Papierkorb kann nicht gelöscht werden.

[JuRiOh]

Habe seit heute das Problem, das der Papierkorb als voll angezeigt wird, ich aber bei einem Doppelklick nichts drin finde. Bei Rechtsklick - Papierkorb leeren wird mir angezeigt das ich 27 Dateien löschen würde (jetzt 20min später sind es sogar 29) anschliessend treten zwei Fehlermeldungen auf:

Dc39 kann nicht gelöscht werden: Der Zugriff wurde verweigert.
Df106 kann nicht gelöscht werden: Der Zugriff wurde verweigert.

anschleissend hört man noch das Geräusch wenn der Papierkorb geleert wird, aber er bleibt immernoch voll. Was kann das sein? Vielen dank im vorraus!
[EDIT:] Kleiner Nachtrag: Mir ist aufgefallen das meine Startseite bei Mozilla seit heute ask.com ist, zuvor war es google, ob das alles an R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com?o=15003&l=dis liegt? Bevor ich was ändere lasse ich jedoch die Experten sprechen, dies ist mir lediglich momentan aufgefallen und ist seitdem ich SopCast installiert habe(Ist aber eigentlich ein gewöhnliches Programm um livestreams zu schauen). Danke nochmal.

Code:

C:\Programme\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com?o=15003&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://de.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [fssui] "C:\Programme\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Programme\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GAINWARD] C:\Programme\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programme\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Dokumente und Einstellungen\Stylez\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ICQ] "F:\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD989F05-DCED-43F5-AEF3-D319FA912409}: NameServer = 213.191.74.11 213.191.92.82
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 12467 bytes

[argos]

Herzlich Willkommen hier bei uns am HijackThis Supportboard!

**BITTE VOR DEM ERSTEN POST SORGFÄLTIG DURCHLESEN!:

Was wir DIR bieten und was WIR erwarten...
Worauf muss ich während der Bereinigung achten?

Deine persönlichen Angaben/Daten (die persönliche Merkmale enthalten, wie Name, Seriennummer etc) kannst Du aus dem geposteten Logs heraus löschen

Hilfe in mehreren Foren gleichzeitig suchen? - Crossposting

Wir helfen dir gerne, aber WIR verwenden dafür unsere Freizeit, daher bitten Dich um ein wenig Geduld! (kann es sein, dass Du auf eine Antwort 1-2 Tage warten musst, aber WIR werden uns bemühen, sie so rasch als möglich zu beantworten...*die Geduld lohnt sich* ► *Alle Ratsuchenden!*
Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Kein Support per Email oder sonstiges! Fragen bitte im Forum stellen!→*Forenregeln* - bitte lesen!

ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!

Wichtig: Du kannst deine Beiträge jederzeit (auf klicken) ändern, Du musst eingeloggt sein!
Wir freuen uns über jede Spende, und keine ist zu gering! Falls Du unser Forum unterstützen möchtest, klick *hier*

Also kann losgeh`n, ich/wir wünsche/n eine gute Zusammenarbeit mit Dir und erfolgreiche gute Einsätze

Bitte lese Dir zuerst in Ruhe die Anweisungen durch und Du sollst dabei die Reihenfolge einhalten! Ansonsten verlangsamt unsere Arbeit, wenn wir immer wieder noch an Kleinigkeiten nachschlagen müssen und dadurch eventuell die Übersicht verloren geht...

Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

1.
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

• Also lade dir Gmer von *dieser Seite* oder von hier majorgeeks.com/gmer.zip - runter und entpacke es auf deinen Desktop.
• "Show all" soll nicht angehakt sein!
• Starte gmer.exe. Alle anderen Programme sollen geschlossen sein.
• Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in deine Antwort hier ein.

Wichtig: während des Scan-Vorgangs sollen:

• alle anderen Scanner gegen Viren, Spyware, usw deaktiviert sein - Antivirus-/Antimalware-Programme temporär deaktivieren
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen)
• nichts am Rechner getan werden

Scanner wieder einschalten, bevor Du ins Netz gehst!

2.
Überprüfe deine Einstellungen. - Anleitung- Bebilderte Anleitung: Versteckte- und Systemdateien finden/freenet
Im Windows-Explorer:
>Extras >Ordneroptionen >den Reiter "Ansicht" >Versteckte Dateien und Ordner >"alle Dateien und Ordner anzeigen" aktivieren und >Extras >Ordneroptionen >den Reiter "Ansicht" >Dateien und Ordner >"Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren.
**für Vista User: Wie zu zeigen, versteckte Dateien in Windows Vista

3.
Lade dir HJTscanlist.zip. -(Punkt 5) herunter ( den angegebenen Link anklicken ► Punkt 5. aussuchen ► Anweisungen folgen) anschließend das erhaltene Logfile hier posten.

4.

• Download den CCleaner
• installieren,("Füge CCleaner Yahoo! Toolbar hinzu" - kannst Du abwählen!)--> starten --> unter Options settings --> "german" einstellen.
• starten--> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)--> dann auf `Als Textdatei speichern...`
• poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)
• Anleitung

5.
das Logfile nicht vollständig, also poste erneut:
► Trend Micro HijackThis-Logfile

Bitte alle Ergebnisse im Code-Tags posten!

vor dein log schreibst du:[code]
hier kommt dein logfile rein
dahinter:[/code]

-----------------------
Bitte den Rechner vom Netz trennen, wenn er unbeaufsichtigt ist.
Bis zu einer eventuellen Reinigung oder dem Formatieren deines Systems
kein Online-Banking, File-sharing, Mailing, Messaging betreiben.
Keine Up und Downloads, ausser auf Security Seiten.
****Ehemöglichst nicht ins internet gehen
Mehr Information hierzu unter System-Sicherheit

-----------------------

gruß
argos

[JuRiOh]

Bei mir schlägt schon der Erste Punkt fehl. Mittendrin beim scannen startet der Computer einfach neu. Gibt es eine Alternative? Oder soll ich bei Punkt 2 weitermachen? Danke,
JuRiOh

[argos]

machen wir anders:

1.
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir zwei Tools einsetzen :

• Lade F-Secure Blacklight in einen neuen Ordner C:\programme\blacklight.
• Starte in diesem Ordner fsbl.exe und schließe alle anderen Programme.
• Klicke "I accept the agreement", "next", "Scan".
• wenn der Scan zuende ist, wähle "Close".
• Der Bericht ist fsbl-XXX.log im Blacklight Verzeichnis, anstelle der XXX stehen Zahlen, die Datum und Uhrzeit enthalten. Den Inhalt dieser Datei bitte posten.

Wichtig: während des Scan-Vorgangs sollen:

• alle anderen Scanner gegen Viren, Spyware, usw deaktiviert sein - Antivirus-/Antimalware-Programme temporär deaktivieren
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen)
• nichts am Rechner getan werden

Scanner wieder einschalten, bevor Du ins Netz gehst!

2.
Lade und installiere das Tool RootRepeal herunter
Achtung!::
gleich beim Download v. Rootrepeal, musst Du die Installdatei also rootrepeal.exe umbenennen! Wähle eine beliebige Dateiname, die Endung soll *.com sein!
- setze einen Hacken bei: "Drivers", "Stealth Objects" und "Hidden Services" dann klick auf "OK"
- nach der Scan, klick auf "Save Report"
- speichere das Logfile als RootRepeal.txt auf dem Desktop und Kopiere den Inhalt hier in den Thread

[JuRiOh]

Blacklight Ausschnitt:

Code:

01/03/10 15:32:50 [Info]: BlackLight Engine 2.2.1092 initialized
01/03/10 15:32:50 [Info]: OS: 5.1 build 2600 (Service Pack 3)
01/03/10 15:32:50 [Note]: 7019 4
01/03/10 15:32:50 [Note]: 7005 0
01/03/10 15:32:53 [Note]: 7006 0
01/03/10 15:32:53 [Note]: 7011 476
01/03/10 15:32:53 [Note]: 7035 0
01/03/10 15:32:53 [Note]: 7026 0
01/03/10 15:32:53 [Note]: 7026 0
01/03/10 15:32:53 [Note]: FSRAW library version 1.7.1024
01/03/10 15:43:13 [Note]: 7007 0

Zu Punkt 2: Wenn ich die .rar runterlade und entpacke, und dann die rootrepeal.exe in Dings.com umbenenne bekomme ich durch Antivir eine Virusmeldung:

C:\Programme\Root\Dings.com.exe

Die Datei enthält ein ausführbares Programm. Dies wird jedoch durch eine harmlose Dateierweiterung verschleiert (HIDDENEXT/Crypted)

Bei mir werden keine Dateiendungen angezeigt, wie kann ich Datei sonst zu einer .com machen? Weil .com.exe ist vermutlich nicht richtig, oder?

Danke,
JuRiOh

[argos]

musst erst nicht umbenennen (glaub nicht nötig), habe da die falsche Anweisung reingeschrieben, also nochmal:

Lade und installiere das Tool RootRepeal herunter

- setze einen Hacken bei: "Drivers", "Stealth Objects" und "Hidden Services" dann klick auf "OK"
- nach der Scan, klick auf "Save Report"
- speichere das Logfile als RootRepeal.txt auf dem Desktop und Kopiere den Inhalt hier in den Thread

stelle dein Avira ab, da es kann zu Probleme kommen, wenn er immer zwischen funkt
danach nicht vergessen wieder aktivieren!

[JuRiOh]

Okay, gemacht:

Code:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/01/03 17:24
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB6D89000	Size: 98304	File Visible: No	Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADE8000	Size: 8192	File Visible: No	Signed: -
Status: -

Name: PCI_PNP9754
Image Path: \Driver\PCI_PNP9754
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB486E000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: spdt.sys
Image Path: spdt.sys
Address: 0xBA6A6000	Size: 1052672	File Visible: No	Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System	Address: 0x8a7081f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System	Address: 0x894f9500	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System	Address: 0x894f9500	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System	Address: 0x894f9500	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System	Address: 0x894f9500	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x894f9500	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x894f9500	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x894f9500	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x894f9500	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System	Address: 0x894f9500	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x894f9500	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System	Address: 0x894f9500	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System	Address: 0x894b9500	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System	Address: 0x894b9500	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x894b9500	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x894b9500	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System	Address: 0x894b9500	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x894b9500	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System	Address: 0x894b9500	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: a2nfjrx0ȅఉ敓摔ā, IRP_MJ_CREATE]
Process: System	Address: 0x896591f8	Size: 121

Object: Hidden Code [Driver: a2nfjrx0ȅఉ敓摔ā, IRP_MJ_CLOSE]
Process: System	Address: 0x896591f8	Size: 121

Object: Hidden Code [Driver: a2nfjrx0ȅఉ敓摔ā, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x896591f8	Size: 121

Object: Hidden Code [Driver: a2nfjrx0ȅఉ敓摔ā, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x896591f8	Size: 121

Object: Hidden Code [Driver: a2nfjrx0ȅఉ敓摔ā, IRP_MJ_POWER]
Process: System	Address: 0x896591f8	Size: 121

Object: Hidden Code [Driver: a2nfjrx0ȅఉ敓摔ā, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x896591f8	Size: 121

Object: Hidden Code [Driver: a2nfjrx0ȅఉ敓摔ā, IRP_MJ_PNP]
Process: System	Address: 0x896591f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System	Address: 0x8958c500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System	Address: 0x8958c500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8958c500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8958c500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System	Address: 0x8958c500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System	Address: 0x8958c500	Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_CREATE]
Process: System	Address: 0x8a7091f8	Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_CLOSE]
Process: System	Address: 0x8a7091f8	Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a7091f8	Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a7091f8	Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_POWER]
Process: System	Address: 0x8a7091f8	Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a7091f8	Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_PNP]
Process: System	Address: 0x8a7091f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System	Address: 0x896ac1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System	Address: 0x896ac1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x896ac1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x896ac1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System	Address: 0x896ac1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x896ac1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System	Address: 0x896ac1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System	Address: 0x8958d500	Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓襀€€遰
, IRP_MJ_CREATE]
Process: System	Address: 0x893ea500	Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓襀€€遰
, IRP_MJ_CLOSE]
Process: System	Address: 0x893ea500	Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓襀€€遰
, IRP_MJ_READ]
Process: System	Address: 0x893ea500	Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓襀€€遰
, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x893ea500	Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓襀€€遰
, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x893ea500	Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓襀€€遰
, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x893ea500	Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓襀€€遰
, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x893ea500	Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓襀€€遰
, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x893ea500	Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓襀€€遰
, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x893ea500	Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓襀€€遰
, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x893ea500	Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓襀€€遰
, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x893ea500	Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓襀€€遰
, IRP_MJ_CLEANUP]
Process: System	Address: 0x893ea500	Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓襀€€遰
, IRP_MJ_PNP]
Process: System	Address: 0x893ea500	Size: 121

==EOF==

[argos]

das ist alles?:

Code:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/01/03 17:24
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB6D89000	Size: 98304	File Visible: No	Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADE8000	Size: 8192	File Visible: No	Signed: -
Status: -

Name: PCI_PNP9754
Image Path: \Driver\PCI_PNP9754
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB486E000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: spdt.sys
Image Path: spdt.sys
Address: 0xBA6A6000	Size: 1052672	File Visible: No	Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

den Teil scheint mir etwas zu kurz..?

[JuRiOh]

Hmm, also wenn ich das mit den 3 Haken mache ist das alles was er mir gibt. Ich hab jetzt einfach mal Driver alleine gescanned, da kommt dann das dabei raus:

Code:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/01/03 18:25
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xBA8B8000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: a2nfjrx0.SYS
Image Path: C:\WINDOWS\System32\Drivers\a2nfjrx0.SYS
Address: 0xB973B000	Size: 425984	File Visible: -	Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xBA65F000	Size: 188800	File Visible: -	Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000	Size: 2154496	File Visible: -	Signed: -
Status: -

Name: adfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\adfs.SYS
Address: 0xB620C000	Size: 69248	File Visible: -	Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB6F20000	Size: 138496	File Visible: -	Signed: -
Status: -

Name: arp1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xBAA18000	Size: 60800	File Visible: -	Signed: -
Status: -

Name: ASACPI.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ASACPI.sys
Address: 0xBADC8000	Size: 5152	File Visible: -	Signed: -
Status: -

Name: AsIO.sys
Image Path: C:\WINDOWS\system32\drivers\AsIO.sys
Address: 0xBADE2000	Size: 5184	File Visible: -	Signed: -
Status: -

Name: asyncmac.sys
Image Path: C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Address: 0xB674D000	Size: 14336	File Visible: -	Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xBA617000	Size: 98304	File Visible: -	Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000	Size: 0	File Visible: -	Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFB4000	Size: 286720	File Visible: -	Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBAF1D000	Size: 3072	File Visible: -	Signed: -
Status: -

Name: avgio.sys
Image Path: C:\Programme\Avira\AntiVir Desktop\avgio.sys
Address: 0xBADE0000	Size: 6144	File Visible: -	Signed: -
Status: -

Name: avgntflt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Address: 0xB6A35000	Size: 81920	File Visible: -	Signed: -
Status: -

Name: avipbb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Address: 0xB6DC9000	Size: 114688	File Visible: -	Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBADD8000	Size: 4224	File Visible: -	Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBACB8000	Size: 12288	File Visible: -	Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xBAA78000	Size: 63744	File Visible: -	Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xB9E2D000	Size: 62976	File Visible: -	Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA908000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA8F8000	Size: 36352	File Visible: -	Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA9D8000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB6D89000	Size: 98304	File Visible: No	Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADE8000	Size: 8192	File Visible: No	Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB70AC000	Size: 12288	File Visible: -	Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C4000	Size: 73728	File Visible: -	Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBAFC9000	Size: 4096	File Visible: -	Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xBAC08000	Size: 27392	File Visible: -	Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBAA28000	Size: 44672	File Visible: -	Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xBACA0000	Size: 20480	File Visible: -	Signed: -
Status: -

Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xBA5B7000	Size: 129792	File Visible: -	Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBADD6000	Size: 7936	File Visible: -	Signed: -
Status: -

Name: fssfltr_tdi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
Address: 0xB6B59000	Size: 48768	File Visible: -	Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xBA62F000	Size: 126336	File Visible: -	Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E5000	Size: 134400	File Visible: -	Signed: -
Status: -

Name: hamachi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hamachi.sys
Address: 0xBAC88000	Size: 18560	File Visible: -	Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB97C6000	Size: 163840	File Visible: -	Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xBAA68000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xBACB0000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xB70D0000	Size: 10368	File Visible: -	Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB5A76000	Size: 265728	File Visible: -	Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xB9E4D000	Size: 52992	File Visible: -	Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xB9E3D000	Size: 42112	File Visible: -	Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xB9E8D000	Size: 40448	File Visible: -	Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xB6F6A000	Size: 152832	File Visible: -	Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xB7011000	Size: 75264	File Visible: -	Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA8C8000	Size: 37632	File Visible: -	Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBAC10000	Size: 25216	File Visible: -	Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xB70C4000	Size: 14720	File Visible: -	Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBADA8000	Size: 8192	File Visible: -	Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB4783000	Size: 172416	File Visible: -	Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB97A3000	Size: 143360	File Visible: -	Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xBA58E000	Size: 92928	File Visible: -	Signed: -
Status: -

Name: l1e51x86.sys
Image Path: C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
Address: 0xB9E7D000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBADDA000	Size: 4224	File Visible: -	Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBAC90000	Size: 23552	File Visible: -	Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xB70CC000	Size: 12288	File Visible: -	Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA8D8000	Size: 42368	File Visible: -	Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xB65B5000	Size: 180608	File Visible: -	Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xB6DE5000	Size: 455296	File Visible: -	Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBAB48000	Size: 19072	File Visible: -	Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBA988000	Size: 35072	File Visible: -	Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBA1F1000	Size: 15488	File Visible: -	Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xBA4A7000	Size: 105344	File Visible: -	Signed: -
Status: -

Name: mv61xx.sys
Image Path: mv61xx.sys
Address: 0xBA5D7000	Size: 262144	File Visible: -	Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xBA4C1000	Size: 182656	File Visible: -	Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBA45F000	Size: 10112	File Visible: -	Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB6A69000	Size: 14592	File Visible: -	Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB9724000	Size: 91520	File Visible: -	Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBA9A8000	Size: 40576	File Visible: -	Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBAA08000	Size: 34688	File Visible: -	Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xB6F90000	Size: 162816	File Visible: -	Signed: -
Status: -

Name: nic1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xB9E6D000	Size: 61824	File Visible: -	Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBAB78000	Size: 30848	File Visible: -	Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xBA4EE000	Size: 574976	File Visible: -	Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000	Size: 2154496	File Visible: -	Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBAF57000	Size: 2944	File Visible: -	Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF9D6000	Size: 6152192	File Visible: -	Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB9826000	Size: 6188320	File Visible: -	Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xBA8A8000	Size: 61696	File Visible: -	Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBAB30000	Size: 19712	File Visible: -	Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xBA64E000	Size: 68224	File Visible: -	Signed: -
Status: -

Name: PCI_PNP9754
Image Path: \Driver\PCI_PNP9754
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBAE70000	Size: 3328	File Visible: -	Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBAB28000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000	Size: 2154496	File Visible: -	Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB70D4000	Size: 147456	File Visible: -	Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB9713000	Size: 69120	File Visible: -	Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBAC78000	Size: 17792	File Visible: -	Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xBA918000	Size: 35712	File Visible: -	Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xBADA0000	Size: 8832	File Visible: -	Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xB9E0D000	Size: 51328	File Visible: -	Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBA968000	Size: 41472	File Visible: -	Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xBA978000	Size: 48384	File Visible: -	Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBAC80000	Size: 16512	File Visible: -	Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000	Size: 2154496	File Visible: -	Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xB6E55000	Size: 175744	File Visible: -	Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBADDC000	Size: 4224	File Visible: -	Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xB9E1D000	Size: 57728	File Visible: -	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB42AB000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xB70F8000	Size: 4968448	File Visible: -	Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xBA68E000	Size: 98304	File Visible: -	Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xBAD98000	Size: 15744	File Visible: -	Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xB9E5D000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: spdt.sys
Image Path: spdt.sys
Address: 0xBA6A6000	Size: 1052672	File Visible: No	Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xBA5A5000	Size: 73472	File Visible: -	Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB5FB2000	Size: 333952	File Visible: -	Signed: -
Status: -

Name: ssmdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Address: 0xBAB80000	Size: 23040	File Visible: -	Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBADD0000	Size: 4352	File Visible: -	Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB68AD000	Size: 60800	File Visible: -	Signed: -
Status: -

Name: TBPanel.SYS
Image Path: C:\WINDOWS\System32\Drivers\TBPanel.SYS
Address: 0xBADEC000	Size: 4800	File Visible: -	Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xB6FB8000	Size: 361600	File Visible: -	Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBAC70000	Size: 20480	File Visible: -	Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xBA998000	Size: 40704	File Visible: -	Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB96B5000	Size: 384768	File Visible: -	Signed: -
Status: -

Name: usbaudio.sys
Image Path: C:\WINDOWS\system32\drivers\usbaudio.sys
Address: 0xBAA58000	Size: 60032	File Visible: -	Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xBAB88000	Size: 32128	File Visible: -	Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBADD2000	Size: 8192	File Visible: -	Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBAC00000	Size: 30208	File Visible: -	Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBA9C8000	Size: 59520	File Visible: -	Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB97EE000	Size: 147456	File Visible: -	Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xBABF8000	Size: 20608	File Visible: -	Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBAB40000	Size: 20992	File Visible: -	Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB9812000	Size: 81920	File Visible: -	Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA8E8000	Size: 53760	File Visible: -	Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBA9F8000	Size: 34560	File Visible: -	Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xBAB98000	Size: 20480	File Visible: -	Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB6728000	Size: 83072	File Visible: -	Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000	Size: 1851392	File Visible: -	Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000	Size: 1851392	File Visible: -	Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xBADAA000	Size: 8192	File Visible: -	Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000	Size: 2154496	File Visible: -	Signed: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xBA57B000	Size: 77568	File Visible: -	Signed: -
Status: -

[argos]

Ok
dann die weitere Schritte bitte noch...-> http://www.hijackthis-forum.de/hijac...tml#post288426