firefox öffnet erst mehrere male ein anderen link |
||
---|---|---|
#0
| ||
15.03.2009, 21:05
Member
Beiträge: 3716 |
||
|
||
19.03.2009, 13:00
Member
Themenstarter Beiträge: 44 |
#17
Zitat virenfinder postetesuper für deine hilfe. hier die neue log: ############################## [ FindyKill V4.720 ] # User : DOM (Administratoren) # DOMSWORKSTATION # Update on 12/03/09 by Chiquitine29 # Start at: 12:58:38 | 19.03.2009 # Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz # Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3 # Internet Explorer 7.0.5730.11 # Windows Firewall Status : Enabled # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 6.38.1.39 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ (!) Disabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ (!) Disabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | (!) Outdated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ (!) Disabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 6.38.1.39 [ (!) Disabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # C:\ # Lokale Festplatte # 12,69 Go (2,66 Go free) [System] # NTFS # D:\ # Lokale Festplatte # 4,89 Go (341,58 Mo free) [Cache] # NTFS # E:\ # Lokale Festplatte # 37,11 Go (1,38 Go free) [Programme] # NTFS # F:\ # Lokale Festplatte # 37,06 Go (1,48 Go free) [Daten] # NTFS # G:\ # CD ############################## [ Active Processes ] C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe E:\Programme\Lavasoft\Ad-Aware\aawservice.exe E:\PROGRA~1\GEMEIN~1\Stardock\SDMCP.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe E:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe E:\Programme\Bonjour\mDNSResponder.exe E:\Programme\DCPFLICS\DCPFLICS.exe E:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe E:\Programme\Canon\IJPLM\IJPLMSVC.EXE E:\Programme\Java\jre6\bin\jqs.exe E:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe E:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\stsystra.exe E:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RunDLL32.exe E:\Programme\Canon\MyPrinter\BJMyPrt.exe E:\Programme\ScanSoft\OmniPageSE\opware32.exe E:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE E:\Programme\Logitech\Video\LogiTray.exe E:\Programme\iTunes\iTunesHelper.exe E:\Programme\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe E:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe E:\Programme\Logitech\SetPoint\SetPoint.exe E:\Programme\Logitech\Video\FxSvr2.exe E:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE E:\Programme\iPod\bin\iPodService.exe E:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe E:\Programme\Skype\Plugin Manager\SkypePM.exe E:\Programme\Mozilla Firefox\firefox.exe E:\Programme\Adobe\Adobe Photoshop CS3\Photoshop.exe E:\Programme\Adobe\Adobe InDesign CS3\InDesign.exe E:\Programme\Stardock\ObjectDock\ObjectDock.exe C:\WINDOWS\system32\msiexec.exe E:\Programme\Windows Live\Installer\wloobe.exe C:\WINDOWS\system32\wbem\wmiprvse.exe ################## [ Infected Files / Folders C:\ ] ################## [ C:\WINDOWS ] ################## [ C:\WINDOWS\system32 ] ################## [ C:\WINDOWS\system32\drivers ] ################## [ C:\.. Application Data ... ] ################## [ Registry / Infected keys ] ################## [ Searching in removable drives ] # Presence of files : ################## [ Registry / Mountpoint2 ] Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c405ab4-8f96-11dd-bb88-0015c5551068}\Shell\AutoRun\command Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c405ab4-8f96-11dd-bb88-0015c5551068}\Shell\open\Command ################## [ ! End of report # FindyKill V4.720 ! ] |
|
|
||
19.03.2009, 13:04
Member
Beiträge: 3716 |
#18
nun weiter mit option 2.
|
|
|
||
19.03.2009, 14:02
Member
Themenstarter Beiträge: 44 |
#19
Zitat virenfinder posteteso hier nun das zweite: ############################## [ FindyKill V4.720 ] # User : DOM (Administratoren) # DOMSWORKSTATION # Update on 12/03/09 by Chiquitine29 # Start at: 13:52:25 | 19.03.2009 # Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz # Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3 # Internet Explorer 7.0.5730.11 # Windows Firewall Status : Enabled # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 6.38.1.39 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ (!) Disabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ (!) Disabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | (!) Outdated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ (!) Disabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 6.38.1.39 [ (!) Disabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ] # C:\ # Lokale Festplatte # 12,69 Go (2,82 Go free) [System] # NTFS # D:\ # Lokale Festplatte # 4,89 Go (393,39 Mo free) [Cache] # NTFS # E:\ # Lokale Festplatte # 37,11 Go (1,38 Go free) [Programme] # NTFS # F:\ # Lokale Festplatte # 37,06 Go (1,56 Go free) [Daten] # NTFS # G:\ # CD ############################## [ Active Processes ] C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe E:\Programme\Lavasoft\Ad-Aware\aawservice.exe E:\PROGRA~1\GEMEIN~1\Stardock\SDMCP.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe E:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe E:\Programme\Bonjour\mDNSResponder.exe E:\Programme\DCPFLICS\DCPFLICS.exe E:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe E:\Programme\Canon\IJPLM\IJPLMSVC.EXE E:\Programme\Java\jre6\bin\jqs.exe E:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\rundll32.exe E:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\stsystra.exe E:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RunDLL32.exe E:\Programme\Canon\MyPrinter\BJMyPrt.exe E:\Programme\ScanSoft\OmniPageSE\opware32.exe E:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE E:\Programme\Logitech\Video\LogiTray.exe E:\Programme\iTunes\iTunesHelper.exe E:\Programme\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe E:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe E:\Programme\Logitech\SetPoint\SetPoint.exe E:\Programme\Logitech\Video\FxSvr2.exe E:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE E:\Programme\iPod\bin\iPodService.exe E:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe E:\Programme\Skype\Plugin Manager\SkypePM.exe E:\Programme\Stardock\ObjectDock\ObjectDock.exe E:\Programme\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\wbem\wmiprvse.exe ################## [ Infected Files / Folders C:\ ] ################## [ C:\WINDOWS ] ################## [ C:\WINDOWS\system32 ] ################## [ C:\WINDOWS\system32\drivers ] ################## [ C:\.. Application Data ... ] ################## [ Registry / Infected keys ] ################## [ Cleaning Removable drives ] # Deleting files : ################## [ Registry / Mountpoint2 ] Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c405ab4-8f96-11dd-bb88-0015c5551068}\Shell\AutoRun\command Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c405ab4-8f96-11dd-bb88-0015c5551068}\Shell\open\Command ################## [ Searching Other Infections ] # -> Nothing found. ################## [ ! End of Report # FindyKill V4.720 ! ] |
|
|
||
19.03.2009, 14:12
Member
Beiträge: 3716 |
#20
neues hijackthis-log + wie läuft der pc
|
|
|
||
19.03.2009, 14:18
Member
Themenstarter Beiträge: 44 |
#21
Zitat virenfinder posteteso hier das hjt log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:17:16, on 19.03.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe E:\Programme\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe E:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe E:\Programme\Bonjour\mDNSResponder.exe E:\Programme\DCPFLICS\DCPFLICS.exe E:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe E:\Programme\Canon\IJPLM\IJPLMSVC.EXE E:\Programme\Java\jre6\bin\jqs.exe E:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe E:\PROGRA~1\GEMEIN~1\Stardock\SDMCP.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe E:\Programme\Stardock\ObjectDock\ObjectDock.exe E:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\wuauclt.exe E:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [SynTPEnh] E:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] E:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CanonSolutionMenu] E:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] E:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [Omnipage] E:\Programme\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] E:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce O4 - HKCU\..\Run: [Skype] "E:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] E:\Programme\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Media Player.lnk = E:\Programme\Adobe Media Player\Adobe Media Player.exe O4 - Startup: Stardock ObjectDock.lnk = E:\Programme\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Logitech SetPoint.lnk = E:\Programme\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Append to existing PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Suche - res://E:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe O16 - DPF: {86AECD83-EF3C-40FD-84B1-692848C9F378} (Materialise Stl File Analyzer Viewer) - https://nextdayoqaos.materialise.com/Upserver/EposActiveX.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - E:\Programme\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Programme\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - E:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - E:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - E:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - E:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - E:\Programme\Bonjour\mDNSResponder.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: DCPFLICS - Unknown owner - E:\Programme\DCPFLICS\DCPFLICS.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - E:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - E:\Programme\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - E:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - E:\Programme\gemeinsame dateien\Logitech\Bluetooth\LBTServ.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - E:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - E:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/DOM/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 10296 bytes der rechner läuft so naja. hab ein paar bucks. ie ist tot, objectdoc funktioniert nicht ganz und so ist er manchmal lahm... |
|
|
||
19.03.2009, 14:21
Member
Beiträge: 3716 |
#22
Hallo, lade die rootkitscanner von seite eins erneut runter und füre sie aus, poste die logs.
wenn du sie noch instaliert hastm, lösche sie vorher. |
|
|
||
19.03.2009, 16:23
Member
Themenstarter Beiträge: 44 |
#23
Zitat virenfinder postetealso gmer hat ergeben: GMER 1.0.15.14939 - http://www.gmer.net Rootkit scan 2009-03-19 16:22:00 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT BAF70424 ZwCreateThread SSDT BAF70410 ZwOpenProcess SSDT BAF70415 ZwOpenThread SSDT BAF7041F ZwTerminateProcess SSDT BAF7041A ZwWriteVirtualMemory Code 8A2531F0 ZwEnumerateKey Code 8A2531B8 ZwFlushInstructionCache Code 8A3BD1B8 ZwQueryValueKey Code 8A3C0136 IofCallDriver Code 8A3BA1D6 IofCompleteRequest ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 8A3C013B .text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 8A3BA1DB PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 8A2531BC PAGE ntkrnlpa.exe!ZwQueryValueKey 806219CA 5 Bytes JMP 8A3BD1BC PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FD2 5 Bytes JMP 8A2531F4 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) ---- Modules - GMER 1.0.15 ---- Module \systemroot\system32\drivers\gaopdxreeebeox.sys (*** hidden *** ) B69C9000-B69F3000 (172032 bytes) ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\gaopdxreeebeox.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxreeebeox.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@userdata -1 Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxreeebeox.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxmbamnbaa.dll Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxreeebeox.sys Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@userdata -1 Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxreeebeox.sys Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxmbamnbaa.dll Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x7F 0x60 0x25 0xDA ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 01: copy of MBR Disk \Device\Harddisk0\DR0 sector 02: copy of MBR Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 04: copy of MBR Disk \Device\Harddisk0\DR0 sector 05: copy of MBR Disk \Device\Harddisk0\DR0 sector 06: copy of MBR Disk \Device\Harddisk0\DR0 sector 07: copy of MBR Disk \Device\Harddisk0\DR0 sector 08: copy of MBR Disk \Device\Harddisk0\DR0 sector 09: copy of MBR Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 12: copy of MBR Disk \Device\Harddisk0\DR0 sector 13: copy of MBR Disk \Device\Harddisk0\DR0 sector 14: copy of MBR Disk \Device\Harddisk0\DR0 sector 15: copy of MBR Disk \Device\Harddisk0\DR0 sector 16: copy of MBR Disk \Device\Harddisk0\DR0 sector 17: copy of MBR Disk \Device\Harddisk0\DR0 sector 18: copy of MBR Disk \Device\Harddisk0\DR0 sector 19: copy of MBR Disk \Device\Harddisk0\DR0 sector 20: copy of MBR Disk \Device\Harddisk0\DR0 sector 21: copy of MBR Disk \Device\Harddisk0\DR0 sector 22: copy of MBR Disk \Device\Harddisk0\DR0 sector 23: copy of MBR Disk \Device\Harddisk0\DR0 sector 24: copy of MBR Disk \Device\Harddisk0\DR0 sector 25: copy of MBR Disk \Device\Harddisk0\DR0 sector 26: copy of MBR Disk \Device\Harddisk0\DR0 sector 27: copy of MBR Disk \Device\Harddisk0\DR0 sector 28: copy of MBR Disk \Device\Harddisk0\DR0 sector 29: copy of MBR Disk \Device\Harddisk0\DR0 sector 30: copy of MBR Disk \Device\Harddisk0\DR0 sector 31: copy of MBR Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 34: copy of MBR Disk \Device\Harddisk0\DR0 sector 35: copy of MBR Disk \Device\Harddisk0\DR0 sector 36: copy of MBR Disk \Device\Harddisk0\DR0 sector 37: copy of MBR Disk \Device\Harddisk0\DR0 sector 38: copy of MBR Disk \Device\Harddisk0\DR0 sector 39: copy of MBR Disk \Device\Harddisk0\DR0 sector 40: copy of MBR Disk \Device\Harddisk0\DR0 sector 41: copy of MBR Disk \Device\Harddisk0\DR0 sector 42: copy of MBR Disk \Device\Harddisk0\DR0 sector 43: copy of MBR Disk \Device\Harddisk0\DR0 sector 44: copy of MBR Disk \Device\Harddisk0\DR0 sector 45: copy of MBR Disk \Device\Harddisk0\DR0 sector 46: copy of MBR Disk \Device\Harddisk0\DR0 sector 47: copy of MBR Disk \Device\Harddisk0\DR0 sector 48: copy of MBR Disk \Device\Harddisk0\DR0 sector 49: copy of MBR Disk \Device\Harddisk0\DR0 sector 50: copy of MBR Disk \Device\Harddisk0\DR0 sector 51: copy of MBR Disk \Device\Harddisk0\DR0 sector 52: copy of MBR Disk \Device\Harddisk0\DR0 sector 53: copy of MBR Disk \Device\Harddisk0\DR0 sector 54: copy of MBR Disk \Device\Harddisk0\DR0 sector 55: copy of MBR Disk \Device\Harddisk0\DR0 sector 56: copy of MBR Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 58: copy of MBR Disk \Device\Harddisk0\DR0 sector 59: copy of MBR Disk \Device\Harddisk0\DR0 sector 60: copy of MBR Disk \Device\Harddisk0\DR0 sector 61: copy of MBR Disk \Device\Harddisk0\DR0 sector 62: copy of MBR Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR ---- EOF - GMER 1.0.15 ---- soll ich noch ein anderen scannen?? |
|
|
||
19.03.2009, 16:32
Member
Beiträge: 3716 |
#24
hallo, ja catchme und blacklight.
hohl dir auch noch: http://virus-protect.org/artikel/tools/mbr.html und scanne damit ebenfalls. |
|
|
||
19.03.2009, 16:56
Member
Themenstarter Beiträge: 44 |
#25
Zitat virenfinder postetecatchme: catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... HKLM\SYSTEM\CurrentControlSet\Services\GEARAspiWDMsys scanning hidden autostart entries ... scanning hidden files ... C:\Dokumente und Einstellungen\DOM\Lokale Einstellungen\temp\gaopdx000 0 bytes C:\Dokumente und Einstellungen\DOM\Lokale Einstellungen\temp\gaopdxserv.sys000 0 bytes C:\WINDOWS\system32\drivers\gaopdxreeebeox.sys 77824 bytes C:\WINDOWS\system32\drivers\gaopdxtnklvvrw.sys 77824 bytes C:\WINDOWS\system32\gaopdxcounter 8 bytes C:\WINDOWS\system32\gaopdxmbamnbaa.dll 57344 bytes scan completed successfully hidden processes: 0 hidden services: 1 hidden files: 6 bl: 03/19/09 16:48:13 [Info]: BlackLight Engine 2.2.1092 initialized 03/19/09 16:48:13 [Info]: OS: 5.1 build 2600 (Service Pack 3) 03/19/09 16:48:13 [Note]: 7019 4 03/19/09 16:48:13 [Note]: 7005 0 03/19/09 16:48:15 [Note]: 7006 0 03/19/09 16:48:15 [Note]: 7011 3188 03/19/09 16:48:15 [Note]: 7035 0 03/19/09 16:48:15 [Note]: 7026 0 03/19/09 16:48:15 [Note]: 7026 0 03/19/09 16:48:17 [Note]: FSRAW library version 1.7.1024 03/19/09 16:48:53 [Note]: 7007 0 mbr: Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK Dieser Beitrag wurde am 19.03.2009 um 17:01 Uhr von dom2607 editiert.
|
|
|
||
19.03.2009, 17:20
Member
Beiträge: 3716 |
#26
avenger script wie beschrieben erstellen
http://virus-protect.org/artikel/tools/avenger.html files to delete: C:\Dokumente und Einstellungen\DOM\Lokale Einstellungen\temp\gaopdx000 C:\Dokumente und Einstellungen\DOM\Lokale Einstellungen\temp\gaopdxserv.sys C:\WINDOWS\system32\drivers\gaopdxreeebeox.sys C:\WINDOWS\system32\drivers\gaopdxtnklvvrw.sys C:\WINDOWS\system32\gaopdxcounter C:\WINDOWS\system32\gaopdxmbamnbaa.dll log posten. |
|
|
||
19.03.2009, 17:51
Member
Themenstarter Beiträge: 44 |
#27
Zitat virenfinder postetehier das avengerlog: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "gaopdxserv.sys" found! ImagePath: \systemroot\system32\drivers\gaopdxreeebeox.sys Start Type: 1 (System) Rootkit scan completed. Completed script processing. ******************* Finished! Terminate. die dateien zum löschen waren alle nicht mehr vorhanden. vielleicht nach ccleaner und cleanup mit gelöscht worden? |
|
|
||
19.03.2009, 17:57
Member
Beiträge: 3716 |
#28
du sollst das was ich als script geschrieben hab im avenger einfügen und nicht per hand suchen ;-)
|
|
|
||
19.03.2009, 18:03
Member
Themenstarter Beiträge: 44 |
#29
Zitat virenfinder posteteups sorry hab ich falsch verstanden. hier das ergebnis: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "gaopdxserv.sys" found! ImagePath: \systemroot\system32\drivers\gaopdxreeebeox.sys Start Type: 1 (System) Rootkit scan completed. Completed script processing. ******************* Finished! Terminate. ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows XP (build 2600, Service Pack 3) Thu Mar 19 17:58:10 2009 17:58:10: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "gaopdxserv.sys" found! ImagePath: \systemroot\system32\drivers\gaopdxreeebeox.sys Start Type: 1 (System) Rootkit scan completed. File "C:\Dokumente und Einstellungen\DOM\Lokale Einstellungen\temp\gaopdx000" deleted successfully. Error: file "C:\Dokumente und Einstellungen\DOM\Lokale Einstellungen\temp\gaopdxserv.sys" not found! Deletion of file "C:\Dokumente und Einstellungen\DOM\Lokale Einstellungen\temp\gaopdxserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\WINDOWS\system32\drivers\gaopdxreeebeox.sys" deleted successfully. File "C:\WINDOWS\system32\drivers\gaopdxtnklvvrw.sys" deleted successfully. File "C:\WINDOWS\system32\gaopdxcounter" deleted successfully. File "C:\WINDOWS\system32\gaopdxmbamnbaa.dll" deleted successfully. Completed script processing. ******************* Finished! Terminate. schien doch noch vorhanden zu sein. jetzt ist es weg und nun? Dieser Beitrag wurde am 19.03.2009 um 18:11 Uhr von dom2607 editiert.
|
|
|
||
19.03.2009, 18:28
Member
Beiträge: 3716 |
#30
nun gehts weiter:
http://virus-protect.org/cureit.html laden und im abgesicherten modus ausfüren, log posten. |
|
|
||
http://virus-protect.org/artikel/tools/findykill.html
füre option 1 aus, poste das log.