Google verweist auf falsche Seiten |
||
---|---|---|
#0
| ||
26.04.2009, 18:44
Member
Beiträge: 3716 |
||
|
||
26.04.2009, 18:55
Member
Themenstarter Beiträge: 14 |
#17
Ach so sry,
trotzdem klappt es nicht bei mir steht leider nciht Type Y to proceed... oder so. Ich gehe allerdings über Start-Ausführen-msconfig und dann Diagnossystemstart in den agbesicherten modus, F8 klappt leider bei mir nicht, weiss nicht warum. Hat es vielleicht damit zu tun? Es sieht nämlcih immer so wie in Punkt 2 der anleitung aus. Bin echt am verzweifen so langsam |
|
|
||
26.04.2009, 19:08
Member
Beiträge: 3716 |
#18
hmm versuchen wir was anderes:
http://virus-protect.org/artikel/tools/gmer.html bitte bei diesem scan alle programme abschalten also antivirus etc. und die Verbindung zum internet trennen, also wlan aus oder netzwerkkabel raus, poste dann nach dem scan das log. |
|
|
||
26.04.2009, 23:26
Member
Themenstarter Beiträge: 14 |
#19
Ui, der hat aber diesmal lange gebraucht.
also hier is das, was er sofort angezeigt hatte, ohne das ich den Scan einschalten musste: GMER 1.0.15.14966 - http://www.gmer.net Rootkit scan 2009-04-26 21:14:52 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT spwz.sys ZwEnumerateKey [0xF72A4CA4] SSDT spwz.sys ZwEnumerateValueKey [0xF72A5032] ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8B2E81F8 ---- EOF - GMER 1.0.15 ---- Und hier der endgültige Log: GMER 1.0.15.14966 - http://www.gmer.net Rootkit scan 2009-04-26 23:21:32 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT F7ABBB96 ZwCreateKey SSDT F7ABBB8C ZwCreateThread SSDT F7ABBB9B ZwDeleteKey SSDT F7ABBBA5 ZwDeleteValueKey SSDT spwz.sys ZwEnumerateKey [0xF72A4CA4] SSDT spwz.sys ZwEnumerateValueKey [0xF72A5032] SSDT F7ABBBAA ZwLoadKey SSDT spwz.sys ZwOpenKey [0xF72860C0] SSDT F7ABBB78 ZwOpenProcess SSDT F7ABBB7D ZwOpenThread SSDT spwz.sys ZwQueryKey [0xF72A510A] SSDT spwz.sys ZwQueryValueKey [0xF72A4F8A] SSDT F7ABBBB4 ZwReplaceKey SSDT F7ABBBAF ZwRestoreKey SSDT F7ABBBA0 ZwSetValueKey SSDT F7ABBB87 ZwTerminateProcess INT 0x62 ? 8B2E9BF8 INT 0x63 ? 8AF4FDE0 INT 0x73 ? 8B2E9BF8 INT 0x73 ? 8B2E9BF8 INT 0x73 ? 8B2E9BF8 INT 0x73 ? 8B2E9BF8 INT 0x73 ? 8AF4FDE0 INT 0x73 ? 8B2E9BF8 INT 0x82 ? 8B2E9BF8 INT 0x83 ? 8AF4FDE0 INT 0x94 ? 8AF4FDE0 INT 0xB4 ? 8AF4FDE0 INT 0xB4 ? 8AF4FDE0 INT 0xB4 ? 8AF4FDE0 INT 0xB4 ? 8AF4FDE0 ---- Kernel code sections - GMER 1.0.15 ---- ? spwz.sys Das System kann die angegebene Datei nicht finden. ! .text USBPORT.SYS!DllUnload F65AF8AC 5 Bytes JMP 8AF4F3C0 .text ae2wjttl.SYS F64AB386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text ae2wjttl.SYS F64AB3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text ae2wjttl.SYS F64AB3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text ae2wjttl.SYS F64AB3C9 1 Byte [30] .text ae2wjttl.SYS F64AB3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7287042] spwz.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F728713E] spwz.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72870C0] spwz.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7287800] spwz.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72876D6] spwz.sys IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88 IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!KeGetCurrentIrql] 9E880000 IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!KfRaiseIrql] 00001CA9 IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!KfLowerIrql] 0E798366 IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!HalGetInterruptVector] 74AAB000 IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!HalTranslateBusAddress] 8186C636 IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6 IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000 IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86 IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200 IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[WMILIB.SYS!WmiSystemControl] 8800001C IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8B2E81F8 Device \FileSystem\Udfs \UdfsCdRom 8AE11500 Device \FileSystem\Udfs \UdfsDisk 8AE11500 Device \Driver\usbuhci \Device\USBPDO-0 8AD6B500 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B2781F8 Device \Driver\dmio \Device\DmControl\DmConfig 8B2781F8 Device \Driver\dmio \Device\DmControl\DmPnP 8B2781F8 Device \Driver\dmio \Device\DmControl\DmInfo 8B2781F8 Device \Driver\usbuhci \Device\USBPDO-1 8AD6B500 Device \Driver\usbuhci \Device\USBPDO-2 8AD6B500 Device \Driver\NetBT \Device\NetBT_Tcpip_{5E2A5981-0522-42DD-A89C-DCB6B4595471} 8AD554B0 Device \Driver\usbehci \Device\USBPDO-3 8AD7D500 Device \Driver\usbuhci \Device\USBPDO-4 8AD6B500 Device \Driver\usbuhci \Device\USBPDO-5 8AD6B500 Device \Driver\usbuhci \Device\USBPDO-6 8AD6B500 Device \Driver\Ftdisk \Device\HarddiskVolume1 8B2EA1F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) Device \Driver\usbehci \Device\USBPDO-7 8AD7D500 Device \Driver\Ftdisk \Device\HarddiskVolume2 8B2EA1F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) Device \Driver\Cdrom \Device\CdRom0 8AE0C500 Device \Driver\Ftdisk \Device\HarddiskVolume3 8B2EA1F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) Device \Driver\Cdrom \Device\CdRom1 8AE0C500 Device \Driver\Cdrom \Device\CdRom2 8AE0C500 Device \Driver\sptd \Device\456697358 spwz.sys Device \Driver\NetBT \Device\NetBt_Wins_Export 8AD554B0 Device \Driver\NetBT \Device\NetbiosSmb 8AD554B0 Device \Driver\PCI_PNP7358 \Device\0000004f spwz.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{EE22A82B-18A3-4EDE-8D79-C90EC0A5A1EE} 8AD554B0 Device \Driver\usbuhci \Device\USBFDO-0 8AD6B500 Device \Driver\usbuhci \Device\USBFDO-1 8AD6B500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8ADA5500 Device \Driver\usbuhci \Device\USBFDO-2 8AD6B500 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8ADA5500 Device \Driver\usbehci \Device\USBFDO-3 8AD7D500 Device \Driver\usbuhci \Device\USBFDO-4 8AD6B500 Device \Driver\Ftdisk \Device\FtControl 8B2EA1F8 Device \Driver\usbuhci \Device\USBFDO-5 8AD6B500 Device \Driver\usbuhci \Device\USBFDO-6 8AD6B500 Device \Driver\usbehci \Device\USBFDO-7 8AD7D500 Device \Driver\ae2wjttl \Device\Scsi\ae2wjttl1Port6Path0Target0Lun0 8ACA3500 Device \Driver\ae2wjttl \Device\Scsi\ae2wjttl1 8ACA3500 Device \FileSystem\Cdfs \Cdfs 8AE0D500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1D 0xD1 0x44 0xFA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF5 0xD9 0xB6 0xD7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCF 0x0C 0x0C 0x95 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAE 0x5C 0xA5 0xB3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD1 0x64 0xD4 0x03 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCF 0xBE 0x64 0x61 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xEA 0x0E 0x7E 0x35 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAE 0x5C 0xA5 0xB3 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA4 0xFD 0xB1 0x22 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD2 0xFE 0x79 0x66 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xEA 0x0E 0x7E 0x35 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1D 0xD1 0x44 0xFA ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF5 0xD9 0xB6 0xD7 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCF 0x0C 0x0C 0x95 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAE 0x5C 0xA5 0xB3 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD1 0x64 0xD4 0x03 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCF 0xBE 0x64 0x61 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xEA 0x0E 0x7E 0x35 ... ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl (size mismatch) 8192/4096 bytes |
|
|
||
27.04.2009, 12:53
Member
Beiträge: 3716 |
#20
wie läuft der pc momentan?
|
|
|
||
27.04.2009, 13:23
Member
Themenstarter Beiträge: 14 |
#21
Meinst Du ob die falschen Googleverlinkungen immernoch vorhanden sind?
Das muss ich nochmal testen wenn ich zu Hause bin, aber denke schon, habe ja keinen Trojaner oder so gelöscht seitdem oder? Ich habe doch bisher nur zahlreiche Logs erstellt. |
|
|
||
27.04.2009, 14:05
Member
Beiträge: 3716 |
#22
doch, es wurde bereits einiges gelöscht.
|
|
|
||
27.04.2009, 14:32
Member
Themenstarter Beiträge: 14 |
||
|
||
27.04.2009, 14:36
Member
Beiträge: 3716 |
#24
kein stress. gib dann bescheid bitte.
|
|
|
||
27.04.2009, 19:44
Member
Themenstarter Beiträge: 14 |
#25
Also ich habe jetzt ziemlich viel gegoogelt, und es scheint weg zu sein. Kann natürlich auch so eine Art Vorführeffekt sein.
Ich würde schon gerne wissen wie dieser Trojaner heisst. |
|
|
||
27.04.2009, 20:08
Member
Beiträge: 3716 |
#26
ich geb dir am ende ne zusammenfassung.
mache folgende 2 online-scans, lösche funde und poste logs: http://www.eset.com/onlinescan/ http://support.f-secure.de |
|
|
||
28.04.2009, 20:11
Member
Themenstarter Beiträge: 14 |
#27
Während des Scans mit Eset, hat mir Antivir folgende Trojaner gemeldet, die aber immer wieder auftauchen, obwohl ich sie lösche
'TR/Crypt.XPACK.Gen' 'TR/Unpacked.Gen' 'TR/Crypt.PEPM.Gen' Da eset selber nichts gefunden hat, habe ich auch keinen Log hier der Log von f-secure Result: 2 malware found TrackingCookie.Atwola (spyware) * System TrackingCookie.Zanox (spyware) * System Statistics Scanned: * Files: 57312 * System: 4141 * Not scanned: 9 Actions: * Disinfected: 0 * Renamed: 0 * Deleted: 0 * None: 2 * Submitted: 0 Files not scanned: * C:\HIBERFIL.SYS * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM * C:\DOKUMENTE UND EINSTELLUNGEN\SEYNEMS\LOKALE EINSTELLUNGEN\TEMP\ETILQS_VKBYBVGDXTKIXJYYZLWT * C:\DOKUMENTE UND EINSTELLUNGEN\SEYNEMS\LOKALE EINSTELLUNGEN\TEMP\HSPERFDATA_SEYNEMS\3148 Options Scanning engines: * F-Secure USS: 3.0.0 * F-Secure Hydra: 3.8.9080, 2009-04-28 * F-Secure AVP: 7.0.171, 2009-04-28 * F-Secure Pegasus: 1.20.0, 1970-00-01 * F-Secure Blacklight: 0.0.0 Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR * Use Advanced heuristics Schade, das Problem ist immernoch vorhanden. Dieser Beitrag wurde am 30.04.2009 um 19:50 Uhr von seysas editiert.
|
|
|
||
http://virus-protect.org/artikel/tools/sdfix.html
dort ab 1. und da kommt auch die stelle mit abgesicherter modus.