Killandclean & merkwürdige Toolbar hat sich unbemerkt installiert |
||
---|---|---|
#0
| ||
20.08.2006, 23:16
Ehrenmitglied
Beiträge: 29434 |
||
|
||
20.08.2006, 23:21
...neu hier
Themenstarter Beiträge: 9 |
#17
Zitat Sabina postetezu a) ok ich hoffe er beherzigt das zu b) Ich glaube, dass killandclean sich durch das Ausnutzen einer Sicherheitslücke selbst installiert hat. Ich habe gelesen, dass es das gerne macht und er hat gesagt, dass es einfach auf einmal da war. Ok, dann hoffen wir mal, dass wir Deine Hilfe nicht so bald wieder in Anspruch nehmen müssen Danke nochmals für die Reinigung! |
|
|
||
19.09.2006, 01:51
...neu hier
Beiträge: 4 |
#18
Hallo Sabina,
habe mir auch leider einen Kill&clean eingefangen. Es wäre schön, wenn Du mir bei der Beseitigung helfen und mir die Sicherheitslücken aufzeigen könntest, wie das Vieh bei mir landen konnte. Gemäß Deiner Beschreibung unten habe ich folgende Logs erstellt. Es schein auch der Norton IT Security 2005 nicht ansprechbar zu sein. Hier stimmt einges nicht... Zitat Sabina postete1.HijackThis Report: Logfile of HijackThis v1.99.1 Scan saved at 01:19:36, on 19.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Norton Internet Security\ISSVC.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE C:\WINDOWS\system32\svchost.exe C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\F-Secure Internet Security\backweb\4476822\Program\fspex.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Programme\Apoint\Apoint.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\system32\rundll32.exe C:\Programme\Sony\VAIO Power Management\SPMgr.exe C:\Programme\Sony\ISB Utility\ISBMgr.exe C:\Programme\Apoint\Apntex.exe C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe C:\Programme\T-Mobile\Communication Center\AutoUpdateSrv.exe C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Programme\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe C:\Programme\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe C:\Programme\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Programme\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Sony\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PDService.exe] C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe O4 - HKLM\..\Run: [ScheduleSync.Siemens.SmartSync.5.2.exe] C:\Programme\Mobile Phone Manager\SmartSync\ScheduleSync.exe O4 - HKLM\..\Run: [PrepareYourVAIO] C:\Programme\sony\Prepare your VAIO\PYVAlert.exe O4 - HKLM\..\Run: [Connect Update Agent] "C:\Programme\T-Mobile\Communication Center\AutoUpdateSrv.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [bvfkx.exe] C:\WINDOWS\system32\bvfkx.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Audio Filter.lnk = C:\Programme\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe O4 - Global Startup: F-Secure 2006.lnk = C:\Programme\F-Secure Internet Security\backweb\4476822\Program\fspex.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: myPrintMileage.lnk = C:\Programme\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Programme\Altova\XMLSpy2005\spy.htm O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\Altova\XMLSpy2005\spy.htm O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\Altova\XMLSpy2005\spy.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/de/ O17 - HKLM\System\CCS\Services\Tcpip\..\{1FC303FB-2EF4-4049-ACA1-94CC22121B62}: NameServer = 85.255.115.34,85.255.112.63 O17 - HKLM\System\CCS\Services\Tcpip\..\{999619A7-6761-483B-80FF-AE073108D12E}: NameServer = 85.255.115.34,85.255.112.63 O17 - HKLM\System\CCS\Services\Tcpip\..\{9C46ABE3-A8D4-40D2-A721-86F1B660CC26}: NameServer = 85.255.115.34,85.255.112.63 O17 - HKLM\System\CCS\Services\Tcpip\..\{D0FA5A43-72E6-4F5E-90B8-97293BCA039C}: NameServer = 85.255.115.34,85.255.112.63 O17 - HKLM\System\CCS\Services\Tcpip\..\{F15974B6-3775-43D9-8C30-49F4EAE6B568}: NameServer = 85.255.115.34,85.255.112.63 O17 - HKLM\System\CCS\Services\Tcpip\..\{FE1A9407-F9FB-455D-A5B1-B4F593C5E8C1}: NameServer = 85.255.115.34,85.255.112.63 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63 O17 - HKLM\System\CS1\Services\Tcpip\..\{1FC303FB-2EF4-4049-ACA1-94CC22121B62}: NameServer = 85.255.115.34,85.255.112.63 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63 O18 - Protocol: t-mobile - {C6D89159-3467-4C2F-9918-3362DA57BCD2} - C:\PROGRA~1\T-Mobile\HOTSPO~1\TMOBIL~1.DLL O20 - Winlogon Notify: ideusr50 - C:\WINDOWS\SYSTEM32\ideusr50.dll O20 - Winlogon Notify: lanmui - C:\WINDOWS\SYSTEM32\lanmui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe O23 - Service: MySql - Unknown owner - C:/wampp2/mysql/bin/mysqld-nt.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing) O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing) O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -------------------------------------------------------------------- 2. Fixwareout report Fixwareout ver 1.003 Last edited 8/11/2006 Post this report in the forums please Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AEF5792A43DA-2848-60A4-AFB2-7947D68F{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}45A64A894626-8449-BDC4-4EE2-876DFDD5{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AD1F4234ABE2-62C8-4DC4-9AB8-60AF7B57{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C56E4567AEB4-FFE9-1704-6F40-6C35E94C{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3066DC7D3E9D-12CA-DC04-A32C-A788D8C3{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C27F3E608054-F91B-F004-E62E-F05CEB80{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\hstmd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\owt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif ... Random Runs removed from HKLM "dmtsh.exe"=- ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... * csr.exe C:\WINDOWS\System32\CSAGQ.EXE »»»»» Search five digit cs, dm and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal C:\WINDOWS\SYSTEM32\CSAGQ.EXE 51.216 2006-09-18 C:\WINDOWS\SYSTEM32\DMTSH.EXE 61.967 2004-08-04 Other suspects. Directory of C:\WINDOWS\system32 {08BEC50F-E26E-400F-B19F-450806E3F72C}.exe {3C8D887A-C23A-40CD-AC21-D9E3D7CD6603}.exe {C49E53C6-04F6-4071-9EFF-4BEA7654E65C}.exe {5DDFD678-2EE4-4CDB-9448-626498A46A54}.exe »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. ------------------------------------------------------------------ 3. Blacklight report: 09/18/06 23:27:28 [Info]: BlackLight Engine 1.0.46 initialized 09/18/06 23:27:28 [Info]: OS: 5.1 build 2600 (Service Pack 2) 09/18/06 23:27:28 [Note]: 7019 4 09/18/06 23:27:28 [Note]: 7005 0 09/18/06 23:27:33 [Note]: 7006 0 09/18/06 23:27:33 [Note]: 7027 1 09/18/06 23:27:33 [Note]: 7027 0 09/18/06 23:27:34 [Note]: 7026 0 09/18/06 23:27:34 [Note]: 7026 0 09/18/06 23:27:34 [Note]: 7024 3 09/18/06 23:27:34 [Info]: Hidden process: C:\WINDOWS\Explorer.EXE 09/18/06 23:27:34 [Note]: 7024 3 09/18/06 23:27:34 [Info]: Hidden process: \??\C:\WINDOWS\system32\winlogon.exe 09/18/06 23:27:34 [Note]: FSRAW library version 1.7.1019 09/18/06 23:31:37 [Info]: Hidden file: c:\WINDOWS\system32\klgcptini.dat 09/18/06 23:31:37 [Note]: 10002 1 09/18/06 23:31:45 [Info]: Hidden file: c:\WINDOWS\system32\stt82.ini 09/18/06 23:31:45 [Note]: 10002 1 09/18/06 23:31:46 [Info]: Hidden file: c:\WINDOWS\system32\lanmui.dll 09/18/06 23:31:46 [Note]: 10002 1 09/18/06 23:31:46 [Info]: Hidden file: c:\WINDOWS\system32\lannui.sys 09/18/06 23:31:46 [Note]: 10002 1 09/18/06 23:31:47 [Info]: Hidden file: c:\WINDOWS\system32\qz.dll 09/18/06 23:31:47 [Note]: 10002 1 09/18/06 23:31:48 [Info]: Hidden file: c:\WINDOWS\system32\qz.sys 09/18/06 23:31:48 [Note]: 10002 1 09/18/06 23:31:59 [Note]: 7002 0 09/18/06 23:31:59 [Note]: 7003 1 09/18/06 23:31:59 [Error]: 6023 5 09/18/06 23:43:16 [Note]: 7007 0 --------------------------------------------------------------- 4. Einmal CleanUp durchlaufen lassen --------------------------------------------------- 5. Die Logs der letzten drei Monate von a) Verzeichnis von C:\ 19.09.2006 01:08 0 sys.txt 19.09.2006 00:48 536.203.264 hiberfil.sys 19.09.2006 00:48 805.306.368 pagefile.sys 26.01.2006 23:25 50 AUTOEXEC.BAT 14.08.2005 09:54 1.119 INSTALL.LOG 01.08.2005 20:49 6.657 w.exe 20.06.2005 18:31 17.790 SDSSetup.log 19.06.2005 13:10 0 winamp.ini -------------------------------------------------------------------------- b) Verzeichnis von C:\WINDOWS 19.09.2006 00:54 324.801 WindowsUpdate.log 19.09.2006 00:48 0 0.log 19.09.2006 00:48 50 wiaservc.log 19.09.2006 00:48 159 wiadebug.log 19.09.2006 00:48 2.048 bootstat.dat 19.09.2006 00:47 32.430 SchedLgU.Txt 18.09.2006 22:15 1.714.482 FSSFM.log 18.09.2006 22:15 309.392 RunSetup.log 18.09.2006 22:15 28.503 FSISU.log 18.09.2006 22:15 386 fsavunin.log 18.09.2006 22:15 642 fsdginst.log 18.09.2006 22:15 1.040 FSSCINST.log 18.09.2006 22:15 115.695 FSPROD.log 18.09.2006 22:15 2.050 fsmainst.log 18.09.2006 22:15 305 FSSSINST.log 18.09.2006 22:15 359 FSASWSIN.log 18.09.2006 22:15 2.534 fwesinst.log 18.09.2006 22:15 3.516 fstnbins.LOG 18.09.2006 22:15 292.820 FSSETUP.log 18.09.2006 22:15 962 FSPCINST.LOG 18.09.2006 22:15 2.624 fwinst.log 18.09.2006 22:15 1.457 FSAVINST.LOG 18.09.2006 22:15 135.605 FSDEPH.log 18.09.2006 22:15 10.020 fsrif.log 18.09.2006 22:14 489.212 fssgpex.LOG 18.09.2006 22:11 4.712 fsbwinst.log 18.09.2006 22:11 2.438 FSPRODRM.LOG 18.09.2006 22:09 118.842 bwUnin-6.3.2.123-4476822L.exe 18.09.2006 22:06 3.142 Q-Klez.log 18.09.2006 11:45 195 ChssBase.ini 14.09.2006 01:03 10.240 gfo.exe 14.09.2006 01:03 56.219 4kj.exe 11.09.2006 09:16 293.110 setupapi.log 08.09.2006 13:43 10.366 ModemLog_Fusion UMTS GPRS - 3G Modem.txt 07.09.2006 16:08 55.465 wmsetup.log 29.07.2006 22:16 996 IE4 Error Log.txt 06.07.2006 20:30 392 nsw.log 26.06.2006 19:34 8.654 iis6.log 26.06.2006 19:34 16.007 ntdtcsetup.log 26.06.2006 19:34 27.759 comsetup.log 26.06.2006 19:34 30.290 tsoc.log 26.06.2006 19:34 4.696 imsins.log 26.06.2006 19:34 3.138 ocmsn.log 26.06.2006 19:34 43.556 ocgen.log 26.06.2006 19:34 3.293 msgsocm.log 26.06.2006 19:34 53.556 FaxSetup.log --------------------------------------------------------------------------- c) Verzeichnis von C:\DOKUME~1\Sony\LOKALE~1\Temp 18.09.2006 22:10 71.687 BWInstall.log 18.09.2006 22:09 26.408 BWDump.log 18.09.2006 20:28 447 oih2.tmp 14.09.2006 01:03 4.608 321171.exe 14.09.2006 00:28 5 IVIApp.tmp 13.09.2006 14:57 25.475 bl4ck.com 11.09.2006 09:20 31.232 ~WRC0000.tmp 11.09.2006 09:20 512 ~DF6777.tmp 11.09.2006 09:15 512 ~DFF71B.tmp 08.09.2006 09:54 53.346 wlg3.tmp 07.09.2006 18:44 11.434 java_install_reg.log 07.09.2006 16:08 717 control.xml 06.09.2006 12:49 2.012 ~WRS0004.tmp 06.09.2006 12:49 65.536 ~WRF0005.tmp 06.09.2006 12:49 11.244 mso988A.wmf 06.09.2006 12:48 16.404 ~WRS0003.tmp 06.09.2006 12:48 65.536 ~WRF0004.tmp 06.09.2006 12:48 11.244 mso52582.wmf 06.09.2006 10:58 69 ~WRD0000.doc 07.08.2006 13:26 59.834 F58EE07.dmp 07.08.2006 13:26 8.616 e599_appcompat.txt 03.08.2006 11:50 512 ~DF8B95.tmp 03.08.2006 11:40 512 ~DFA988.tmp 03.08.2006 10:58 512 ~DF19B.tmp 03.08.2006 10:47 512 ~DFD0FA.tmp 03.08.2006 10:45 62.198 ~WRS0002.tmp 03.08.2006 10:45 512 ~DFE0CB.tmp 03.08.2006 10:43 512 ~DFA34A.tmp 28.07.2006 11:59 98.281 TWAIN.LOG 28.07.2006 11:59 326.976 CNQ1213.shd 28.07.2006 11:56 3 Twain001.Mtx 28.07.2006 11:56 156 Twunk001.MTX 28.06.2006 01:58 512 ~DF7ABC.tmp 28.06.2006 01:58 512 ~DF5E89.tmp 25.06.2006 20:11 8.616 266e_appcompat.txt 25.06.2006 20:11 8.616 265f_appcompat.txt ---------------------------------------------------------------------- d) Verzeichnis von C:\WINDOWS\system32 19.09.2006 00:49 693 ps.a3d 19.09.2006 00:47 0 ksl48.bin 18.09.2006 20:28 424.718 {08BEC50F-E26E-400F-B19F-450806E3F72C}.exe 18.09.2006 20:28 5.214 {3C8D887A-C23A-40CD-AC21-D9E3D7CD6603}.exe 18.09.2006 20:28 45.568 {C49E53C6-04F6-4071-9EFF-4BEA7654E65C}.exe 18.09.2006 20:28 3.117 {5DDFD678-2EE4-4CDB-9448-626498A46A54}.exe 18.09.2006 20:28 51.216 csagq.exe 13.09.2006 18:18 6 tick48.bin 13.09.2006 14:57 6.880 idersrvc.sys 13.09.2006 14:57 19.635 ideusr50.dll 10.09.2006 14:15 1.158 wpa.dbl 26.06.2006 19:34 40.326 perfc009.dat 26.06.2006 19:34 311.938 perfh009.dat 26.06.2006 19:34 317.168 perfh007.dat 26.06.2006 19:34 48.552 perfc007.dat 26.06.2006 19:34 722.932 PerfStringBackup.INI 22.04.2006 19:02 186.608 FNTCACHE.DAT 10.08.2005 00:14 692.224 divxdec.ax 10.08.2005 00:13 4.276 divxsm.tlb 10.08.2005 00:13 524.288 DivXsm.exe 10.08.2005 00:13 692.736 DivX.dll 10.08.2005 00:13 688.128 divx_xx07.dll 10.08.2005 00:13 10.775 dsm_ja.qm 10.08.2005 00:13 15.351 dsm_de.qm 10.08.2005 00:13 15.153 dsm_fr.qm 10.08.2005 00:13 688.128 divx_xx0c.dll 10.08.2005 00:13 671.744 divx_xx11.dll 10.08.2005 00:13 831.488 libeay32.dll 10.08.2005 00:13 245.408 unicows.dll 10.08.2005 00:13 159.744 ssleay32.dll 10.08.2005 00:12 3.596.288 qt-dx331.dll 10.08.2005 00:12 8.523 dpude.qm 10.08.2005 00:12 86.016 dpl100.dll 10.08.2005 00:12 581.632 dpuGUI11.dll 10.08.2005 00:12 200.704 dtu100.dll 10.08.2005 00:12 303.104 dpus11.dll 10.08.2005 00:12 57.344 dpv11.dll 10.08.2005 00:12 245.760 dpu11.dll 10.08.2005 00:12 3.136 dtu_de.qm 10.08.2005 00:12 356.436 DivXMedia.ax 02.07.2005 21:30 197 InstallFunk.txt 23.06.2005 22:17 352.256 CNQL1213.DLL 20.06.2005 18:30 1.415 mapisvc.inf 12.06.2005 20:07 4.833 setup.iwf -------------------------------------------------------------- Könnt Ihr mir bitte helfen? Grüsse Antikörper |
|
|
||
19.09.2006, 10:38
Ehrenmitglied
Beiträge: 29434 |
#19
Antikörper
1. Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) lannui idersrvc in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. -------------------------------------------------- 2. avenger http://virus-protect.org/artikel/tools/avenger.html Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log vom avenger, was nach neustart erscheint ! 3. öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O4 - HKLM\..\Run: [bvfkx.exe] C:\WINDOWS\system32\bvfkx.exePC neustarten 4. erstelle eine neue Internetverbindung Bei Netzwerk/Eigenschaften des Internetprotokolls steht denn auch IP und DNS automatisch beziehen - anhaken 1. Click Start > Control Panel 2. Double-click Network Connections. muss raus !!! ->85.255.115.34 85.255.112.63 --------------------------------------------------------------------------- 5. scanne und poste den scanreport + das neue log vom hijackTis http://virus-protect.org/cureit.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.09.2006, 14:45
...neu hier
Beiträge: 4 |
#20
Hallo Sabina!
Vielen Dank erst einmal: ------------------------------------------------------ 1. Regsearch Report: REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 19.09.2006 11:25:41 for strings: ; 'lannui' ; 'idersrvc' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\lannui.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\lannui.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IDERSRVC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IDERSRVC\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IDERSRVC\0000] "Service"="idersrvc" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IDERSRVC\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IDERSRVC\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IDERSRVC\0000\Control] "ActiveService"="idersrvc" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LANNUI] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LANNUI\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LANNUI\0000] "Service"="lannui" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LANNUI\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LANNUI\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LANNUI\0000\Control] "ActiveService"="lannui" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idersrvc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idersrvc] ; Contents of value: ; \??\c:\windows\system32\idersrvc.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,69,64,65,72,73,72,76,63,2e,73,79,73,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idersrvc\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idersrvc\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idersrvc\Enum] "0"="Root\\LEGACY_IDERSRVC\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmui] ; Contents of value: ; \??\c:\windows\system32\lannui.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,6c,61,6e,6e,75,69,2e,73,79,73,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lannui] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lannui] ; Contents of value: ; \??\c:\windows\system32\lannui.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,6c,61,6e,6e,75,69,2e,73,79,73,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lannui\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lannui\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lannui\Enum] "0"="Root\\LEGACY_LANNUI\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\lannui.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\lannui.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_IDERSRVC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_IDERSRVC\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_IDERSRVC\0000] "Service"="idersrvc" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_IDERSRVC\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_LANNUI] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_LANNUI\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_LANNUI\0000] "Service"="lannui" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_LANNUI\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\idersrvc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\idersrvc] ; Contents of value: ; \??\c:\windows\system32\idersrvc.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,69,64,65,72,73,72,76,63,2e,73,79,73,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\idersrvc\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lanmui] ; Contents of value: ; \??\c:\windows\system32\lannui.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,6c,61,6e,6e,75,69,2e,73,79,73,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lannui] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lannui] ; Contents of value: ; \??\c:\windows\system32\lannui.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,6c,61,6e,6e,75,69,2e,73,79,73,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lannui\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lannui.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lannui.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IDERSRVC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IDERSRVC\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IDERSRVC\0000] "Service"="idersrvc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IDERSRVC\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IDERSRVC\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IDERSRVC\0000\Control] "ActiveService"="idersrvc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANNUI] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANNUI\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANNUI\0000] "Service"="lannui" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANNUI\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANNUI\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANNUI\0000\Control] "ActiveService"="lannui" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idersrvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idersrvc] ; Contents of value: ; \??\c:\windows\system32\idersrvc.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,69,64,65,72,73,72,76,63,2e,73,79,73,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idersrvc\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idersrvc\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idersrvc\Enum] "0"="Root\\LEGACY_IDERSRVC\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmui] ; Contents of value: ; \??\c:\windows\system32\lannui.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,6c,61,6e,6e,75,69,2e,73,79,73,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lannui] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lannui] ; Contents of value: ; \??\c:\windows\system32\lannui.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,6c,61,6e,6e,75,69,2e,73,79,73,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lannui\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lannui\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lannui\Enum] "0"="Root\\LEGACY_LANNUI\\0000" ; End Of The Log... ------------------------------------------------- 2. avenger report: ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CURRENT_USER\Software\KillAndClean ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\mehyujar ******************* Script file located at: \??\C:\Program Files\oelclteu.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\w.exe deleted successfully. File C:\WINDOWS\SYSTEM32\ideusr50.dll deleted successfully. File C:\WINDOWS\System32\csagq.exe deleted successfully. File C:\WINDOWS\System32\csr.exe not found! Deletion of file C:\WINDOWS\System32\csr.exe failed! Could not process line: C:\WINDOWS\System32\csr.exe Status: 0xc0000034 File C:\WINDOWS\system32\bvfkx.exe not found! Deletion of file C:\WINDOWS\system32\bvfkx.exe failed! Could not process line: C:\WINDOWS\system32\bvfkx.exe Status: 0xc0000034 File C:\WINDOWS\system32\dmtsh.exe deleted successfully. File C:\WINDOWS\System32\ps.a3d deleted successfully. File C:\WINDOWS\System32\ksl48.bin deleted successfully. File C:\WINDOWS\System32\tick48.bin deleted successfully. File C:\WINDOWS\System32\idersrvc.sys deleted successfully. File c:\WINDOWS\system32\stt82.ini not found! Deletion of file c:\WINDOWS\system32\stt82.ini failed! Could not process line: c:\WINDOWS\system32\stt82.ini Status: 0xc0000034 File c:\WINDOWS\system32\lanmui.dll not found! Deletion of file c:\WINDOWS\system32\lanmui.dll failed! Could not process line: c:\WINDOWS\system32\lanmui.dll Status: 0xc0000034 File c:\WINDOWS\system32\lannui.sys not found! Deletion of file c:\WINDOWS\system32\lannui.sys failed! Could not process line: c:\WINDOWS\system32\lannui.sys Status: 0xc0000034 File c:\WINDOWS\system32\qz.dll not found! Deletion of file c:\WINDOWS\system32\qz.dll failed! Could not process line: c:\WINDOWS\system32\qz.dll Status: 0xc0000034 File c:\WINDOWS\system32\qz.sys not found! Deletion of file c:\WINDOWS\system32\qz.sys failed! Could not process line: c:\WINDOWS\system32\qz.sys Status: 0xc0000034 File C:\WINDOWS\gfo.exe deleted successfully. File C:\WINDOWS\4kj.exe deleted successfully. File C:\Dokumente und Einstellungen\Sony\Anwendungsdaten\kc.tmp deleted successfully. File C:\Dokumente und Einstellungen\Sony\Anwendungsdaten\wo.tmp not found! Deletion of file C:\Dokumente und Einstellungen\Sony\Anwendungsdaten\wo.tmp failed! Could not process line: C:\Dokumente und Einstellungen\Sony\Anwendungsdaten\wo.tmp Status: 0xc0000034 File C:\WINDOWS\System32\{08BEC50F-E26E-400F-B19F-450806E3F72C}.exe deleted successfully. File C:\WINDOWS\System32\{3C8D887A-C23A-40CD-AC21-D9E3D7CD6603}.exe deleted successfully. File C:\WINDOWS\System32\{C49E53C6-04F6-4071-9EFF-4BEA7654E65C}.exe deleted successfully. File C:\WINDOWS\System32\{5DDFD678-2EE4-4CDB-9448-626498A46A54}.exe deleted successfully. File C:\Dokumente und Einstellungen\Sony\Lokale Einstellungen\Temp\oih2.tmp not found! Deletion of file C:\Dokumente und Einstellungen\Sony\Lokale Einstellungen\Temp\oih2.tmp failed! Could not process line: C:\Dokumente und Einstellungen\Sony\Lokale Einstellungen\Temp\oih2.tmp Status: 0xc0000034 File C:\Dokumente und Einstellungen\Sony\Lokale Einstellungen\Temp\321171.exe not found! Deletion of file C:\Dokumente und Einstellungen\Sony\Lokale Einstellungen\Temp\321171.exe failed! Could not process line: C:\Dokumente und Einstellungen\Sony\Lokale Einstellungen\Temp\321171.exe Status: 0xc0000034 File C:\Dokumente und Einstellungen\Sony\Lokale Einstellungen\Temp\IVIApp.tmp not found! Deletion of file C:\Dokumente und Einstellungen\Sony\Lokale Einstellungen\Temp\IVIApp.tmp failed! Could not process line: C:\Dokumente und Einstellungen\Sony\Lokale Einstellungen\Temp\IVIApp.tmp Status: 0xc0000034 File C:\Dokumente und Einstellungen\Sony\Lokale Einstellungen\Temp\bl4ck.com not found! Deletion of file C:\Dokumente und Einstellungen\Sony\Lokale Einstellungen\Temp\bl4ck.com failed! Could not process line: C:\Dokumente und Einstellungen\Sony\Lokale Einstellungen\Temp\bl4ck.com Status: 0xc0000034 File C:\Dokumente und Einstellungen\Sony\Favoriten\Download Free Spyware Remover.url deleted successfully. File C:\Dokumente und Einstellungen\Sony\Favoriten\NEW VIAGRA at Half Price!.url deleted successfully. File C:\Dokumente und Einstellungen\Sony\Favoriten\Online Chat With Nude Girls.url deleted successfully. File C:\Dokumente und Einstellungen\Sony\Favoriten\Order CIALIS online without leaving home..url deleted successfully. File C:\Dokumente und Einstellungen\Sony\Favoriten\PC protection in under 2 minutes!.url deleted successfully. File C:\Dokumente und Einstellungen\Sony\Favoriten\SEX Dating - Real Girls For Real SEX.url deleted successfully. File C:\Dokumente und Einstellungen\Sony\Favoriten\Stop PopUps On Your Computer.url deleted successfully. File C:\Dokumente und Einstellungen\Sony\Favoriten\VIAGRA at incredible low price. Bonus Pills!.url not found! Deletion of file C:\Dokumente und Einstellungen\Sony\Favoriten\VIAGRA at incredible low price. Bonus Pills!.url failed! Could not process line: C:\Dokumente und Einstellungen\Sony\Favoriten\VIAGRA at incredible low price. Bonus Pills!.url Status: 0xc0000034 File C:\Dokumente und Einstellungen\Sony\Favoriten\View ADULT photos of REAL GIRLS!.url deleted successfully. Folder C:\Dokumente und Einstellungen\All Users\Favoriten\Online Pharmacy deleted successfully. Folder C:\Dokumente und Einstellungen\All Users\Favoriten\Spyware Uninstall deleted successfully. Folder C:\Dokumente und Einstellungen\All Users\Favoriten\Sex and Dating deleted successfully. Folder C:\Programme\KillAndClean not found! Deletion of folder C:\Programme\KillAndClean failed! Could not process line: C:\Programme\KillAndClean Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lannui not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lannui failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ideusr50 deleted successfully. Completed script processing. ******************* Finished! Terminate. ----------------------------------------------------------- 3. erledigt obwohl die O20 wurden nach dem Re-Naming von Blacklight nicht mehr gefunden für: ideusr50.dll lanmui.dll ------------------------------------------------------------- 4. Ist nicht ganz so einfach. Meine Topologie ist: (1) Splitter ADSL2-ISDN 18M+ mit den beiden IP's (keep alive) (2) <-> ADSL- Modem (3) <-> WLAN Switch/Router C-Netz IP ( 192.168.x.x) DHCP Server [Seltsamerweise komme ich mit dem Browser z.Z. nicht auf die Adminplatform. Ping funktioniert, nur der Browser meldet 404.] (4) <-> Infizierter Laptop (WLAN) C-Netz IP Ich weiß, da gehört ein Proxy Zwischen, aber ich habe im Moment kein Geld dafür! Normalerweise müsste der Lap doch nur die IP vom Switch kennen. Oder?! ------------------------------------------------------------- 5. a) cureit meldet: Object UPnPFramework.exe Path: c:\programme\sony\Vaio Medio Integrated Server\Platform Status möglicherweise Backdoor.Trojan Obwohl das Sony eine Backdoor hat ist mir bekannt. b) Der neue HiJackThis Report: Logfile of HijackThis v1.99.1 Scan saved at 14:39:39, on 19.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Norton Internet Security\ISSVC.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\F-Secure Internet Security\backweb\4476822\Program\fspex.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Programme\Apoint\Apoint.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\system32\rundll32.exe C:\Programme\Sony\VAIO Power Management\SPMgr.exe C:\Programme\Sony\ISB Utility\ISBMgr.exe C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\T-Mobile\Communication Center\AutoUpdateSrv.exe C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Apoint\Apntex.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Programme\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Programme\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe C:\Programme\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Programme\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Sony\Desktop\HijackThis.exe C:\Programme\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kedtec.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PDService.exe] C:\Programme\Utimaco\SafeGuard PrivateDisk\pdservice.exe O4 - HKLM\..\Run: [ScheduleSync.Siemens.SmartSync.5.2.exe] C:\Programme\Mobile Phone Manager\SmartSync\ScheduleSync.exe O4 - HKLM\..\Run: [PrepareYourVAIO] C:\Programme\sony\Prepare your VAIO\PYVAlert.exe O4 - HKLM\..\Run: [Connect Update Agent] "C:\Programme\T-Mobile\Communication Center\AutoUpdateSrv.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Audio Filter.lnk = C:\Programme\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe O4 - Global Startup: F-Secure 2006.lnk = C:\Programme\F-Secure Internet Security\backweb\4476822\Program\fspex.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: myPrintMileage.lnk = C:\Programme\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Programme\Altova\XMLSpy2005\spy.htm O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\Altova\XMLSpy2005\spy.htm O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\Altova\XMLSpy2005\spy.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/de/ O18 - Protocol: t-mobile - {C6D89159-3467-4C2F-9918-3362DA57BCD2} - C:\PROGRA~1\T-Mobile\HOTSPO~1\TMOBIL~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe O23 - Service: MySql - Unknown owner - C:/wampp2/mysql/bin/mysqld-nt.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing) O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing) O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe Grüsse Antikörper |
|
|
||
20.09.2006, 12:35
Ehrenmitglied
Beiträge: 29434 |
#21
Antikörper
Avenger Zitat registry keys to delete:poste den report ** scanne mit Panda (Online) und poste den report http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.09.2006, 13:01
...neu hier
Beiträge: 4 |
#22
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\rjmflqgt ******************* Script file located at: \??\C:\jrxocqpi.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\lannui.sys deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\lannui.sys deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\lannui.sys deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\lannui.sys deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lannui.sys not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lannui.sys failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lannui.sys Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lannui.sys not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lannui.sys failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lannui.sys Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IDERSRVC deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_IDERSRVC deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IDERSRVC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IDERSRVC failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IDERSRVC Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LANNUI deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_LANNUI deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANNUI not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANNUI failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANNUI Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idersrvc deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\idersrvc deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idersrvc not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idersrvc failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idersrvc Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmui deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lanmui deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmui not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmui failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmui Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. ------------------------------------------------------------ Nix! - OnlineScan Panda ist nicht! |
|
|
||
20.09.2006, 14:44
Ehrenmitglied
Beiträge: 29434 |
#23
scanne mit Sophos und mit Trendmicro und poste die scanreporte
http://virus-protect.org/multiavtool.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
a) er soll mit Bedacht surfen, bestimmte Seiten sind tabu
b) er soll nicht auf alles klicken, was blinkt, nicht alles, was anbietet den Rechner von Malware zu saeubern , ist ein Virenscanner, sondern der Trojaner selbst....
siehe killandclean ..er selbst hat seinen Rechner zerschossen, als er das geladen hat....
__________
MfG Sabina
rund um die PC-Sicherheit