| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malware Defense,Antivir Blocker,Kaspersky BlockerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.01.2010, 14:59
| #16 |
 |  Malware Defense,Antivir Blocker,Kaspersky Blocker Hab den Scan jetzt auch mal gemacht,allerdings nur auf C: , wo bei mir windows,downloads usersettings usw drin sind. GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover Rootkit scan 2010-01-07 14:58:12 Windows 5.1.2600 Service Pack 3 Running: 8wmm5tkb.exe; Driver: C:\DOKUME~1\ALPACA~1\LOKALE~1\Temp\ugtdypog.sys ---- System - GMER 1.0.15 ---- INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B8E29541 INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B8E295E7 INT 0x63 ? 8AA67BF8 INT 0x73 ? 8AA67BF8 INT 0x73 ? 8AA67BF8 INT 0x82 ? 8AC5ABF8 INT 0x83 ? 8AC5ABF8 INT 0xA4 ? 8AA67BF8 INT 0xB4 ? 8AA67BF8 Code 8AA83058 ZwEnumerateKey Code 89DE4E3E ZwFlushInstructionCache Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous Code 8AA8308E IofCallDriver Code 8A0E71F6 IofCompleteRequest ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF74 5 Bytes JMP AC4EC410 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) .text ntkrnlpa.exe!IofCallDriver 804EF196 5 Bytes JMP 8AA83093 .text ntkrnlpa.exe!IofCompleteRequest 804EF226 5 Bytes JMP 8A0E71FB .text ntkrnlpa.exe!IoIsOperationSynchronous 804EF902 5 Bytes JMP AC4EC7CA \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6806 5 Bytes JMP 89DE4E42 PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FC6 4 Bytes JMP 8AA8305C ? spvt.sys Das System kann die angegebene Datei nicht finden. ! .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8CBB000, 0x16DB56, 0xE8000020] .text USBPORT.SYS!DllUnload B8C3A8AC 5 Bytes JMP 8AA671D8 .text C:\WINDOWS\system32\drivers\ACEDRV09.sys section is writeable [0xA8D2F000, 0x3326E, 0xE8000020] .pklstb C:\WINDOWS\system32\drivers\ACEDRV09.sys entry point in ".pklstb" section [0xA8D74000] .relo2 C:\WINDOWS\system32\drivers\ACEDRV09.sys unknown last section [0xA8D90000, 0x8E, 0x42000040] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spvt.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spvt.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spvt.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spvt.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spvt.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spvt.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8AC591F8 Device \FileSystem\Fastfat \FatCdrom 899351F8 Device \Driver\usbohci \Device\USBPDO-0 8A8931F8 Device \Driver\usbohci \Device\USBPDO-1 8A8931F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8ACCA1F8 Device \Driver\dmio \Device\DmControl\DmConfig 8ACCA1F8 Device \Driver\dmio \Device\DmControl\DmPnP 8ACCA1F8 Device \Driver\dmio \Device\DmControl\DmInfo 8ACCA1F8 Device \Driver\usbohci \Device\USBPDO-2 8A8931F8 Device \Driver\usbohci \Device\USBPDO-3 8A8931F8 Device \Driver\usbohci \Device\USBPDO-4 8A8931F8 Device \Driver\usbehci \Device\USBPDO-5 8A86E500 Device \Driver\Ftdisk \Device\HarddiskVolume1 8AC5B1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8AC5B1F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 8AC5B1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Ftdisk \Device\HarddiskVolume4 8AC5B1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A806500 Device \Driver\NetBT \Device\NetbiosSmb 8A806500 Device \Driver\PCI_PNP0658 \Device\0000005e spvt.sys Device \Driver\usbohci \Device\USBFDO-0 8A8931F8 Device \Driver\usbohci \Device\USBFDO-1 8A8931F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A7C81F8 Device \Driver\usbohci \Device\USBFDO-2 8A8931F8 Device \Driver\sptd \Device\2169943158 spvt.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{729BC780-0717-4DC2-AD81-B493F5650A14} 8A806500 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A7C81F8 Device \Driver\usbohci \Device\USBFDO-3 8A8931F8 Device \Driver\usbohci \Device\USBFDO-4 8A8931F8 Device \Driver\Ftdisk \Device\FtControl 8AC5B1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{D43CD0A4-E8FF-4D7C-A468-FCDB906265F3} 8A806500 Device \Driver\usbehci \Device\USBFDO-5 8A86E500 Device \Driver\av3aktwq \Device\Scsi\av3aktwq1Port4Path0Target0Lun0 8A8541F8 Device \Driver\av3aktwq \Device\Scsi\av3aktwq1 8A8541F8 Device \FileSystem\Fastfat \Fat 899351F8 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 89BD1500 ---- Modules - GMER 1.0.15 ---- Module \systemroot\system32\drivers\H8SRTlrgqtehtkb.sys (*** hidden *** ) AC04D000-AC06A000 (118784 bytes) Module \systemroot\system32\drivers\gaopdxavptabrx.sys (*** hidden *** ) AC07D000-AC0A5000 (163840 bytes) ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\systemroot\system32\H8SRTyitlogrrlf.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [348] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTyitlogrrlf.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1100] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTyitlogrrlf.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1704] 0x02760000 Library \\?\globalroot\systemroot\system32\H8SRTyitlogrrlf.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1792] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTyitlogrrlf.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1840] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTyitlogrrlf.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1992] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTyitlogrrlf.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2024] 0x10000000 ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\gaopdxavptabrx.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!! Service C:\WINDOWS\system32\drivers\H8SRTlrgqtehtkb.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxavptabrx.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxavptabrx.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxdwswnkpm.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTlrgqtehtkb.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTlrgqtehtkb.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRToyuypbijow.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTdlijwnsmpk.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTyitlogrrlf.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTchbqpilklq.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAB 0xAA 0x39 0xD1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x45 0xB0 0xCA 0x32 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x60 0x82 0x08 0x28 ... Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@start 1 Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@type 1 Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxavptabrx.sys Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@group file system Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxavptabrx.sys Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxdwswnkpm.dll Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxavptabrx.sys Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxavptabrx.sys Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxdwswnkpm.dll Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTlrgqtehtkb.sys Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTlrgqtehtkb.sys Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRToyuypbijow.dll Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTdlijwnsmpk.dat Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTyitlogrrlf.dll Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTchbqpilklq.dll Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0C 0x32 0x22 0xD6 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x45 0xB0 0xCA 0x32 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x60 0x82 0x08 0x28 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1 ---- Files - GMER 1.0.15 ---- File C:\Dokumente und Einstellungen\Alpacahuhn(TM)\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\YS4Q64D7\myvideo-782.vo.llnwd.net\d4\player\player\player_V23w.swf 0 bytes File C:\Dokumente und Einstellungen\Alpacahuhn(TM)\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\YS4Q64D7\myvideo-782.vo.llnwd.net\d4\player\player\player_V23w.swf\volumeSet.sol 46 bytes File C:\Programme\ATI Technologies\ATI.ACE\Core-Implementation\CLI.Component.Runtime.Extension.EEU.dll (size mismatch) 73728/6656 bytes executable File C:\Programme\ATI Technologies\ATI.ACE\Core-Implementation\fi\CLI.Component.SkinFactory.resources.dll (size mismatch) 7680/6656 bytes executable File C:\Programme\ATI Technologies\ATI.ACE\Core-Implementation\LOG.Foundation.Implementation.Private.dll (size mismatch) 61440/20480 bytes executable File C:\Programme\ATI Technologies\ATI.ACE\Graphics-Full-Existing\CLI.Caste.Graphics.Dashboard.dll (size mismatch) 36864/73728 bytes executable File C:\Programme\ATI Technologies\ATI.ACE\Graphics-Light\de\CLI.Caste.Graphics.Runtime.resources.dll (size mismatch) 16896/4608 bytes executable File C:\Programme\Common Files\InstallShield\WebUpdate\WebUpdate.exe (size mismatch) 24576/331776 bytes executable File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSOWS407.DLL (size mismatch) 561209/127032 bytes executable File C:\Programme\NetMeeting\dcap32.dll (size mismatch) 45056/40960 bytes executable File C:\Programme\OpenOffice.org 2.4\program\assembly\cli_types.dll (size mismatch) 32256/847872 bytes executable File C:\Programme\OpenOffice.org 2.4\program\cached1.dll (size mismatch) 34304/122880 bytes executable File C:\Programme\OpenOffice.org 2.4\program\crashrep.com (size mismatch) 360448/8192 bytes executable File C:\Programme\Outlook Express\wabfind.dll (size mismatch) 46080/32768 bytes executable File C:\Programme\Windows NT\Zubehör\wordpad.exe (size mismatch) 281088/216064 bytes executable File C:\WINDOWS\$NtServicePackUninstall$\dfrgfat.exe (size mismatch) 288256/82432 bytes executable File C:\WINDOWS\$NtServicePackUninstall$\agt0409.dll (size mismatch) 22016/19456 bytes executable File C:\WINDOWS\$NtServicePackUninstall$\iscomlog.dll (size mismatch) 68608/27136 bytes executable File C:\WINDOWS\ServicePackFiles\i386\qedit.dll (size mismatch) 387072/563200 bytes executable File C:\WINDOWS\ServicePackFiles\i386\lbrtfdc.sys (size mismatch) 24064/34688 bytes executable File C:\WINDOWS\BricoPacks\SysFiles\20_inetcplc.dll (size mismatch) 70656/120320 bytes executable File C:\WINDOWS\BricoPacks\SysFiles\62_themeui.dll (size mismatch) 28160/389632 bytes executable File C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1055.dll (size mismatch) 105976/106488 bytes executable File C:\WINDOWS\system32\drivers\ati1rvxx.sys (size mismatch) 30671/63663 bytes executable File C:\WINDOWS\system32\drivers\gaopdxavptabrx.sys 71168 bytes executable <-- ROOTKIT !!! File C:\WINDOWS\system32\drivers\gaopdxcdkmayuo.sys 75264 bytes executable File C:\WINDOWS\system32\drivers\gaopdxhgefmlpi.sys 75264 bytes executable File C:\WINDOWS\system32\drivers\gaopdxmchbluwn.sys 74752 bytes executable File C:\WINDOWS\system32\drivers\gaopdxnxbdofsx.sys 75776 bytes executable File C:\WINDOWS\system32\drivers\gaopdxqympjxva.sys 75776 bytes executable File C:\WINDOWS\system32\drivers\gaopdxuuryoeqh.sys 74752 bytes executable File C:\WINDOWS\system32\drivers\gaopdxwfrgyndn.sys 75776 bytes executable File C:\WINDOWS\system32\drivers\gaopdxwlhrutlf.sys 75264 bytes executable File C:\WINDOWS\system32\drivers\gaopdxyqhimpqx.sys 71680 bytes executable File C:\WINDOWS\system32\drivers\usbd.sys (size mismatch) 14592/4736 bytes executable File C:\WINDOWS\system32\drivers\H8SRTlrgqtehtkb.sys 40448 bytes executable <-- ROOTKIT !!! File C:\WINDOWS\system32\gaopdxdwswnkpm.dll 56832 bytes executable File C:\WINDOWS\system32\dllcache\twain.dll (size mismatch) 17920/94800 bytes executable File C:\WINDOWS\system32\dllcache\wamregps.dll (size mismatch) 9216/7168 bytes executable File C:\WINDOWS\system32\mqrt.dll (size mismatch) 663040/177152 bytes executable File C:\WINDOWS\system32\tasklist.exe (size mismatch) 78336/79360 bytes executable File C:\WINDOWS\system32\cisvc.exe (size mismatch) 58880/5632 bytes executable <-- ROOTKIT !!! File C:\WINDOWS\system32\H8SRTchbqpilklq.dll 40960 bytes executable File C:\WINDOWS\system32\H8SRTdlijwnsmpk.dat 173 bytes File C:\WINDOWS\system32\H8SRToyuypbijow.dll 23040 bytes executable File C:\WINDOWS\system32\H8SRTyitlogrrlf.dll 36864 bytes executable File C:\WINDOWS\system32\ie4uinit.exe (size mismatch) 121344/34304 bytes executable File C:\WINDOWS\system32\rwinsta.exe (size mismatch) 29696/16384 bytes executable File C:\WINDOWS\system32\sigverif.exe (size mismatch) 13312/71168 bytes executable File C:\WINDOWS\system32\usrsvpia.dll (size mismatch) 69700/41019 bytes executable File C:\WINDOWS\system32\credui.dll (size mismatch) 12800/165376 bytes executable File C:\WINDOWS\system32\msafd.dll (size mismatch) 14848/3584 bytes executable File C:\WINDOWS\system32\ati2edxx.dll (size mismatch) 268288/43520 bytes executable File C:\WINDOWS\system32\ltimg12n.dll (size mismatch) 131072/164864 bytes executable File C:\WINDOWS\Temp\H8SRT7fe9.tmp 244 bytes ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\cisvc.exe (Content Index service/Microsoft Corporation) [MANUAL] CiSvc <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ---- |
|
07.01.2010, 21:32
| #17 |
| /// TB-Ausbilder     | Malware Defense,Antivir Blocker,Kaspersky Blocker Hi,
__________________ nette Sammlung an Malware, die du da zusammengesucht hast.Ich würde dir raten auf jedenfall all deine Passwörter von einem sauberen Rechner aus zu ändern. Wahrscheinlich wäre das beste den Rechner neuaufzusetzen. Wir können versuchen die Malware zu bereinigen. Eventuell brauchen wir auch dafür die Windows-CD, hast du diese da? Ansonsten bitte mal TDSSKiller laufen lassen und poste danach ein neues Log von Gmer (nur C-Platte ist fein  ).Die Anleitung für TDSSKiller kannst du hier finden: Link lg myrtille
__________________ |
|
08.01.2010, 16:12
| #18 |
| |  Malware Defense,Antivir Blocker,Kaspersky Blocker Zu meinem Leidwesen,nein ich habe die windo*ws cd nicht mehr, meins ist unregistriert.
__________________Ich werde mir aber vorraussichtlich morgen ein "legales" holen  Das Tool werde ich heut abend mal benutzten,und die passwörter gleich mal ändern, danke für den tipp |
|
10.01.2010, 12:28
| #19 |
| /// TB-Ausbilder | Malware Defense,Antivir Blocker,Kaspersky Blocker Hi, irgendwelche Fortschritte? lg myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
|
19.01.2010, 00:39
| #20 |
| | Malware Defense,Antivir Blocker,Kaspersky Blocker Hallo und wie sieht es mit meinen log dateien aus? |
|
| Themen zu Malware Defense,Antivir Blocker,Kaspersky Blocker |
| antivir, avira, board, center, click compare deinstallieren, click compare entfernen, click compare löschen, click compare redirect, click compare virus, direkt, firewall, google, kaspersky, malware defender, malware defense, namens, neue, pop-ups, problem, programm, security, starten, trojaner, upgrade, viren |
Linear-Darstellung
