Hallo.

Kann mir jemand bitte helfen. seit paar tagen gehen einige programme nach start von alleine gleich wieder zu. was kann man machen? habe schon antivirus upgedated und laufel lassen er hat 2 sachen entfernt. habe alles aus autostart entfernt was nicht noetig schien - es hat aber alles nichts gebracht.

danke im voraus

Hallo und

Zitat:

er hat 2 sachen entfernt.

Was wurde genau gefunden? Namen und Pfad. Poste am Besten das Log von Antivirus.

Welche Programme schließen sich und welche bleiben offen?

ciao, andreas

Hallo, Andreas...

danke fuer die schnelle antwort...

also gleich schliessen tun sich vuze und gom player...das ist was ich soweit festgestellt habe.....

wenn ich recht vestehe ist das was du meintest:



Avira AntiVir Personal
Report file date: 30 июля 2009 г. 23:19

Scanning for 1576882 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Save mode with network
Username : ***
Computer name : ***

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 03.06.2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 11.05.2009 06:14:47
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.02.2009 07:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 08:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.02.2009 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 09:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24.06.2009 12:07:58
ANTIVIR2.VDF : 7.1.4.253 1779200 Bytes 19.07.2009 11:19:02
ANTIVIR3.VDF : 7.1.5.44 338432 Bytes 29.07.2009 13:29:33
Engineversion : 8.2.0.234
AEVDF.DLL : 8.1.1.1 106868 Bytes 30.04.2009 08:52:04
AESCRIPT.DLL : 8.1.2.21 450939 Bytes 28.07.2009 20:42:36
AESCN.DLL : 8.1.2.4 127348 Bytes 24.07.2009 10:49:54
AERDL.DLL : 8.1.2.4 430452 Bytes 14.07.2009 22:02:02
AEPACK.DLL : 8.1.3.18 401783 Bytes 27.05.2009 13:07:20
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 26.06.2009 12:08:06
AEHEUR.DLL : 8.1.0.147 1884536 Bytes 28.07.2009 20:42:32
AEHELP.DLL : 8.1.5.3 233846 Bytes 24.07.2009 10:49:54
AEGEN.DLL : 8.1.1.51 352629 Bytes 28.07.2009 20:42:30
AEEMU.DLL : 8.1.0.9 393588 Bytes 09.10.2008 11:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 24.07.2009 10:49:53
AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 11:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 05:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05.12.2008 07:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20.01.2009 11:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 07:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 12:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 07:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 12:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 05:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 07:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.05.2009 12:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17.04.2009 07:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 30 июля 2009 г. 23:19

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '57' files ).


Starting the file scan:

Begin scan in 'C:\' <win>
C:\Documents and Settings\Владелец\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
[0] Archive type: NSIS
--> ProgramFilesDir/GVC.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Владелец\Local Settings\Application Data\Installer2144\payloads\AdobeExtendScriptToolkit2.0.2All\AdobeExtendScriptToolkit2.0.2All1.cab
[0] Archive type: CAB (Microsoft)
--> _71_cf5a7bb2c3d5bcd0eccdf6b1cdee42a3
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Владелец\Local Settings\Temporary Internet Files\Content.IE5\MFIJETE9\rsd_en_4[1].exe
[0] Archive type: NSIS
--> rs_un.bin
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <PROGRAMS>
D:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
D:\System Volume Information\_restore{72D17CA6-E1FF-4178-A94A-66363658A388}\RP1\A0000028.exe
[DETECTION] Is the TR/Spy.31518 Trojan
D:\System Volume Information\_restore{72D17CA6-E1FF-4178-A94A-66363658A388}\RP1\A0000029.exe
[DETECTION] Is the TR/Agent.249344.B Trojan
Begin scan in 'E:\' <Work>
E:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
E:\9cfbfe061ce4cdd8517e306b94\DeleteTemp.exe
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\dlmgr.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\DW20.EXE
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\DWINTL20.DLL
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\gencomp.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\HtmlLite.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\RebootStub.exe
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\runmsi.exe
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setup.exe
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.1025.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.1028.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.1029.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.1030.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.1031.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.1032.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.1035.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.1036.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.1037.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.1038.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.1040.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.1041.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.1042.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.1043.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.1044.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.1045.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.1046.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.1049.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.1053.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.1055.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.2052.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.2070.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.3082.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\setupres.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\SITSetup.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\vs70uimgr.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\vsbasereqs.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\vsscenario.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\vs_setup.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.1025.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.1028.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.1029.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.1030.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.1031.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.1032.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.1035.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.1036.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.1037.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.1038.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.1040.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.1041.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.1042.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.1043.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.1044.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.1045.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.1046.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.1049.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.1053.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.1055.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.2052.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.2070.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.3082.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapRes.dll
[WARNING] The file could not be opened!
E:\9cfbfe061ce4cdd8517e306b94\WapUI.dll
[WARNING] The file could not be opened!

Beginning disinfection:
D:\System Volume Information\_restore{72D17CA6-E1FF-4178-A94A-66363658A388}\RP1\A0000028.exe
[DETECTION] Is the TR/Spy.31518 Trojan
[NOTE] The file was moved to '4aa21084.qua'!
D:\System Volume Information\_restore{72D17CA6-E1FF-4178-A94A-66363658A388}\RP1\A0000029.exe
[DETECTION] Is the TR/Agent.249344.B Trojan
[NOTE] The file was moved to '4b032e45.qua'!


End of the scan: 31 июля 2009 г. 00:27
Used time: 1:08:17 Hour(s)

The scan has been done completely.

22574 Scanned directories
516450 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
66 Files cannot be scanned
516382 Files not concerned
3434 Archives were scanned
72 Warnings
4 Notes

Um die Funde von Avira musst du dir keine ernsthaften Sorgen machen. Vuze ist eine Virenschleuder und das hätte ich dich sowieso deinstallieren lassen.

Den GomPlayer kenne ich nicht. Ich empfehle üblicherweise den KM-Player, den nutze ich selbst, der spielt alles ab, das Teil ist problemlos.

Klicke auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab.

ciao, andreas

Hallo Andreas,

danke habe die 3 programme durchlaufen lassen - jetzt funktioniert alles wieder

vielen DANK!

Du sollst hier die Logs posten.

Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des System durch einen Wiederherstellungspunkt das System wahrscheinlich wieder infizieren würde.
Nach Neustart kann sie wieder aktiviert werden.

Du bist entlassen.

ciao, andreas