Home » Viren, Trojaner & Malware Forum » Google verweist auf falsche Seiten » Themenansicht

Google verweist auf falsche Seiten
#0
26.04.2009, 18:44
virenfinder
Member

Beiträge: 3716
#16 hi, ich hab dir doch n link für sdfix gegeben:

http://virus-protect.org/artikel/tools/sdfix.html
dort ab 1. und da kommt auch die stelle mit abgesicherter modus.
Seitenanfang Seitenende
26.04.2009, 18:55
seysas
Member

Themenstarter

Beiträge: 14
#17 Ach so sry,

trotzdem klappt es nicht bei mir steht leider nciht Type Y to proceed... oder so.
Ich gehe allerdings über Start-Ausführen-msconfig und dann Diagnossystemstart in den agbesicherten modus, F8 klappt leider bei mir nicht, weiss nicht warum.
Hat es vielleicht damit zu tun?

Es sieht nämlcih immer so wie in Punkt 2 der anleitung aus.
Bin echt am verzweifen so langsam
Seitenanfang Seitenende
26.04.2009, 19:08
virenfinder
Member

Beiträge: 3716
#18 hmm versuchen wir was anderes:
http://virus-protect.org/artikel/tools/gmer.html
bitte bei diesem scan alle programme abschalten also antivirus etc. und die Verbindung zum internet trennen, also wlan aus oder netzwerkkabel raus, poste dann nach dem scan das log.
Seitenanfang Seitenende
26.04.2009, 23:26
seysas
Member

Themenstarter

Beiträge: 14
#19 Ui, der hat aber diesmal lange gebraucht.
also hier is das, was er sofort angezeigt hatte, ohne das ich den Scan einschalten musste:

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-26 21:14:52
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT spwz.sys ZwEnumerateKey [0xF72A4CA4]
SSDT spwz.sys ZwEnumerateValueKey [0xF72A5032]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B2E81F8

---- EOF - GMER 1.0.15 ----

Und hier der endgültige Log:


GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-26 23:21:32
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT F7ABBB96 ZwCreateKey
SSDT F7ABBB8C ZwCreateThread
SSDT F7ABBB9B ZwDeleteKey
SSDT F7ABBBA5 ZwDeleteValueKey
SSDT spwz.sys ZwEnumerateKey [0xF72A4CA4]
SSDT spwz.sys ZwEnumerateValueKey [0xF72A5032]
SSDT F7ABBBAA ZwLoadKey
SSDT spwz.sys ZwOpenKey [0xF72860C0]
SSDT F7ABBB78 ZwOpenProcess
SSDT F7ABBB7D ZwOpenThread
SSDT spwz.sys ZwQueryKey [0xF72A510A]
SSDT spwz.sys ZwQueryValueKey [0xF72A4F8A]
SSDT F7ABBBB4 ZwReplaceKey
SSDT F7ABBBAF ZwRestoreKey
SSDT F7ABBBA0 ZwSetValueKey
SSDT F7ABBB87 ZwTerminateProcess

INT 0x62 ? 8B2E9BF8
INT 0x63 ? 8AF4FDE0
INT 0x73 ? 8B2E9BF8
INT 0x73 ? 8B2E9BF8
INT 0x73 ? 8B2E9BF8
INT 0x73 ? 8B2E9BF8
INT 0x73 ? 8AF4FDE0
INT 0x73 ? 8B2E9BF8
INT 0x82 ? 8B2E9BF8
INT 0x83 ? 8AF4FDE0
INT 0x94 ? 8AF4FDE0
INT 0xB4 ? 8AF4FDE0
INT 0xB4 ? 8AF4FDE0
INT 0xB4 ? 8AF4FDE0
INT 0xB4 ? 8AF4FDE0

---- Kernel code sections - GMER 1.0.15 ----

? spwz.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload F65AF8AC 5 Bytes JMP 8AF4F3C0
.text ae2wjttl.SYS F64AB386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ae2wjttl.SYS F64AB3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ae2wjttl.SYS F64AB3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text ae2wjttl.SYS F64AB3C9 1 Byte [30]
.text ae2wjttl.SYS F64AB3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7287042] spwz.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F728713E] spwz.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72870C0] spwz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7287800] spwz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72876D6] spwz.sys
IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\ae2wjttl.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A873CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[2572] @ C:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01A87376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B2E81F8
Device \FileSystem\Udfs \UdfsCdRom 8AE11500
Device \FileSystem\Udfs \UdfsDisk 8AE11500
Device \Driver\usbuhci \Device\USBPDO-0 8AD6B500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B2781F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B2781F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B2781F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B2781F8
Device \Driver\usbuhci \Device\USBPDO-1 8AD6B500
Device \Driver\usbuhci \Device\USBPDO-2 8AD6B500
Device \Driver\NetBT \Device\NetBT_Tcpip_{5E2A5981-0522-42DD-A89C-DCB6B4595471} 8AD554B0
Device \Driver\usbehci \Device\USBPDO-3 8AD7D500
Device \Driver\usbuhci \Device\USBPDO-4 8AD6B500
Device \Driver\usbuhci \Device\USBPDO-5 8AD6B500
Device \Driver\usbuhci \Device\USBPDO-6 8AD6B500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B2EA1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device \Driver\usbehci \Device\USBPDO-7 8AD7D500
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B2EA1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device \Driver\Cdrom \Device\CdRom0 8AE0C500
Device \Driver\Ftdisk \Device\HarddiskVolume3 8B2EA1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device \Driver\Cdrom \Device\CdRom1 8AE0C500
Device \Driver\Cdrom \Device\CdRom2 8AE0C500
Device \Driver\sptd \Device\456697358 spwz.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 8AD554B0
Device \Driver\NetBT \Device\NetbiosSmb 8AD554B0
Device \Driver\PCI_PNP7358 \Device\0000004f spwz.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{EE22A82B-18A3-4EDE-8D79-C90EC0A5A1EE} 8AD554B0
Device \Driver\usbuhci \Device\USBFDO-0 8AD6B500
Device \Driver\usbuhci \Device\USBFDO-1 8AD6B500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8ADA5500
Device \Driver\usbuhci \Device\USBFDO-2 8AD6B500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8ADA5500
Device \Driver\usbehci \Device\USBFDO-3 8AD7D500
Device \Driver\usbuhci \Device\USBFDO-4 8AD6B500
Device \Driver\Ftdisk \Device\FtControl 8B2EA1F8
Device \Driver\usbuhci \Device\USBFDO-5 8AD6B500
Device \Driver\usbuhci \Device\USBFDO-6 8AD6B500
Device \Driver\usbehci \Device\USBFDO-7 8AD7D500
Device \Driver\ae2wjttl \Device\Scsi\ae2wjttl1Port6Path0Target0Lun0 8ACA3500
Device \Driver\ae2wjttl \Device\Scsi\ae2wjttl1 8ACA3500
Device \FileSystem\Cdfs \Cdfs 8AE0D500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1D 0xD1 0x44 0xFA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF5 0xD9 0xB6 0xD7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCF 0x0C 0x0C 0x95 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAE 0x5C 0xA5 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD1 0x64 0xD4 0x03 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCF 0xBE 0x64 0x61 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xEA 0x0E 0x7E 0x35 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAE 0x5C 0xA5 0xB3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA4 0xFD 0xB1 0x22 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD2 0xFE 0x79 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xEA 0x0E 0x7E 0x35 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1D 0xD1 0x44 0xFA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF5 0xD9 0xB6 0xD7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCF 0x0C 0x0C 0x95 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAE 0x5C 0xA5 0xB3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD1 0x64 0xD4 0x03 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCF 0xBE 0x64 0x61 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xEA 0x0E 0x7E 0x35 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl (size mismatch) 8192/4096 bytes
Seitenanfang Seitenende
27.04.2009, 12:53
virenfinder
Member

Beiträge: 3716
#20 wie läuft der pc momentan?
Seitenanfang Seitenende
27.04.2009, 13:23
seysas
Member

Themenstarter

Beiträge: 14
#21 Meinst Du ob die falschen Googleverlinkungen immernoch vorhanden sind?

Das muss ich nochmal testen wenn ich zu Hause bin, aber denke schon, habe ja keinen Trojaner oder so gelöscht seitdem oder?
Ich habe doch bisher nur zahlreiche Logs erstellt.
Seitenanfang Seitenende
27.04.2009, 14:05
virenfinder
Member

Beiträge: 3716
#22 doch, es wurde bereits einiges gelöscht.
Seitenanfang Seitenende
27.04.2009, 14:32
seysas
Member

Themenstarter

Beiträge: 14
#23 Ok ich teste nochmal.

Danke übrigens für alles und Deine Geduld
Seitenanfang Seitenende
27.04.2009, 14:36
virenfinder
Member

Beiträge: 3716
#24 kein stress. gib dann bescheid bitte.
Seitenanfang Seitenende
27.04.2009, 19:44
seysas
Member

Themenstarter

Beiträge: 14
#25 Also ich habe jetzt ziemlich viel gegoogelt, und es scheint weg zu sein. Kann natürlich auch so eine Art Vorführeffekt sein.
Ich würde schon gerne wissen wie dieser Trojaner heisst.
Seitenanfang Seitenende
27.04.2009, 20:08
virenfinder
Member

Beiträge: 3716
#26 ich geb dir am ende ne zusammenfassung.
mache folgende 2 online-scans, lösche funde und poste logs:
http://www.eset.com/onlinescan/
http://support.f-secure.de
Seitenanfang Seitenende
28.04.2009, 20:11
seysas
Member

Themenstarter

Beiträge: 14
#27 Während des Scans mit Eset, hat mir Antivir folgende Trojaner gemeldet, die aber immer wieder auftauchen, obwohl ich sie lösche

'TR/Crypt.XPACK.Gen'
'TR/Unpacked.Gen'
'TR/Crypt.PEPM.Gen'


Da eset selber nichts gefunden hat, habe ich auch keinen Log

hier der Log von f-secure

Result: 2 malware found
TrackingCookie.Atwola (spyware)

* System

TrackingCookie.Zanox (spyware)

* System

Statistics
Scanned:

* Files: 57312
* System: 4141
* Not scanned: 9

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 2
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOKUMENTE UND EINSTELLUNGEN\SEYNEMS\LOKALE EINSTELLUNGEN\TEMP\ETILQS_VKBYBVGDXTKIXJYYZLWT
* C:\DOKUMENTE UND EINSTELLUNGEN\SEYNEMS\LOKALE EINSTELLUNGEN\TEMP\HSPERFDATA_SEYNEMS\3148

Options
Scanning engines:

* F-Secure USS: 3.0.0
* F-Secure Hydra: 3.8.9080, 2009-04-28
* F-Secure AVP: 7.0.171, 2009-04-28
* F-Secure Pegasus: 1.20.0, 1970-00-01
* F-Secure Blacklight: 0.0.0

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics








Schade,

das Problem ist immernoch vorhanden.
Dieser Beitrag wurde am 30.04.2009 um 19:50 Uhr von seysas editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12