Notebook langsam - mein Log-File

claudi66

hey danke für die schnelle Antwort

habe gleich versucht den Anweisungen zu folgen

also:
1)
hijack --> alles gelöscht

2)
advapi32q.exe
________________________________________
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.5.10.0 2008.05.10 -
AntiVir 7.8.0.17 2008.05.11 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.05.11 -
Avast 4.8.1169.0 2008.05.11 -
AVG 7.5.0.516 2008.05.11 Agent.ULY
BitDefender 7.2 2008.05.08 -
CAT-QuickHeal 9.50 2008.05.10 Backdoor.IRCBot.cub
ClamAV 0.92.1 2008.05.12 -
DrWeb 4.44.0.09170 2008.05.12 -
eSafe 7.0.15.0 2008.05.12 Suspicious File
eTrust-Vet 31.4.5781 2008.05.12 -
Ewido 4.0 2008.05.11 -
F-Prot 4.4.2.54 2008.05.12 -
F-Secure 6.70.13260.0 2008.05.12 Backdoor.Win32.IRCBot.cub
Fortinet 3.14.0.0 2008.05.12 W32/IRCBot.CUB!tr.bdr
GData 2.0.7306.1023 2008.05.12 Backdoor.Win32.IRCBot.cub
Ikarus T3.1.1.26.0 2008.05.12 Backdoor.Win32.Bifrose.afc
Kaspersky 7.0.0.125 2008.05.12 Backdoor.Win32.IRCBot.cub
McAfee 5292 2008.05.10 -
Microsoft 1.3408 2008.05.12 -
NOD32v2 3092 2008.05.12 -
Norman 5.80.02 2008.05.09 -
Panda 9.0.0.4 2008.05.11 -
Prevx1 V2 2008.05.12 System Back Door
Rising 20.44.02.00 2008.05.12 -
Sophos 4.29.0 2008.05.12 Mal/Generic-A
Sunbelt 3.0.1114.0 2008.05.12 -
Symantec 10 2008.05.12 -
TheHacker 6.2.92.307 2008.05.12 Backdoor/IRCBot.cub
VBA32 3.12.6.5 2008.05.12 Backdoor.Win32.IRCBot.cub
VirusBuster 4.3.26:9 2008.05.11 -
Webwasher-Gateway 6.6.2 2008.05.11 Trojan.Crypt.XPACK.Gen
weitere Informationen
File size: 41984 bytes
MD5...: cfa7ef28a01ae79a4c392ecddb874bf5
SHA1..: 8441997d4df78be56cef47d890b39684f8e9b09d
SHA256: 2864560bd96279118455ecef088908904e75c78f11eecbf75f81177d19de0d5b
SHA512: a32051743076c2cc64e361667cf286c952a36aaf75f1d8966c52991231f8a7b8
4e07644aa433bf7b3a61422a6d15f152e09af2823e417c1cda489610e3c823be
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40e000
timedatestamp.....: 0x4808c738 (Fri Apr 18 16:07:20 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xb434 0x5e00 7.99 d8e33ed61df565ce4096339871a6fbb2
.rsrc 0xd000 0x10 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.hdlv 0xe000 0x26ff 0x3000 6.42 1c074bca75c6b8a13b5c9fdb388aa3f5
.idata 0x11000 0xaa 0x1000 0.25 3fee56fa4d8b5f2aa03153ec45134f59

( 2 imports )
> kernel32.dll: VirtualQuery, GetLastError
> gdi32.dll: CancelDC

( 0 exports )

Prevx info: http://info.prevx.com/aboutprogramte...A24900B0CD13A0

___________________________________________________________________

1028q.exe

o bytes size received / se ha recibido unarchivo vacio

3)
avenger.txt:


Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "qandr" found!
DisplayName: qandr
ImagePath: \??\C:\WINDOWS\system32\drivers\qandr.sys
Start Type: 2 (Automatic)

Rootkit scan completed.

File "c:\windows\system32\ihlqdjyu.dll" deleted successfully.

Error: could not open file "c\windows\system32\crypts.dll"
Deletion of file "c\windows\system32\crypts.dll" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.


so jetzt hab ich glaub alles...