firefox öffnet erst mehrere male ein anderen link

#0
15.03.2009, 21:05
Member

Beiträge: 3716
#16 lade findykill.exe
http://virus-protect.org/artikel/tools/findykill.html
füre option 1 aus, poste das log.
Dieser Beitrag wurde am 15.03.2009 um 21:11 Uhr von virenfinder editiert.
Seitenanfang Seitenende
19.03.2009, 13:00
Member

Themenstarter

Beiträge: 44
#17

Zitat

virenfinder postete
lade findykill.exe
http://virus-protect.org/artikel/tools/findykill.html
füre option 1 aus, poste das log.
super für deine hilfe.

hier die neue log:




############################## [ FindyKill V4.720 ]

# User : DOM (Administratoren) # DOMSWORKSTATION
# Update on 12/03/09 by Chiquitine29
# Start at: 12:58:38 | 19.03.2009

# Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 6.38.1.39
[ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ (!) Disabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ (!) Disabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | (!) Outdated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ (!) Disabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 6.38.1.39
[ (!) Disabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]

# C:\ # Lokale Festplatte # 12,69 Go (2,66 Go free) [System] # NTFS
# D:\ # Lokale Festplatte # 4,89 Go (341,58 Mo free) [Cache] # NTFS
# E:\ # Lokale Festplatte # 37,11 Go (1,38 Go free) [Programme] # NTFS
# F:\ # Lokale Festplatte # 37,06 Go (1,48 Go free) [Daten] # NTFS
# G:\ # CD

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Programme\Lavasoft\Ad-Aware\aawservice.exe
E:\PROGRA~1\GEMEIN~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
E:\Programme\Bonjour\mDNSResponder.exe
E:\Programme\DCPFLICS\DCPFLICS.exe
E:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Programme\Canon\IJPLM\IJPLMSVC.EXE
E:\Programme\Java\jre6\bin\jqs.exe
E:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
E:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
E:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
E:\Programme\Canon\MyPrinter\BJMyPrt.exe
E:\Programme\ScanSoft\OmniPageSE\opware32.exe
E:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
E:\Programme\Logitech\Video\LogiTray.exe
E:\Programme\iTunes\iTunesHelper.exe
E:\Programme\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Programme\Logitech\SetPoint\SetPoint.exe
E:\Programme\Logitech\Video\FxSvr2.exe
E:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
E:\Programme\iPod\bin\iPodService.exe
E:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\Programme\Skype\Plugin Manager\SkypePM.exe
E:\Programme\Mozilla Firefox\firefox.exe
E:\Programme\Adobe\Adobe Photoshop CS3\Photoshop.exe
E:\Programme\Adobe\Adobe InDesign CS3\InDesign.exe
E:\Programme\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\msiexec.exe
E:\Programme\Windows Live\Installer\wloobe.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected Files / Folders C:\ ]


################## [ C:\WINDOWS ]


################## [ C:\WINDOWS\system32 ]


################## [ C:\WINDOWS\system32\drivers ]


################## [ C:\.. Application Data ... ]


################## [ Registry / Infected keys ]



################## [ Searching in removable drives ]

# Presence of files :


################## [ Registry / Mountpoint2 ]

Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c405ab4-8f96-11dd-bb88-0015c5551068}\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c405ab4-8f96-11dd-bb88-0015c5551068}\Shell\open\Command

################## [ ! End of report # FindyKill V4.720 ! ]
Seitenanfang Seitenende
19.03.2009, 13:04
Member

Beiträge: 3716
#18 nun weiter mit option 2.
Seitenanfang Seitenende
19.03.2009, 14:02
Member

Themenstarter

Beiträge: 44
#19

Zitat

virenfinder postete
nun weiter mit option 2.
so hier nun das zweite:




############################## [ FindyKill V4.720 ]

# User : DOM (Administratoren) # DOMSWORKSTATION
# Update on 12/03/09 by Chiquitine29
# Start at: 13:52:25 | 19.03.2009

# Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 6.38.1.39
[ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ (!) Disabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ (!) Disabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | (!) Outdated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ (!) Disabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 6.38.1.39
[ (!) Disabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]

# C:\ # Lokale Festplatte # 12,69 Go (2,82 Go free) [System] # NTFS
# D:\ # Lokale Festplatte # 4,89 Go (393,39 Mo free) [Cache] # NTFS
# E:\ # Lokale Festplatte # 37,11 Go (1,38 Go free) [Programme] # NTFS
# F:\ # Lokale Festplatte # 37,06 Go (1,56 Go free) [Daten] # NTFS
# G:\ # CD

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Programme\Lavasoft\Ad-Aware\aawservice.exe
E:\PROGRA~1\GEMEIN~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
E:\Programme\Bonjour\mDNSResponder.exe
E:\Programme\DCPFLICS\DCPFLICS.exe
E:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Programme\Canon\IJPLM\IJPLMSVC.EXE
E:\Programme\Java\jre6\bin\jqs.exe
E:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rundll32.exe
E:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
E:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
E:\Programme\Canon\MyPrinter\BJMyPrt.exe
E:\Programme\ScanSoft\OmniPageSE\opware32.exe
E:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
E:\Programme\Logitech\Video\LogiTray.exe
E:\Programme\iTunes\iTunesHelper.exe
E:\Programme\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Programme\Logitech\SetPoint\SetPoint.exe
E:\Programme\Logitech\Video\FxSvr2.exe
E:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
E:\Programme\iPod\bin\iPodService.exe
E:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\Programme\Skype\Plugin Manager\SkypePM.exe
E:\Programme\Stardock\ObjectDock\ObjectDock.exe
E:\Programme\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected Files / Folders C:\ ]


################## [ C:\WINDOWS ]


################## [ C:\WINDOWS\system32 ]


################## [ C:\WINDOWS\system32\drivers ]


################## [ C:\.. Application Data ... ]


################## [ Registry / Infected keys ]


################## [ Cleaning Removable drives ]

# Deleting files :


################## [ Registry / Mountpoint2 ]

Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c405ab4-8f96-11dd-bb88-0015c5551068}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c405ab4-8f96-11dd-bb88-0015c5551068}\Shell\open\Command

################## [ Searching Other Infections ]

# -> Nothing found.

################## [ ! End of Report # FindyKill V4.720 ! ]
Seitenanfang Seitenende
19.03.2009, 14:12
Member

Beiträge: 3716
#20 neues hijackthis-log + wie läuft der pc
Seitenanfang Seitenende
19.03.2009, 14:18
Member

Themenstarter

Beiträge: 44
#21

Zitat

virenfinder postete
neues hijackthis-log + wie läuft der pc
so hier das hjt log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:17:16, on 19.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
E:\Programme\Bonjour\mDNSResponder.exe
E:\Programme\DCPFLICS\DCPFLICS.exe
E:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Programme\Canon\IJPLM\IJPLMSVC.EXE
E:\Programme\Java\jre6\bin\jqs.exe
E:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\PROGRA~1\GEMEIN~1\Stardock\SDMCP.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
E:\Programme\Stardock\ObjectDock\ObjectDock.exe
E:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SynTPEnh] E:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] E:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonSolutionMenu] E:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] E:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Omnipage] E:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [Skype] "E:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] E:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = E:\Programme\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: Stardock ObjectDock.lnk = E:\Programme\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append to existing PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Suche - res://E:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O16 - DPF: {86AECD83-EF3C-40FD-84B1-692848C9F378} (Materialise Stl File Analyzer Viewer) - https://nextdayoqaos.materialise.com/Upserver/EposActiveX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - E:\Programme\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - E:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - E:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - E:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DCPFLICS - Unknown owner - E:\Programme\DCPFLICS\DCPFLICS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - E:\Programme\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - E:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - E:\Programme\gemeinsame dateien\Logitech\Bluetooth\LBTServ.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - E:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - E:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/DOM/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 10296 bytes




der rechner läuft so naja. hab ein paar bucks. ie ist tot, objectdoc funktioniert nicht ganz und so ist er manchmal lahm...
Seitenanfang Seitenende
19.03.2009, 14:21
Member

Beiträge: 3716
#22 Hallo, lade die rootkitscanner von seite eins erneut runter und füre sie aus, poste die logs.
wenn du sie noch instaliert hastm, lösche sie vorher.
Seitenanfang Seitenende
19.03.2009, 16:23
Member

Themenstarter

Beiträge: 44
#23

Zitat

virenfinder postete
Hallo, lade die rootkitscanner von seite eins erneut runter und füre sie aus, poste die logs.
wenn du sie noch instaliert hastm, lösche sie vorher.
also gmer hat ergeben:


GMER 1.0.15.14939 - http://www.gmer.net
Rootkit scan 2009-03-19 16:22:00
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT BAF70424 ZwCreateThread
SSDT BAF70410 ZwOpenProcess
SSDT BAF70415 ZwOpenThread
SSDT BAF7041F ZwTerminateProcess
SSDT BAF7041A ZwWriteVirtualMemory

Code 8A2531F0 ZwEnumerateKey
Code 8A2531B8 ZwFlushInstructionCache
Code 8A3BD1B8 ZwQueryValueKey
Code 8A3C0136 IofCallDriver
Code 8A3BA1D6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 8A3C013B
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 8A3BA1DB
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 8A2531BC
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219CA 5 Bytes JMP 8A3BD1BC
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FD2 5 Bytes JMP 8A2531F4

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\gaopdxreeebeox.sys (*** hidden *** ) B69C9000-B69F3000 (172032 bytes)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\gaopdxreeebeox.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxreeebeox.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@userdata -1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxreeebeox.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxmbamnbaa.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxreeebeox.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@userdata -1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxreeebeox.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxmbamnbaa.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x7F 0x60 0x25 0xDA ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----



soll ich noch ein anderen scannen??
Seitenanfang Seitenende
19.03.2009, 16:32
Member

Beiträge: 3716
#24 hallo, ja catchme und blacklight.
hohl dir auch noch:
http://virus-protect.org/artikel/tools/mbr.html
und scanne damit ebenfalls.
Seitenanfang Seitenende
19.03.2009, 16:56
Member

Themenstarter

Beiträge: 44
#25

Zitat

virenfinder postete
hallo, ja catchme und blacklight.
hohl dir auch noch:
http://virus-protect.org/artikel/tools/mbr.html
und scanne damit ebenfalls.
catchme:
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

HKLM\SYSTEM\CurrentControlSet\Services\GEARAspiWDMsys

scanning hidden autostart entries ...

scanning hidden files ...

C:\Dokumente und Einstellungen\DOM\Lokale Einstellungen\temp\gaopdx000 0 bytes
C:\Dokumente und Einstellungen\DOM\Lokale Einstellungen\temp\gaopdxserv.sys000 0 bytes
C:\WINDOWS\system32\drivers\gaopdxreeebeox.sys 77824 bytes
C:\WINDOWS\system32\drivers\gaopdxtnklvvrw.sys 77824 bytes
C:\WINDOWS\system32\gaopdxcounter 8 bytes
C:\WINDOWS\system32\gaopdxmbamnbaa.dll 57344 bytes

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 6




bl:
03/19/09 16:48:13 [Info]: BlackLight Engine 2.2.1092 initialized
03/19/09 16:48:13 [Info]: OS: 5.1 build 2600 (Service Pack 3)
03/19/09 16:48:13 [Note]: 7019 4
03/19/09 16:48:13 [Note]: 7005 0
03/19/09 16:48:15 [Note]: 7006 0
03/19/09 16:48:15 [Note]: 7011 3188
03/19/09 16:48:15 [Note]: 7035 0
03/19/09 16:48:15 [Note]: 7026 0
03/19/09 16:48:15 [Note]: 7026 0
03/19/09 16:48:17 [Note]: FSRAW library version 1.7.1024
03/19/09 16:48:53 [Note]: 7007 0


mbr:
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Dieser Beitrag wurde am 19.03.2009 um 17:01 Uhr von dom2607 editiert.
Seitenanfang Seitenende
19.03.2009, 17:20
Member

Beiträge: 3716
#26 avenger script wie beschrieben erstellen
http://virus-protect.org/artikel/tools/avenger.html
files to delete:
C:\Dokumente und Einstellungen\DOM\Lokale Einstellungen\temp\gaopdx000
C:\Dokumente und Einstellungen\DOM\Lokale Einstellungen\temp\gaopdxserv.sys
C:\WINDOWS\system32\drivers\gaopdxreeebeox.sys
C:\WINDOWS\system32\drivers\gaopdxtnklvvrw.sys
C:\WINDOWS\system32\gaopdxcounter
C:\WINDOWS\system32\gaopdxmbamnbaa.dll
log posten.
Seitenanfang Seitenende
19.03.2009, 17:51
Member

Themenstarter

Beiträge: 44
#27

Zitat

virenfinder postete
avenger script wie beschrieben erstellen
http://virus-protect.org/artikel/tools/avenger.html
files to delete:
C:\Dokumente und Einstellungen\DOM\Lokale Einstellungen\temp\gaopdx000
C:\Dokumente und Einstellungen\DOM\Lokale Einstellungen\temp\gaopdxserv.sys
C:\WINDOWS\system32\drivers\gaopdxreeebeox.sys
C:\WINDOWS\system32\drivers\gaopdxtnklvvrw.sys
C:\WINDOWS\system32\gaopdxcounter
C:\WINDOWS\system32\gaopdxmbamnbaa.dll
log posten.
hier das avengerlog:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "gaopdxserv.sys" found!
ImagePath: \systemroot\system32\drivers\gaopdxreeebeox.sys
Start Type: 1 (System)

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.


die dateien zum löschen waren alle nicht mehr vorhanden. vielleicht nach ccleaner und cleanup mit gelöscht worden?
Seitenanfang Seitenende
19.03.2009, 17:57
Member

Beiträge: 3716
#28 du sollst das was ich als script geschrieben hab im avenger einfügen und nicht per hand suchen ;-)
Seitenanfang Seitenende
19.03.2009, 18:03
Member

Themenstarter

Beiträge: 44
#29

Zitat

virenfinder postete
du sollst das was ich als script geschrieben hab im avenger einfügen und nicht per hand suchen ;-)
ups sorry hab ich falsch verstanden. hier das ergebnis:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "gaopdxserv.sys" found!
ImagePath: \systemroot\system32\drivers\gaopdxreeebeox.sys
Start Type: 1 (System)

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.



//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Thu Mar 19 17:58:10 2009

17:58:10: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "gaopdxserv.sys" found!
ImagePath: \systemroot\system32\drivers\gaopdxreeebeox.sys
Start Type: 1 (System)

Rootkit scan completed.

File "C:\Dokumente und Einstellungen\DOM\Lokale Einstellungen\temp\gaopdx000" deleted successfully.

Error: file "C:\Dokumente und Einstellungen\DOM\Lokale Einstellungen\temp\gaopdxserv.sys" not found!
Deletion of file "C:\Dokumente und Einstellungen\DOM\Lokale Einstellungen\temp\gaopdxserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\drivers\gaopdxreeebeox.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\gaopdxtnklvvrw.sys" deleted successfully.
File "C:\WINDOWS\system32\gaopdxcounter" deleted successfully.
File "C:\WINDOWS\system32\gaopdxmbamnbaa.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



schien doch noch vorhanden zu sein. jetzt ist es weg ;)


und nun?
Dieser Beitrag wurde am 19.03.2009 um 18:11 Uhr von dom2607 editiert.
Seitenanfang Seitenende
19.03.2009, 18:28
Member

Beiträge: 3716
#30 nun gehts weiter:
http://virus-protect.org/cureit.html
laden und im abgesicherten modus ausfüren, log posten.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: