll
2011-04-26 04:31 . 2011-04-26 04:31	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-04-26 04:31 . 2011-04-26 04:31	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-04-26 04:31 . 2011-04-26 04:31	35840	----a-w-	c:\windows\system32\imgutil.dll
2011-04-26 04:31 . 2011-04-26 04:31	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-04-26 04:31 . 2011-04-26 04:31	1797632	----a-w-	c:\windows\system32\jscript9.dll
2011-04-26 04:31 . 2011-04-26 04:31	152064	----a-w-	c:\windows\system32\wextract.exe
2011-04-26 04:31 . 2011-04-26 04:31	150528	----a-w-	c:\windows\system32\iexpress.exe
2011-04-26 04:31 . 2011-04-26 04:31	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2011-04-26 04:31 . 2011-04-26 04:31	11776	----a-w-	c:\windows\system32\mshta.exe
2011-04-26 04:31 . 2011-04-26 04:31	101888	----a-w-	c:\windows\system32\admparse.dll
2011-04-06 14:20 . 2011-04-06 14:20	91424	----a-w-	c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20	75040	----a-w-	c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20	197920	----a-w-	c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20	107808	----a-w-	c:\windows\system32\dns-sd.exe
2011-03-17 18:21 . 2010-10-24 10:13	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-03-12 11:31 . 2011-04-27 04:31	442880	----a-w-	c:\windows\system32\XpsPrint.dll
2011-03-11 05:44 . 2011-04-27 04:31	146304	----a-w-	c:\windows\system32\drivers\storport.sys
2011-03-11 05:44 . 2011-04-27 04:31	143744	----a-w-	c:\windows\system32\drivers\nvstor.sys
2011-03-11 05:44 . 2011-04-27 04:31	1210240	----a-w-	c:\windows\system32\drivers\ntfs.sys
2011-03-11 05:44 . 2011-04-27 04:31	117120	----a-w-	c:\windows\system32\drivers\nvraid.sys
2011-03-11 05:43 . 2011-04-27 04:31	332160	----a-w-	c:\windows\system32\drivers\iaStorV.sys
2011-03-11 05:43 . 2011-04-27 04:31	80256	----a-w-	c:\windows\system32\drivers\amdsata.sys
2011-03-11 05:43 . 2011-04-27 04:31	22400	----a-w-	c:\windows\system32\drivers\amdxata.sys
2011-03-11 05:40 . 2011-04-15 18:39	1137664	----a-w-	c:\windows\system32\mfc42.dll
2011-03-11 05:40 . 2011-04-15 18:39	1164288	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-11 05:39 . 2011-04-27 04:31	1686016	----a-w-	c:\windows\system32\esent.dll
2011-03-11 05:37 . 2011-04-27 04:31	74240	----a-w-	c:\windows\system32\fsutil.exe
2011-03-08 05:38 . 2011-04-15 18:39	740864	----a-w-	c:\windows\system32\inetcomm.dll
2011-03-03 05:29 . 2011-04-15 18:40	132608	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27 . 2011-04-15 18:40	28672	----a-w-	c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31 . 2011-04-15 18:39	2331136	----a-w-	c:\windows\system32\win32k.sys
2011-02-26 05:33 . 2011-04-27 04:31	2614784	----a-w-	c:\windows\explorer.exe
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-05-03 14:51 . 2011-04-10 12:34	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2010-01-26 20:29 . 2010-01-26 20:29	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-24 6111232]
"ACTIVBOARD"="c:\program files\Packard Bell\FIJI\aboard.exe" [2007-01-18 79416]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-20 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\users\Mazza und Naddl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2008-04-07 14:09	306112	----a-w-	c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GMX SMS-Manager]
2007-07-19 10:17	3539968	----a-w-	c:\program files\GMX\GMX SMS-Manager\SMSMngr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-01-26 20:29	30192	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18	133432	----a-w-	c:\program files\ICQ7.0\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 16:51	3885408	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2008-04-01 01:54	507904	----a-w-	c:\program files\Winamp Remote\bin\OrbTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 07:03	210472	----a-w-	c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31	247144	----a-w-	c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-20 16:20	28672	----a-w-	c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-10 717296]
R1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2006-12-27 4352]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-01-26 30192]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2009-02-26 147456]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-03 136360]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 netr28u;D-Link USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-04-17 722944]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 26391841
*NewlyCreated* - 45021191
*NewlyCreated* - 80082843
*Deregistered* - 26391841
*Deregistered* - 45021191
*Deregistered* - 80082843
*Deregistered* - AvgTdiX
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-26 c:\windows\Tasks\Erweiterte Garantie-Mazza und Naddl.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-05-26 10:13]
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-270643404-1195899547-1505473874-1000Core.job
- c:\users\Mazza und Naddl\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-13 16:21]
.
2011-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-270643404-1195899547-1505473874-1000UA.job
- c:\users\Mazza und Naddl\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-13 16:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com?o=15003&l=dis
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{08AA63EA-34FE-490D-B23C-D9D8CFFA7EB3}: NameServer = 192.168.0.1
FF - ProfilePath - c:\users\Mazza und Naddl\AppData\Roaming\Mozilla\Firefox\Profiles\isnr1ydq.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-45021191.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-D-Link D-Link Wireless N DWA-140 - c:\program files\D-Link\DWA-140 revB\AirNCFG.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-27  07:02:22
ComboFix-quarantined-files.txt  2011-05-27 05:02
.
Vor Suchlauf: 14 Verzeichnis(se), 370.673.414.144 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 371.233.214.464 Bytes frei
.
- - End Of File - - 365D2511A903CE7B0C291C80125B02E9

--- --- ---

Cordoba1984 · 27.05.2011, 06:09

Ein Hinweis: Wenn ich jetzt irgendeine Datei lösche, kommt die Meldung, dass der Papierkorb beschädigt sei. Es wird gefragt, ob ich direkt unwiderruflich löschen möchte.

EDIT: Nach Restart funktioniert das löschen wieder einwandfrei.

26.05.2011, 09:51	#17
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7 Recovery Trojaner TDSS wurde erkannt und entfernt. Bitte Windows neu starten und zur Kontrolle ein neues Log mit dem Kaspersky-TDSS-Killer machen. __________________ __________________

26.05.2011, 19:54	#21
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7 Recovery Trojaner Lässt du dir auch alle Dateien anzeigen? versteckte und geschützte Systemdateien? => http://www.trojaner-board.de/59624-a...-sichtbar.html __________________ --> Windows 7 Recovery Trojaner

26.05.2011, 20:36	#23
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7 Recovery Trojaner Dann isses weg. Vllt findest du noch was über die Dateisuche wieder - oder hast du selbst den Tempbereich mit sowas wie CCleaner o.ä. geleert? __________________ Logfiles bitte immer in CODE-Tags posten

26.05.2011, 20:55	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7 Recovery Trojaner Nö, dann sind die Verknüpfungen weg. Soweit bekannt, verschiebt der Schädling die nur nach temp, wenn dann dieser Ordner gelöscht wird ist er weg. Und das Startmenü leer Mach bitte den TDSS-Killer zur Kontrolle nochmal. __________________ Logfiles bitte immer in CODE-Tags posten

Windows 7 Recovery Trojaner

Log-Analyse und Auswertung: Windows 7 Recovery Trojaner