Wie virus "ms antispyware 2009" entfernen?

rcoyet · Jan 28, 2009

Hallo

Ich habe die folgende problem. Am sontag habe ich mein pc verwendet ohne probleme, sontag abend um 8 bin ich fort gegangen und als ich zurück kam ungefähr 30 minuten später und die internet verwenden wollte ist dauerhaft pop-ups und ungewollte seiten raufgekommen. Ich habe mein pc sofort von netzwerk getrennt und neugestartet.

Ich habe in regedit unter run die schlüssel ms antispyware 2009 entfernt, und ich habe ein ordner mit die selbe name unter all users gefunden und auch entfernt.
Ich habe alle cookies, temporäry datein und history gelöscht, und firefox installiert und mit avg antivirus ein scan gemacht aber nichts gefunden.

Jetzt wenn ich mein pc starte funktioniert alles einwandfrei bis ich ins internet will. Als startseite kommt google ohne probleme aber nachher egal was ich mache kommt immer irgendeine andere website die ich nicht brauche.

Ich verwende windows xp SP3

Ich poste mal ein hijack log und ein avira scan log

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kodak\Document Imaging\KDSEvents.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Common Files\AOL\1188391466\ee\AOLSoftware.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\4Team Corporation\Sync2\Sync2.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\WatermarkTech\volumeFINANCE\volumeFINANCE.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\User\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://updates.installshield.com/GetUpdates.asp?p={505AFDC0-5E72-4928-8368-5DEA385E3647}&r=12.0&v=ISUA%204.10&u={45D2390E-92A8-4E9A-A20B-FC5363BE19DC}&l=1033
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {54B02808-B60E-44CD-A72D-9865117E4E62} - No File
BHO: AGFormHelperObj Class: {6620e618-1ab9-4eb2-aca4-cbbe9066dbe6} - c:\program files\agat\agform\AGFormsHelper.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
TB: AGForms: {ed2e7de7-07db-4941-a06d-f780b93ba730} - c:\program files\agat\agform\AGForms.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Babylon: {965b54b0-71e0-4611-8de7-f73fa0b20e26} - c:\program files\babylon\babylon-pro\babylon toolbar\BabylonIEToolBar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [<NO NAME>]
uRun: [Sync2] "c:\program files\4team corporation\sync2\Sync2.exe" /background
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [kds_i30_i40] c:\program files\kodak\document imaging\KDSEvents.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\ssmmgr.exe /autorun
mRun: [HostManager] c:\program files\common files\aol\1188391466\ee\AOLSoftware.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\user\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\buffal~1.lnk - c:\program files\buffalo\nasnavi\NasNavi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn311\wlancfg5.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168615742487
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
TCP: {F7790C75-6058-47C0-A9E6-0CACC7221532} = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\gqpqvy0c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-26 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-11-8 26824]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_0\bin\fbserver.exe -s --> c:\program files\firebird\firebird_2_0\bin\fbserver.exe -s [?]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-26 231704]
R4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_0\bin\fbguard.exe -s --> c:\program files\firebird\firebird_2_0\bin\fbguard.exe -s [?]
R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-4-17 12856]
R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-7-9 45848]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S1 KdsMm;KdsMm;\??\c:\windows\system32\drivers\kdsmm.sys --> c:\windows\system32\drivers\kdsmm.sys [?]
S3 ATHFMWDL;XCONX 11b/g Wireless Adapter Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2006-11-8 43264]
S3 atidgllk;atidgllk;\??\c:\program files\asus\smartdoctor\atidgllk.sys --> c:\program files\asus\smartdoctor\atidgllk.sys [?]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-01-26 11:39 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-26 10:22 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-26 10:22 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-26 10:22 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-26 10:22 <DIR> --d----- c:\program files\AVG
2009-01-26 10:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-07 15:02 <DIR> --d----- c:\docume~1\user\applic~1\Blackberry Desktop
2009-01-07 14:29 <DIR> --d----- c:\docume~1\user\applic~1\Research In Motion

==================== Find3M ====================

2008-12-11 11:57 333,184 a------- c:\windows\system32\drivers\srv.sys
2008-12-08 17:58 542,224 a------- c:\windows\system32\shareLite3.dll
2008-12-08 17:01 472,592 a------- c:\windows\system32\Lib4Team.dll
2008-11-30 14:59 1,377,349 a------- C:\CWOS_inst.exe
2008-11-30 14:58 1,379,634 a------- C:\security_outlook.zip
2006-12-04 11:57 35,232 a------- c:\windows\inf\wpn311\ME_INST.EXE
2006-12-04 11:57 26,112 a------- c:\windows\inf\wpn311\install.exe
2006-07-05 05:33 472,000 a------- c:\windows\inf\wpn311\WPN311.sys
2007-06-19 16:10 608 a--sh--- c:\windows\system32\winzvprt5.sys

============= FINISH: 21:12:50.45 ===============

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 09:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 12:30:36
ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 14/01/2009 14:16:01
ANTIVIR2.VDF : 7.1.1.172 958464 Bytes 23/01/2009 14:16:06
ANTIVIR3.VDF : 7.1.1.187 184832 Bytes 27/01/2009 14:16:07
Engineversion : 8.2.0.60
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
AESCRIPT.DLL : 8.1.1.32 340347 Bytes 27/01/2009 14:16:13
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 16:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 14:58:38
AEPACK.DLL : 8.1.3.5 393588 Bytes 27/01/2009 14:16:12
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 27/01/2009 14:16:11
AEHEUR.DLL : 8.1.0.86 1552759 Bytes 27/01/2009 14:16:10
AEHELP.DLL : 8.1.2.0 119159 Bytes 27/01/2009 14:16:09
AEGEN.DLL : 8.1.1.10 323957 Bytes 27/01/2009 14:16:08
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 27/01/2009 14:16:07
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 13:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 27 January 2009 14:19

Starting search for hidden objects.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP\AVSCAN-20090127-141954-74D0C008\AVSCAN-00000004.dll
[0] Archive type: HIDDEN
[INFO] The file is not visible.
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP\AVSCAN-20090127-141954-74D0C008\AVSCAN-00000004.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.JW back-door program
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP\AVSCAN-20090127-141954-74D0C008\AVSCAN-00000009.sys
[0] Archive type: HIDDEN
[INFO] The file is not visible.
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP\AVSCAN-20090127-141954-74D0C008\AVSCAN-00000009.sys
[DETECTION] Contains recognition pattern of the RKIT/TDss.G.22 root kit
c:\windows\system32\drivers\tdssmqlt.sys
[DETECTION]
[WARNING] The file was ignored!
c:\windows\system32\tdssbrsr.dll
[INFO] The file is not visible.
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adb back-door program
[INFO] No SpecVir entry was found!
c:\windows\system32\tdsslxwp.dll
[INFO] The file is not visible.
c:\windows\system32\tdssoiqh.dll
[DETECTION]
[INFO] No SpecVir entry was found!
c:\windows\system32\tdssosvd.dat
[INFO] The file is not visible.
c:\windows\system32\tdssriqp.dll
[INFO] The file is not visible.
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acs back-door program
[INFO] No SpecVir entry was found!
c:\windows\system32\tdsstkdu.log
[INFO] The file is not visible.
c:\windows\system32\tdssxfum.dll
[INFO] The file is not visible.
[DETECTION] Is the TR/TDss.AT.518 Trojan
[INFO] No SpecVir entry was found!
c:\documents and settings\user\local settings\temp\tdssfd79.tmp
[INFO] The file is not visible.
c:\documents and settings\user\local settings\temp\tdssfd89.tmp
[INFO] The file is not visible.
[DETECTION] Is the TR/Patched.CL Trojan
[INFO] No SpecVir entry was found!
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\modules
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\start
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\type
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\imagepat h
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\group
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\modules
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\start
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\type
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\imagepat h
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys\group
[INFO] The registry entry is invisible.
'53879' objects were checked, '20' hidden objects were found.

The scan of running processes will be started
Scan process 'volumeFINANCE.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'FNPLicensingService.exe' - '1' Module(s) have been scanned
Scan process 'fbserver.exe' - '1' Module(s) have been scanned
Scan process 'NasNavi.exe' - '1' Module(s) have been scanned
Scan process 'sistray.exe' - '1' Module(s) have been scanned
Scan process 'wlancfg5.exe' - '1' Module(s) have been scanned
Scan process 'Sync2.exe' - '1' Module(s) have been scanned
Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'avgtray.exe' - '1' Module(s) have been scanned
Scan process 'RIMAutoUpdate.exe' - '1' Module(s) have been scanned
Scan process 'Babylon.exe' - '1' Module(s) have been scanned
Scan process 'Acrotray.exe' - '1' Module(s) have been scanned
Scan process 'googletalk.exe' - '1' Module(s) have been scanned
Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
Scan process 'LogMeInSystray.exe' - '1' Module(s) have been scanned
Scan process 'KDSEvents.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'avgrsx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned
Scan process 'ramaint.exe' - '1' Module(s) have been scanned
Scan process 'KService.exe' - '1' Module(s) have been scanned
Scan process 'fbguard.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

57 processes with 57 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '68' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\User\Local Settings\Temp\TMP11.tmp
[DETECTION] Is the TR/Waledac.399360.1.1 Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\User\Local Settings\Temp\TMP120.tmp
[DETECTION] Is the TR/Waledac.399360.1.1 Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\User\Local Settings\Temp\TMP4.tmp
[DETECTION] Is the TR/Proxy.Gen Trojan
[WARNING] The file was ignored!

End of the scan: 27 January 2009 20:36
Used time: 6:16:28 Hour(s)

The scan has been done completely.

9274 Scanning directories
275590 Files were scanned
9 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
275580 Files not concerned
2026 Archives were scanned
5 Warnings
0 Notes
53879 Objects were scanned with rootkit scan
20 Hidden objects were found

Kann mir jemand bitte helfen was ich tun soll, ausser format und neuinstallation?

Vielen Dank

-humi- · Jan 28, 2009

nutz bitte die Ändern Funktion und lösche die Logs raus... HJT Log seh ich sowieso nicht

anschl.:
lasse dein system bitte mittels rsit scannen und poste das Log
wenn möglich poste das Log als Anhang (txt Datei)

weiters:
lasse bitte dein System mit >Malwarebytes Anti-Malware< Scannen- lasse vorerst nichts beheben, und poste hier das log

das krieg ma schon hin

Log in or Sign up

Wie virus "ms antispyware 2009" entfernen?

rcoyet Byte

-humi- Joker

Share This Page