Home » Viren, Trojaner & Malware Forum » W32.HLLW.Torvel.B@mm und glaub noch en paar andere :( » Themenansicht
W32.HLLW.Torvel.B@mm und glaub noch en paar andere :( |
||
|---|---|---|
| #0
| ||
|
13.05.2004, 16:50
...neu hier
Themenstarter Beiträge: 10 |
||
 
|
|
|
|
14.05.2004, 09:40
Ehrenmitglied
 Beiträge: 29434 |
#17
o.k.der eine Wurm ist weg und nun muss noch der andere weg, der deine Startseite verstellt.
Ich poste dir noch mal die Seite, weil du sie ja (wegen dem Wurm) nicht aufrufen kannst. Wenn C:\PROGRA~1\INTERN~1\iexplore.exe,1 entfernt ist und dein Server neu eingestellt, poste das Log noch einmal. #Deaktiviere die Wiederherstellung http://www.bsi.de/av/texte/winsave.htm #Gehe in den abgesicherten Modus (F8 beim Hochfahren druecken, loesche manuell alles, was zu finden ist(wie es von Symantec erklaert wird) und scanne dann mit deinem Antivirus) #stelle den Server neu ein #poste das Log noch mal. MfG Sabina ------------------------------------------------------------------------------------------------------------ quote]Sabina postete When you open an infected file, VBS.Voodoo.A changes the Value data of the following registry keys to 0 (zero): HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Internet Settings\Zones\0\1201 HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Internet Settings\Zones\0\1201 This reduces the security protection that is provided by Microsoft Internet Explorer to a level that is less safe. The virus then infects .htm, .htm and .htt files that are located either in the same folder as the virus, or in the following locations: C:\ C:\Windows\Desktop C:\Windows\Web C:\Windows\Web\Wallpaper C:\Windows\Help C:\Windows\Temp C:\My Documents C:\Program Files\Microsoft Office\Office\Headers C:\Program Files\Internet Explorer\Connection Wizard C:\Inetpub\wwwroot By inserting virus code into .htt files, the virus is executed every time that you click in the left pane of Windows Explorer. The virus also changes the .html file icon to the Recycle Bin icon. Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices": * Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended Thread have less avenues of attack and you have fewer services to maintain through patch updates. * If a blended Thread exploits one or more network services, disable, or block access to, those services until a patch is applied. * Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services. * Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised. * Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files. * Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media. * Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched. To remove this virus, delete files detected as VBS.Voodoo.A, and then undo the changes made to the registry. To remove this worm: 1. Run LiveUpdate to make sure that you have the most recent virus definitions. 2. Start Norton AntiVirus (NAV), and run a full system scan, making sure that NAV is set to scan all files. 3. Delete any files detected as VBS.Voodoo.A. To edit the registry: CAUTION: We strongly recommend that you back up the system registry before making any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Please make sure you modify only the keys specified. Please see the document How to back up the Windows registry before proceeding. 1. Click Start, and click Run. The Run dialog box appears. 2. Type regedit and then click OK. The Registry Editor opens. 3. Navigate to the following key: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Internet Settings\Zones\0 4. In the right pane, double-click the value 1201 5. Change the number in the Value data box to 0 and then click OK. 6. Navigate to the following key: HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Internet Settings\Zones\0 7. In the right pane, double-click the value 1201 8. Change the number in the Value data box to 0 and then click OK. 9. Navigate to the following key: HKEY_CLASSES_ROOT\htmlfile\DefaultIcon\ 10. In the right pane, double-click (Default). 11. Changed the contents of the Value data box to the following, and then click OK: C:\PROGRA~1\INTERN~1\iexplore.exe,1 12. Exit the Registry Editor. __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 14.05.2004 um 09:52 Uhr von Sabina editiert.
|
|
|
|
|
|
|
31.05.2004, 12:07
Member
Beiträge: 13 |
#18
hallo ich hab das selbe prob nur etwas schlimmer ich kann keine Programme mehr aus füren nix komme nicht in die reg kann kein viren scanner starten nix
PLZ help :-/ |
|
|
|
|
|
|
31.05.2004, 13:05
Ehrenmitglied
Beiträge: 29434 |
#19
Kannst du noch den HijackThis laden , scannen, save und das SaveLog mit der Maus kopieren ???.........ins Forum
http://www.spychecker.com/download/download_hijackthis.html Wenn das auch nicht mehr geht, hilft vielleicht noch einen Wiederherstellung .und wenn das auch nicht geht, wirst du um einen Neuinstallation wohl nicht herumkommen.... MfG Sabina __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 31.05.2004 um 13:06 Uhr von Sabina editiert.
|
|
|
|
|
|
|
31.05.2004, 13:34
Member
Beiträge: 13 |
#20
Running processes:
C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/de/deu/gen/default.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/de/deu/gen/default.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/de/deu/gen/default.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank F2 - REG:system.ini: Shell=Explorer.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {ce3cd3a2-ccb1-4da4-a849-481a2a7d84cd} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {dfc847fd-5985-4be8-bec1-76a02a34d4dc} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.eu.istaria.com/controls/launcher.ocx O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37939.843287037 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A7ABEF3D-7A3C-411B-A5E1-0DD21DEC9626}: NameServer = 192.168.0.1 is der scan im abgesicherten modus |
|
|
|
|
|
|
31.05.2004, 13:40
Moderator
Beiträge: 7805 |
#21
Fix das mal im abgesicherten Modus:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank F2 - REG:system.ini: Shell=Explorer.exe O2 - BHO: (no name) - {ce3cd3a2-ccb1-4da4-a849-481a2a7d84cd} - (no file) O3 - Toolbar: (no name) - {dfc847fd-5985-4be8-bec1-76a02a34d4dc} - (no file) Poste bitte auch eine Startuplist: Hijackthis Starten/config/misctools/generate startuplist. Wenn du noch etwas herunterladen kannst, solltest du auch mal diesen Scanner herunterladen und dann im abgesicherten Modus deinen Rechner pruefen lassen.... http://www.mwti.net/antivirus/free_utilities.asp __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
31.05.2004, 13:52
Member
Beiträge: 13 |
#22
StartupList report, 31.05.2004, 13:48:33
StartupList version: 1.52 Started from : C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\HijackThis.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options * Including empty and uninteresting sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run WINDVDPatch = CTHELPER.EXE RemoteControl = C:\WINDOWS\System32\rmctrl.exe NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup NeroCheck = C:\WINDOWS\system32\NeroCheck.exe CTHelper = CTHELPER.EXE nwiz = nwiz.exe /install type32 = "C:\Programme\Microsoft IntelliType Pro\type32.exe" IntelliPoint = "C:\Programme\Microsoft IntelliPoint\point32.exe" CloneDVDElbyDelay = "C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit ccApp = "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe MSMSGS = "C:\Programme\Messenger\msmsgs.exe" /background -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = C:\I386\SVCHOST.EXE "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = C:\I386\SVCHOST.EXE "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = C:\I386\SVCHOST.EXE "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = C:\I386\SVCHOST.EXE "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = C:\I386\SVCHOST.EXE "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: NAV Helper - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} (no name) - (no file) - {ce3cd3a2-ccb1-4da4-a849-481a2a7d84cd} -------------------------------------------------- Enumerating Task Scheduler jobs: Norton AntiVirus - Scan my computer.job Symantec Drmc.job Symantec NetDetect.job -------------------------------------------------- Enumerating Download Program Files: [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [Creative Software AutoUpdate] InProcServer32 = C:\WINDOWS\DOWNLO~1\CTSUEng.ocx CODEBASE = http://www.creative.com/SU/ocx/12119/CTSUEng.cab [Launcher Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\launcher.ocx CODEBASE = https://horizons.eu.istaria.com/controls/launcher.ocx [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab [InstallFromTheWeb ActiveX Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\iftw.dll CODEBASE = http://tw.msi.com.tw/autobios/client/iftwclix.cab [HouseCall-Kontrolle] InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx CODEBASE = http://housecall.trendmicro-europe.com/housecall/Xscan53.cab [Java Plug-in 1.4.1_04] InProcServer32 = C:\Programme\Java\j2re1.4.1_04\bin\npjpi141_04.dll CODEBASE = http://java.sun.com/products/plugin/1.4/jinstall-14_04-windows-i586.cab [DmiReader Class] InProcServer32 = C:\WINDOWS\DOWNLO~1\SYSPRO~1.DLL CODEBASE = http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab [Update Class] InProcServer32 = C:\WINDOWS\System32\iuctl.dll CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37939.843287037 [Java Plug-in 1.4.1_04] InProcServer32 = C:\Programme\Java\j2re1.4.1_04\bin\npjpi141_04.dll CODEBASE = http://java.sun.com/products/plugin/1.4/jinstall-14_04-windows-i586.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Creative Software AutoUpdate Support Package] InProcServer32 = C:\WINDOWS\DOWNLO~1\CTPID.ocx CODEBASE = http://www.creative.com/SU/ocx/12119/CTPID.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 15.134 bytes Report generated in 0,031 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only hm un dann hab ich das prob das ich keine programme ausführen kann auch net im abgesicherten modus nur wenn ich in "Ausführen als ---->>> un da den Hacken bei Computer und Daten vor nich Autoriesiertem Programm Zugriff schützen weg machen vieleicht weis ja noch wer was das is ging bis gestern alles erst seit ich den wurm hab is das so .-/ |
|
|
|
|
|
|
31.05.2004, 13:59
Moderator
Beiträge: 7805 |
#23
Na sie mal an.
Das ist dein Problem: C:\I386\SVCHOST.EXE Das naechste Problem ist, wie wirst du das wieder los. Wenn du"Glueck" hast, reicht schon dieser Cleaner. Bitte im abgesicherten Modus ausfuehren.... ftp://ftp1.avp.ch/utils/clrav.com __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
31.05.2004, 14:05
Member
Beiträge: 13 |
#24
hm ich kann das prog net ausführen ??
|
|
|
|
|
|
|
31.05.2004, 14:08
Moderator
Beiträge: 7805 |
#25
Auch nicht im abgesicherten Modus? Oder ist die Datei C:\I386\SVCHOST.EXE nicht mehr da? Wenn nein, sag bescheid. Dann versuchen wir was anderes.
__________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
31.05.2004, 14:12
Member
Beiträge: 13 |
#26
datei is da aber ich kann das prog startet net hab hier 3 rechner auf dem 2 rechner hab ich die selben probs un auf dem sauberen rechner gehts :-/
|
|
|
|
|
|
|
31.05.2004, 14:25
Moderator
Beiträge: 7805 |
||
|
|
|
|
|
31.05.2004, 14:26
Member
Beiträge: 13 |
#28
nein leider net :-(
narf nur weil ich 1 ma den viren scanner aus hatte oki läuft doch bekomme aber haufen meldungen(läuft in som nur dos modus jetz ) Access Denied sehr oft !! Dieser Beitrag wurde am 31.05.2004 um 14:42 Uhr von IngMan editiert.
|
|
|
|
|
|
|
31.05.2004, 14:42
Moderator
Beiträge: 7805 |
#29
Dann mach folgendes. Gehe hierhin: http://home.earthlink.net/~rmbox/Reticulated/4IE_Only/
druecke dort, mit der Rechten Maustaste, auf die FIX-exec.inf und waehle "Ziel speichern unter". Merke dir, wo du sie hingespeichert hast und starte die Datei im abgesicherten Modus. benenne dort auch die Datei C:\I386\SVCHOST.EXE in svchost.vir um und starte neu. __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
31.05.2004, 15:14
Member
Beiträge: 13 |
#30
hm wenn ich das amche geht bei mir der editor auf un dann ??
oki war rchts klick in dann install aber was is dann anders hab die file instal un svhost.vir gemacht un nu ?? Dieser Beitrag wurde am 31.05.2004 um 15:22 Uhr von IngMan editiert.
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Zitat
k.a was du meinst oder was ich da nun machen soll#Du musst im Exporer unter EXtras/Ordneroptionen/Ansicht/Versteckte Dateien und Ordner "Alle Dateien und Ordner anzeigen" und mit der Suchfunktion finden und loeschen, falls da:
yourwin.bat
probsolv.doc.pif
flt-xb5.rar.pif
document.doc.pif
sexinthecity.scr
torvil.pif
win$hitrulez.pif
sex.jpg
flt-ixb23.zip
readit.doc.pif
document1.doc.pif
attachment.zip << das hab ich alles gemacht ohne erfolg!!! und habe danach auch gesucht...
#Start<Ausfuehren<regedit:loesche auf der rechten Seite, wenn es da ist:
-------------------------------------------------------------------------
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Service Host
HKLM\Software\Microsoft\Windows\CurrentVersion\
Advanced\OneLevelDeeper\TorvilDB
HKCU\Software\Microsoft\Windows\CurrentVersion\
Advanced\OneLevelDeeper\TorvilDB
HKU\[code number]\Software\Microsoft\Windows\
CurrentVersion\Advanced\OneLevelDeeper\TorvilDB
und nix gefunden