Home » Viren, Trojaner & Malware Forum » Problem mit "Virus Alert" » Themenansicht

Problem mit "Virus Alert"
#0
06.07.2006, 08:24
Chrismaster
...neu hier

Beiträge: 2
#1 Mal wieder Virus Alert:
Anbei alles, was du in anderen Fällen anforderst. Danke für die Hilfe


CleanUp! started on 07/05/06 19:28:23.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.MSO\ - deleted
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Verlauf\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Verlauf\History.IE5\MSHist012006070520060706\index.dat - deleted
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Verlauf\History.IE5\MSHist012006070520060706\ - deleted
'Typed URLs' (Internet Explorer) - removed from the registry.
Visited: Administrator@file:///E:/datFind.zip - deleted
Visited: Administrator@about:Home - deleted
Visited: Administrator@file:///E:/KillBox.zip - deleted
Visited: Administrator@file:///C:/!KillBox/Logs/kb.log - deleted
Visited: Administrator@file:///C:/system32.txt - deleted
C:\Dokumente und Einstellungen\Administrator\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\v68e749p.default\history.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\v68e749p.default\cookies.txt.old - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\Daten (E).lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\datFind.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\kb.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\KillBox.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\Logs.lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\Lokaler Datenträger (C).lnk - deleted
C:\Dokumente und Einstellungen\Administrator\Recent\system32.lnk - deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\~DFE408.tmp - deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Rar$EX00.568\KillBox.exe - deleted
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Rar$EX00.568\ - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Administrator\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Administrator\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-30CEC19C.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-21B56F2B.pf - deleted
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted
C:\WINDOWS\Prefetch\KILLBOX.EXE-08BA25BB.pf - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted
C:\WINDOWS\Prefetch\LUALL.EXE-2BCC229F.pf - deleted
C:\WINDOWS\Prefetch\LUCOMS~1.EXE-02DB5950.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3AF10E20.pf - deleted
C:\WINDOWS\Prefetch\SDHELP.EXE-00535571.pf - deleted
C:\WINDOWS\Prefetch\SOL.EXE-1C0C14EB.pf - deleted
C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted
C:\WINDOWS\Prefetch\VPDN_LU.EXE-2EDBCBD0.pf - deleted
C:\WINDOWS\Prefetch\WINRAR.EXE-3588DFE8.pf - deleted
C:\WINDOWS\Prefetch\WINWORD.EXE-3395695A.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted
'Run MRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.5.1 recovered 1.0 MB of disk space from 39 files.
CleanUp! finished on 07/05/06 19:28:24.




Verzeichnis von C:\WINDOWS\system32

05.07.2006 19:07 3.570 ikhcore.log
05.07.2006 16:12 383.390 perfh009.dat
05.07.2006 16:12 53.744 perfc009.dat
05.07.2006 16:12 394.830 perfh007.dat
05.07.2006 16:12 64.802 perfc007.dat
05.07.2006 16:12 906.552 PerfStringBackup.INI
05.07.2006 09:19 8.192 Thumbs.db
05.07.2006 08:03 39.437 ssqroll.dll
05.07.2006 08:03 18.432 wineak32.dll
25.06.2006 18:12 2.206 wpa.dbl
12.06.2006 19:06 36.100 SpoonUninstall-dBpowerAMP Music Converter.dat
12.06.2006 19:06 131.072 SpoonUninstall.exe
12.06.2006 19:05 33.846 SpoonUninstall-dBpowerAMP Music Converter.bmp
29.05.2006 17:30 1.494.016 shdocvw.dll
19.05.2006 17:09 3.073.536 mshtml.dll
18.05.2006 07:36 450.560 jscript.dll
14.05.2006 10:48 181.248 rasmans.dll
11.05.2006 10:57 27.136 xpsp3res.dll
10.05.2006 07:23 664.064 wininet.dll
10.05.2006 07:22 474.624 shlwapi.dll
10.05.2006 07:22 615.936 urlmon.dll
10.05.2006 07:22 146.432 msrating.dll
10.05.2006 07:22 448.512 mshtmled.dll
10.05.2006 07:22 532.480 mstime.dll
10.05.2006 07:22 39.424 pngfilt.dll
10.05.2006 07:22 96.768 inseng.dll
10.05.2006 07:22 16.384 jsproxy.dll
10.05.2006 07:22 205.312 dxtrans.dll
10.05.2006 07:22 251.392 iepeers.dll
10.05.2006 07:22 1.056.256 danim.dll
10.05.2006 07:22 55.808 extmgr.dll
10.05.2006 07:22 357.888 dxtmsft.dll
10.05.2006 07:22 152.064 cdfview.dll
10.05.2006 07:22 1.022.976 browseui.dll
04.05.2006 06:26 5.818.784 MRT.exe
01.05.2006 21:24 81.920 ElbyCDIO.dll
27.04.2006 16:32 240.424 FNTCACHE.DAT
24.04.2006 15:40 4.730.880 wmp.dll


Verzeichnis von C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp

05.07.2006 19:02 16.384 ~DFE408.tmp
1 Datei(en) 16.384 Bytes
0 Verzeichnis(se), 640.348.160 Bytes frei



Verzeichnis von C:\WINDOWS

05.07.2006 19:08 0 0.log
05.07.2006 19:08 159 wiadebug.log
05.07.2006 19:08 1.875.564 WindowsUpdate.log
05.07.2006 19:08 51 wiaservc.log
05.07.2006 19:07 2.048 bootstat.dat
05.07.2006 19:07 32.626 SchedLgU.Txt
05.07.2006 16:15 594 win.ini
05.07.2006 16:15 227 system.ini
05.07.2006 09:19 7.680 Thumbs.db
05.07.2006 09:19 116 NeroDigital.ini
05.07.2006 08:04 692.138 setupapi.log
04.07.2006 16:34 192 winamp.ini
29.06.2006 19:00 3.770 meyer.VUE
17.06.2006 20:02 184.156 setupact.log
16.06.2006 10:00 1.830 spupdsvc.log
16.06.2006 07:51 377.399 iis6.log
16.06.2006 07:51 70.214 ntdtcsetup.log
16.06.2006 07:51 16.802 tabletoc.log
16.06.2006 07:51 151.302 tsoc.log
16.06.2006 07:51 1.374 imsins.log
16.06.2006 07:51 17.985 ocmsn.log
16.06.2006 07:51 118.508 comsetup.log
16.06.2006 07:51 11.393 KB917734.log
16.06.2006 07:51 50.616 wmsetup.log
16.06.2006 07:51 22.737 MedCtrOC.log
16.06.2006 07:51 56.940 netfxocm.log
16.06.2006 07:51 160.396 ocgen.log
16.06.2006 07:51 15.930 msgsocm.log
16.06.2006 07:51 320.697 FaxSetup.log
16.06.2006 07:51 102.952 msmqinst.log
16.06.2006 07:51 1.374 imsins.BAK
16.06.2006 07:51 14.704 KB917344.log
16.06.2006 07:51 14.628 KB917953.log
16.06.2006 07:51 14.459 KB911280.log
16.06.2006 07:51 20.379 updspapi.log
16.06.2006 07:50 22.159 KB916281.log
16.06.2006 07:50 12.359 KB914389.log
15.06.2006 08:13 316.640 WMSysPr9.prx
14.06.2006 08:06 9.608 ModemLog_Standard 56000 bps Modem.txt
09.06.2006 15:11 1.452 COM+.log
22.05.2006 19:51 3.514 mozver.dat

Verzeichnis von C:\

05.07.2006 19:15 0 sys.txt
05.07.2006 19:15 8.332 system.txt
05.07.2006 19:15 295 systemtemp.txt
05.07.2006 19:15 117.343 system32.txt
05.07.2006 19:07 402.231.296 hiberfil.sys
05.07.2006 19:07 603.979.776 pagefile.sys
05.07.2006 16:15 211 boot.ini
18.03.2006 19:52 50 AUTOEXEC.BAT


Logfile of HijackThis v1.99.1
Scan saved at 19:36:59, on 05.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec_Client_Security\Symantec AntiVirus\vpc32.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\CleanUp!\Cleanup.exe
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ssqroll.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7D7D6758-062B-44ea-A251-F8E40FF541F1} - (no file)
O2 - BHO: (no name) - {93A1221B-5DDF-4251-A5C6-F7987D61110B} - C:\WINDOWS\system32\kbdtuq32.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O14 - IERESET.INF: START_PAGE_URL=about:blank
O17 - HKLM\System\CCS\Services\Tcpip\..\{149A5779-2F63-4940-9BEA-00E3718403F3}: NameServer = 195.50.140.114 195.50.140.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{149A5779-2F63-4940-9BEA-00E3718403F3}: NameServer = 195.50.140.114 195.50.140.252
O20 - AppInit_DLLs: Runner.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: ssqroll - C:\WINDOWS\SYSTEM32\ssqroll.dll
O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - C:\WINDOWS\system32\zlara.dll
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
Seitenanfang Seitenende
07.07.2006, 01:42
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Chrismaster

1.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

Files to delete:

C:\WINDOWS\system32\ikhcore.log
C:\WINDOWS\system32\ssqroll.dll
C:\WINDOWS\system32\wineak32.dll
C:\WINDOWS\system32\zlara.dll
C:\WINDOWS\system32\kbdtuq32.dll
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

2.
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ssqroll.dll
O2 - BHO: (no name) - {7D7D6758-062B-44ea-A251-F8E40FF541F1} - (no file)
O2 - BHO: (no name) - {93A1221B-5DDF-4251-A5C6-F7987D61110B} - C:\WINDOWS\system32\kbdtuq32.dll
O20 - AppInit_DLLs: Runner.dll
O20 - Winlogon Notify: ssqroll - C:\WINDOWS\SYSTEM32\ssqroll.dll
O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - C:\WINDOWS\system32\zlara.dll
PC neustarten

3.
Counterspy
http://virus-protect.org/counterspy.html
stelle alles auf "remove" und poste den scanreport
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1