Beiträge von SunnyJilu

Danke für die antwort! Hab jetzt das programm durchlaufen lassen (spybot und gmer) und hier nun das ergebnis Muss es leider in 4 posts aufteilen! Also sry!

GMER 1.0.15.15077 [37fx8hot.exe] - GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-22 20:45:03
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT sppx.sys ZwCreateKey [0xF74B70E0]
SSDT sppx.sys ZwEnumerateKey [0xF74D5CA2]
SSDT sppx.sys ZwEnumerateValueKey [0xF74D6030]
SSDT sppx.sys ZwOpenKey [0xF74B70C0]
SSDT sppx.sys ZwQueryKey [0xF74D6108]
SSDT sppx.sys ZwQueryValueKey [0xF74D5F88]
SSDT sppx.sys ZwSetValueKey [0xF74D619A]

INT 0x62 ? 8636EBF8
INT 0x63 ? 86135BF8
INT 0x82 ? 8636EBF8
INT 0x83 ? 86135BF8
INT 0xA4 ? 86135BF8
INT 0xB4 ? 86135BF8

---- Kernel code sections - GMER 1.0.15 ----

? sppx.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload F660E8AC 5 Bytes JMP 861351D8
.text a9zx6qq4.SYS F643A386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a9zx6qq4.SYS F643A3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a9zx6qq4.SYS F643A3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a9zx6qq4.SYS F643A3C9 1 Byte [2E]
.text a9zx6qq4.SYS F643A3C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 28001E20 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 28001C60 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 28001BE0 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 28001EE0 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 28001CF0 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 28001F50 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 28001840 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] kernel32.dll!FindResourceExA 7C835FA8 7 Bytes JMP 28001D80 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0056DBBD C:\Programme\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] kernel32.dll!OutputDebugStringW 7C85B405 5 Bytes JMP 28001FB0 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] ADVAPI32.dll!CryptDeriveKey 77DB9FFD 7 Bytes JMP 28001000 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 28001060 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 280046C0 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] USER32.dll!SetWindowPlacement 7E36DE46 5 Bytes

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [searchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DHTray] C:\WINDOWS\system32\DHTray.exe
O4 - HKLM\..\Run: [A0380mon] C:\WINDOWS\system32\A0380mon.exe
O4 - HKLM\..\Run: [uVS11 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ASKService - Unknown owner - C:\Programme\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Unknown owner - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
End of file - 9362 bytes

Huhu,
also erstmal sorry wenn es zu diesem Virus schon einen Thread gibt! Wenn, bitte link geben. Danke!
Hab den virus win32/cryptor auf dem laptop...Es blinkt ca alle 30min mein virenprogi auf das immer 2 dateien aufzeigt welches von dem virus befallen ist.Ich klicke auf entfernen,aber es sind immer neue dateien die befallen sind.Immer in den ordnern temp und temporary internet files (welcher soo garnicht existiert...).Hab den virus gegoogelt&auf einen seiten stand das ich einfach malwarebytes durchlaufen lassen soll&die andren meinten das ich bestimmte dateien löschen soll.Nun, malware hab ich 3 mal durchlaufen lassen.Des hat den virus ned mal gefunden!Und die dateien die ich löschen soll,gibz nicht °° Also wie bekomm ich dieses ding los?? Hier mal mein logfile von hijack. Help I need somebody!;_;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:23:16, on 22.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AskBarDis\bar\bin\AskService.exe
C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\DHTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe
C:\Programme\Eraser\Eraser.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Opera\Opera.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programme\Gemeinsame Dateien\Adobe\Updater6\Adobe_Updater.exe
C:\Programme\Vuze\Azureus.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

Fortsetzung im nächsten post....