habe von der telekom ein brief bekommen, sind trojaner auf mein pc?

Chris4You · 20.08.2010, 06:47

Hi,

ja es sind u. a. Reste von Würmern auf dem PC...

Das was SUPERAntiSpyware gefunden hat sind Cookies, nichts schlimmes...

Lade das OTL-Log hier hoch:
Fileuplod:
File-Upload.net - Ihr kostenloser File Hoster!, hochladen und den Link (mit Löschlink) als "PrivateMail" an mich...

chris

Chris4You · 21.08.2010, 19:18

Hi,

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
[2010.06.06 03:42:24 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\toolbar@ask.com
O32 - AutoRun File - [2008.10.11 19:03:48 | 000,000,054 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{5fc4d1f3-23a7-11de-9f15-e4ff96c00dd0}\Shell - "" = AutoRun
O33 - MountPoints2\{5fc4d1f3-23a7-11de-9f15-e4ff96c00dd0}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found
O33 - MountPoints2\{5fc4d1f5-23a7-11de-9f15-e4ff96c00dd0}\Shell - "" = AutoRun
O33 - MountPoints2\{5fc4d1f5-23a7-11de-9f15-e4ff96c00dd0}\Shell\AutoRun\command - "" = M:\RunGame.exe -- File not found
O33 - MountPoints2\{5fc4d213-23a7-11de-9f15-e4ff96c00dd0}\Shell - "" = AutoRun
O33 - MountPoints2\{5fc4d213-23a7-11de-9f15-e4ff96c00dd0}\Shell\AutoRun\command - "" = N:\Autorun.exe -- File not found
O33 - MountPoints2\{82640234-24f3-11de-8d68-d15cbd9629c2}\Shell - "" = AutoRun
O33 - MountPoints2\{82640234-24f3-11de-8d68-d15cbd9629c2}\Shell\AutoRun\command - "" = O:\autorun.exe -- File not found
O33 - MountPoints2\{c20f525a-00dd-11de-924b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c20f525a-00dd-11de-924b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.)
:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Online bei virustotal.com untersuchen lassen und log posten:
C:\Windows\UA000096.DLL

chris

Farthecry · 22.08.2010, 20:52

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-17-May-2010-12-31-55-GMT folder moved successfully.
C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\toolbar@ask.com folder moved successfully.
File move failed. F:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fc4d1f3-23a7-11de-9f15-e4ff96c00dd0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fc4d1f3-23a7-11de-9f15-e4ff96c00dd0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fc4d1f3-23a7-11de-9f15-e4ff96c00dd0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fc4d1f3-23a7-11de-9f15-e4ff96c00dd0}\ not found.
File L:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fc4d1f5-23a7-11de-9f15-e4ff96c00dd0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fc4d1f5-23a7-11de-9f15-e4ff96c00dd0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fc4d1f5-23a7-11de-9f15-e4ff96c00dd0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fc4d1f5-23a7-11de-9f15-e4ff96c00dd0}\ not found.
File M:\RunGame.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fc4d213-23a7-11de-9f15-e4ff96c00dd0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fc4d213-23a7-11de-9f15-e4ff96c00dd0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fc4d213-23a7-11de-9f15-e4ff96c00dd0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fc4d213-23a7-11de-9f15-e4ff96c00dd0}\ not found.
File N:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82640234-24f3-11de-8d68-d15cbd9629c2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82640234-24f3-11de-8d68-d15cbd9629c2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82640234-24f3-11de-8d68-d15cbd9629c2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82640234-24f3-11de-8d68-d15cbd9629c2}\ not found.
File O:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c20f525a-00dd-11de-924b-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c20f525a-00dd-11de-924b-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c20f525a-00dd-11de-924b-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c20f525a-00dd-11de-924b-806e6f6e6963}\ not found.
File move failed. F:\Autorun.exe scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Standard
->Temp folder emptied: 18945525 bytes
->Temporary Internet Files folder emptied: 79286723 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 60307605 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 20920112 bytes
->Flash cache emptied: 4020 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3502453 bytes
RecycleBin emptied: 362650518 bytes
 
Total Files Cleaned = 520,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 08222010_004334

Files\Folders moved on Reboot...
File move failed. F:\Autorun.inf scheduled to be moved on reboot.
File move failed. F:\Autorun.exe scheduled to be moved on reboot.
C:\Users\Standard\AppData\Local\Temp\~DF3032.tmp moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KYGNDWBE\adsCAX3IVR4.htm moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6I5A2FRN\adsCAFM3L83.htm moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2KFI7X92\89508-habe-von-der-telekom-ein-brief-bekommen-sind-trojaner-auf-mein-pc-2[1].html moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2DW1FO4R\adsCACLQ2G7.htm moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File\Folder C:\Windows\temp\ZLT021a2.TMP not found!

Registry entries deleted on Reboot...

VIRUSTOTAL hat deine Datei durchsucht und einen trojaner gefunden warte hier ist der log davon

Code:

ATTFilter

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. 
File name: UA000096.DLL
Submission date: 2010-08-22 19:55:10 (UTC)
Current status: queued queued (#8) analysing finished


Result: 1/ 42 (2.4%)
 VT Community

not reviewed
 Safety score: -  
Compact Print results Antivirus Version Last Update Result 
AhnLab-V3 2010.08.22.00 2010.08.21 - 
AntiVir 8.2.4.38 2010.08.20 - 
Antiy-AVL 2.0.3.7 2010.08.16 - 
Authentium 5.2.0.5 2010.08.22 - 
Avast 4.8.1351.0 2010.08.22 - 
Avast5 5.0.332.0 2010.08.22 - 
AVG 9.0.0.851 2010.08.22 - 
BitDefender 7.2 2010.08.22 - 
CAT-QuickHeal 11.00 2010.08.21 - 
ClamAV 0.96.2.0-git 2010.08.22 - 
Comodo 5821 2010.08.22 - 
DrWeb 5.0.2.03300 2010.08.22 - 
Emsisoft 5.0.0.37 2010.08.22 - 
eSafe 7.0.17.0 2010.08.22 - 
eTrust-Vet 36.1.7804 2010.08.21 - 
F-Prot 4.6.1.107 2010.08.22 - 
F-Secure 9.0.15370.0 2010.08.22 - 
Fortinet 4.1.143.0 2010.08.22 - 
GData 21 2010.08.22 - 
Ikarus T3.1.1.88.0 2010.08.22 - 
Jiangmin 13.0.900 2010.08.21 - 
Kaspersky 7.0.0.125 2010.08.22 - 
McAfee 5.400.0.1158 2010.08.22 - 
McAfee-GW-Edition 2010.1B 2010.08.22 - 
Microsoft 1.6103 2010.08.22 - 
NOD32 5386 2010.08.22 - 
Norman 6.05.11 2010.08.22 - 
nProtect 2010-08-22.01 2010.08.22 - 
Panda 10.0.2.7 2010.08.22 - 
PCTools 7.0.3.5 2010.08.22 - 
Prevx 3.0 2010.08.22 - 
Rising 22.61.06.04 2010.08.22 - 
Sophos 4.56.0 2010.08.22 - 
Sunbelt 6776 2010.08.22 - 
SUPERAntiSpyware 4.40.0.1006 2010.08.22 Rogue.Agent/Gen-Nullo[DLL] 
Symantec 20101.1.1.7 2010.08.22 - 
TheHacker 6.5.2.1.353 2010.08.22 - 
TrendMicro 9.120.0.1004 2010.08.22 - 
TrendMicro-HouseCall 9.120.0.1004 2010.08.22 - 
VBA32 3.12.14.0 2010.08.20 - 
ViRobot 2010.8.18.3995 2010.08.22 - 
VirusBuster 5.0.27.0 2010.08.21 - 
Additional informationShow all  
MD5   : 991ede3b2b010957b5dc2bd21a16a598 
SHA1  : 3ebf0c2d17814cca434737a49ee0a22fa85672bb 
SHA256: 854f7e80f4c702276da31356f60a254fc7a0390d2e74cdfc28430f2708073f38

Chris4You · 23.08.2010, 20:56

Hi,

das sieht eher wie ein Fehlalarm aus...
Nenne die Datei einfach mal um, hänge ein .vir an...

chris

Farthecry · 23.08.2010, 23:21

ok hab ich gemacht. was könnte ich jetzt noch machen?? damit ich sicher sein kann das keine Würmer mehr auf dem pc ihr unwesen treiben?? =)
Aber ich muss sagen mein Pc läuft schon sehr schneller
=)

Chris4You · 24.08.2010, 08:13

Hi,

lass noch mal bitte GMER im abgesicherten Modus (F8 beim Booten) laufen
http://www.trojaner-board.de/74908-a...t-scanner.html...

chris

Farthecry · 26.08.2010, 09:53

hi ok hab es gemacht im abgesicherten modus.

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-26 10:47:25
Windows 6.0.6002 Service Pack 2
Running: mzk247qp.exe; Driver: C:\Users\Standard\AppData\Local\Temp\pwldrkog.sys


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                   771343423
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                   285507792
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                   2
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                     
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                  0x50 0x6D 0x90 0x02 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                  C:\Program Files\DAEMON Tools Pro\
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                  0
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                               0xE0 0x8C 0x3F 0xA1 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                            
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                      0xED 0x97 0x93 0xE5 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                       
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                 0x0D 0x52 0x9C 0x35 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                       
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                 0x51 0x41 0x26 0xAC ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2                       
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                 0x13 0xC4 0xF1 0xF7 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  1
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0x29 0xE0 0x9C 0x44 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Program Files\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x61 0xA0 0x0E 0x60 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x83 0x64 0xF2 0x4E ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                      
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0x7E 0x2F 0x8F 0xB7 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                 
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                      0x50 0x6D 0x90 0x02 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                      C:\Program Files\DAEMON Tools Pro\
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                      0
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                   0xE0 0x8C 0x3F 0xA1 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)        
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                          0xED 0x97 0x93 0xE5 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)   
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                     0x0D 0x52 0x9C 0x35 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)   
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                     0x51 0x41 0x26 0xAC ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)   
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                     0x13 0xC4 0xF1 0xF7 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      1
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x29 0xE0 0x9C 0x44 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x61 0xA0 0x0E 0x60 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x83 0x64 0xF2 0x4E ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x7E 0x2F 0x8F 0xB7 ...

---- EOF - GMER 1.0.15 ----

Chris4You · 26.08.2010, 10:23

Hi,

sind Einträge von Daemontools, werden auch beim Löschen nicht entfernt, dazu braucht man ein "spezielles" Programm ()...

Sonst sieht es soweit gut aus, noch Auffälligkeiten?

chris
Falls Du die Datei los werden willst:
SPTD.SYS entfernen

Normalerweise gehört die Datei sptd.sys zu Daemontools bzw. Alcohol180, wird aber bei deren deinstallation nicht mit entfernt, daher:
Zur vollautomatischen Deinstallation von SPTD.SYS kannst Du ein SPTD Entfernungstool (DuplexSecure - Downloads) nutzen.
Beachte die unterschiedlichen Versionen für 32bit und 64bit Systeme.
Starte die Datei und wählen Uninstall aus. Anschließend neu booten. Eventuell muss dann Nero neu installiert bzw. repariert werden.

Farthecry · 29.08.2010, 08:43

Danke chris4you, für deine Hilfe.

Mein pc läuft wieder sehr gut=)
du hast dir zeit genommen für die pc viren, Danke

Mfg farthecry

Ps. ist die datei von deamon tools schlimm oder kann ich die drauf lassen

Chris4You · 29.08.2010, 14:20

Hi,

die Datei kannst Du auch auf dem Rechner lassen...

chris

habe von der telekom ein brief bekommen, sind trojaner auf mein pc?

Log-Analyse und Auswertung: habe von der telekom ein brief bekommen, sind trojaner auf mein pc?