Wie löschen : W32.beagle.dz,w32/beagledi-bv, Tr/rkit.beagle.glThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
06.01.2007, 09:50
Member
Themenstarter Beiträge: 19 |
||
|
||
06.01.2007, 15:09
Ehrenmitglied
Beiträge: 29434 |
#17
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) hldrrr in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. in: "Enter search strings" (reinschreiben oder reinkopieren) DateTime4 in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. in: "Enter search strings" (reinschreiben oder reinkopieren) drvsyskit in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. in: "Enter search strings" (reinschreiben oder reinkopieren) m_hook in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.01.2007, 16:13
Member
Themenstarter Beiträge: 19 |
#18
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.2.0 ; Results at 06.01.2007 16:08:27 for strings: ; 'hldrrr' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hldrrr"="C:\\WINDOWS\\system32\\hldrrr.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "hldrrr"="C:\\WINDOWS\\system32\\hldrrr.exe" ; End Of The Log... Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.2.0 ; Results at 06.01.2007 16:09:36 for strings: ; 'datetime4' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.2.0 ; Results at 06.01.2007 16:11:16 for strings: ; 'drvsyskit' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"="C:\\Dokumente und Einstellungen\\kit\\Anwendungsdaten\\hidires\\hidr.exe" ; End Of The Log... Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.2.0 ; Results at 06.01.2007 16:12:19 for strings: ; 'm_hook' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... __________ ______________ MFG Kit |
|
|
||
06.01.2007, 16:32
Ehrenmitglied
Beiträge: 29434 |
#19
1.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. . Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry mit "ja" oder "yes" beifügen Zitat REGEDIT42. Avenger: kopiere rein: Zitat Files to delete:3. scane und poste den scanreport http://virus-protect.org/cureit.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.01.2007, 16:57
Member
Themenstarter Beiträge: 19 |
#20
//////////////////////////////////////////
Avenger Pre-Processor log ////////////////////////////////////////// Error: could not create zip file. Error code: 0 ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\klyneqcr ******************* Script file located at: \??\C:\oelwbhmy.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\hldrrr.exe not found! Deletion of file C:\WINDOWS\system32\hldrrr.exe failed! Could not process line: C:\WINDOWS\system32\hldrrr.exe Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. __________ ______________ MFG Kit |
|
|
||
06.01.2007, 16:58
Ehrenmitglied
Beiträge: 29434 |
#21
http://www.f-secure.com/blacklight/
starte die Datei, nimm die Lizenzbestimmung an und waehle scan, wenn es mit dem Scan fertig ist, druecke next und danach close. Nun befindet sich im selben Ordner von Blacklight eine FSB*.TXT Datei poste das log __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.01.2007, 17:04
Member
Themenstarter Beiträge: 19 |
#22
01/06/07 16:59:54 [Info]: BlackLight Engine 1.0.55 initialized
01/06/07 16:59:54 [Info]: OS: 5.1 build 2600 () 01/06/07 16:59:54 [Note]: 7019 4 01/06/07 16:59:54 [Note]: 7005 0 01/06/07 16:59:57 [Note]: 7006 0 01/06/07 16:59:57 [Note]: 7011 1756 01/06/07 16:59:57 [Note]: 7026 0 01/06/07 16:59:57 [Note]: 7026 0 01/06/07 17:00:04 [Note]: FSRAW library version 1.7.1021 01/06/07 17:03:55 [Note]: 7007 0 __________ ______________ MFG Kit |
|
|
||
06.01.2007, 17:13
Ehrenmitglied
Beiträge: 29434 |
#23
es muesste wieder alles i.o. sein
dennoch: scanne mit Trendmicro und poste den scanreport (falls du nicht schon den dr.web geladen hast) http://virus-protect.org/multiavtool.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.01.2007, 17:15
Member
Themenstarter Beiträge: 19 |
#24
[File Deleted]
C:\WINDOWS\Tasks\At2.job Removing Folders W32.Rontokbro.AN@mm... Removing Spyware Troj/BagleDl-BV... Removing Registry Troj/BagleDl-BV... Removing RegValues Troj/BagleDl-BV... Fixing RegValue dataTroj/BagleDl-BV... Removing Folders Troj/BagleDl-BV... Removing Spyware HotBar... Removing Registry HotBar... [Deleting Key...] Key : HKEY_LOCAL_MACHINE\System\currentcontrolset\enum\sw\{96e080c7-143c-11d1-b40f-00a0c9223196} [Key Deleted] Key : HKEY_LOCAL_MACHINE\System\currentcontrolset\enum\sw\{96e080c7-143c-11d1-b40f-00a0c9223196} Removing RegValues HotBar... Fixing RegValue dataHotBar... Removing Cookies HotBar... Removing Files HotBar... Removing Folders HotBar... " wurden wieder nicht gelöscht " /--------------------------------------------------------------\ | Trend Micro System Cleaner | | Copyright 2006, Trend Micro, Inc. | | http://www.antivirus.com | \--------------------------------------------------------------/ 2007-01-06, 17:23:16, Auto-clean mode specified. 2007-01-06, 17:23:16, Running scanner "c:\AV-CLS\Trend\TSC.BIN"... 2007-01-06, 17:23:29, Scanner "c:\AV-CLS\Trend\TSC.BIN" has finished running. 2007-01-06, 17:23:29, TSC Log: Damage Cleanup Engine (DCE) 3.98(Build 1012) Windows XP(Build 2600: ) Start time : Sa Jan 06 2007 17:23:16 Load Damage Cleanup Template (DCT) "c:\AV-CLS\Trend\tsc.ptn" (version 824) [success] Complete time : Sa Jan 06 2007 17:23:29 Execute pattern count(3030), Virus found count(0), Virus clean count(0), Clean failed count(0) 2007-01-06, 17:23:32, An error was detected on "C:\System Volume Information\*.*": Zugriff verweigert 2007-01-06, 17:23:53, An error was detected on "D:\System Volume Information\*.*": Zugriff verweigert 2007-01-06, 17:23:53, An error was detected on "E:\System Volume Information\*.*": Zugriff verweigert 2007-01-06, 17:24:17, An error was detected on "H:\System Volume Information\*.*": Zugriff verweigert 2007-01-06, 17:38:50, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 1/6/2007 17:24:17 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 163 (149090 Patterns) (2007/01/05) (416300) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend C:\Programme\7za.exe [TROJ_PROXY.IA] 35852 files have been read. 35852 files have been checked. 30833 files have been scanned. 137896 files have been scanned. (including files in archived) 1 files containing viruses. Found 1 viruses totally. Maybe 0 viruses totally. Stop At : 1/6/2007 17:38:50 ---------*---------*---------*---------*---------*---------*---------*---------* 2007-01-06, 17:38:50, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 1/6/2007 17:24:17 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 163 (149090 Patterns) (2007/01/05) (416300) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend 35852 files have been read. 35852 files have been checked. 30833 files have been scanned. 137896 files have been scanned. (including files in archived) 1 files containing viruses. Found 1 viruses totally. Maybe 0 viruses totally. Stop At : 1/6/2007 17:38:50 14 minutes 32 seconds (872.13 seconds) has elapsed. __________ ______________ MFG Kit Dieser Beitrag wurde am 06.01.2007 um 17:58 Uhr von kit editiert.
|
|
|
||
06.01.2007, 21:38
Ehrenmitglied
Beiträge: 29434 |
#25
jetzt mit dem gleiche proggie: kaspersky anwenden + den report posten
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.01.2007, 09:04
Member
Themenstarter Beiträge: 19 |
#26
þ AVPDOS32 Start 07-01-2007 09:01:23
Version 3.0 build 135 Last update: 07.01.2007, 256611 records. Command line: /- /E /* /MD /MP /Y /Z- /W+=ScanReport.txt *: Profile defdos32.prf (from 27.06.2001 03:00:00) c:\AV-CLS\UNRAR.EXE packed: UPX c:\AV-CLS\UNZIP.EXE packed: Diet c:\AV-CLS\UNZIP.EXE packed: Com2Exe c:\AV-CLS\SOPHOS\SAV32SFX.EXE packed: PE_Patch c:\AV-CLS\SOPHOS\SAV32SFX.EXE archive: ZIP c:\AV-CLS\SOPHOS\SAV32SFX.EXE archive: ZIP c:\AV-CLS\TREND\SYSCLEAN.COM archive: Embedded EXE c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\ALEXAR~1.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\ALEXAR~1.ZIP/related.htm password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\ALEXAR~1.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO0FB2~1.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO0FB2~1.ZIP/AdultGambling.url password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO0FB2~1.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO0FB6~1.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO0FB6~1.ZIP/Free Online Dating.url password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO0FB6~1.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO0FBA~1.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO0FBA~1.ZIP/F*** Real Girls.url password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO0FBA~1.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5399~1.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5399~1.ZIP/Play Adult-Poker.url password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5399~1.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO53A9~1.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO53A9~1.ZIP/Free Online Dating.url password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO53A9~1.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5799~1.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5799~1.ZIP/Online Sex Poker Rooms.url password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5799~1.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO57A9~1.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO57A9~1.ZIP/AdultGambling.url password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO57A9~1.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5B99~1.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5B99~1.ZIP/Kill Annoying Popups.url password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5B99~1.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5F99~1.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5F99~1.ZIP/F*** Real Girls.url password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5F99~1.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COEEB2~1.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COEEB2~1.ZIP/SPYWARE.url password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COEEB2~1.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COEEB6~1.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COEEB6~1.ZIP/XXX personal photos.url password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COEEB6~1.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COEEBE~1.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COEEBE~1.ZIP/Spyware Uninstall.url password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COEEBE~1.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEB2~1.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEB2~1.ZIP/Online Sex Poker Rooms.url password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEB2~1.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEB6~1.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEB6~1.ZIP/Play Adult-Poker.url password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEB6~1.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEBA~1.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEBA~1.ZIP/Remove Toolbars.url password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEBA~1.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEBE~1.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEBE~1.ZIP/Kill Annoying Popups.url password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEBE~1.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~1.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~1.ZIP/XXX personal photos.url password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~1.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~2.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~2.ZIP/SPYWARE.url password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~2.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~3.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~3.ZIP/Spyware Uninstall.url password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~3.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~4.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~4.ZIP/Remove Toolbars.url password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~4.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\MICROS~1.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\MICROS~1.ZIP/sbRecovery.reg password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\MICROS~1.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\MICROS~2.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\MICROS~2.ZIP/sbRecovery.reg password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\MICROS~2.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\MICROS~3.ZIP archive: ZIP c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\MICROS~3.ZIP/sbRecovery.reg password protected. c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\MICROS~3.ZIP/sbRecovery.ini password protected. c:\DOKUME~1\KIT\ANWEND~1\MICROS~1\EXCEL\XLSTART\PDFMAKER.XLA archive: Embedded c:\DOKUME~1\KIT\ANWEND~1\MICROS~1\VORLAGEN\NORMAL.DOT archive: Embedded c:\DOKUME~1\KIT\ANWEND~1\MOZILLA\FIREFOX\PROFILES\UBG7A1~1.DEF\EXTENS~1\{3112C~1\CHROME\GOOGLE~1.JAR archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\MOZILLA\FIREFOX\PROFILES\UBG7A1~1.DEF\EXTENS~1\{888D9~1\CHROME\RELOAD~1.JAR archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\10\13BE42~1 archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\16\65D8DC~1 archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\19\20834B~1 archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\27\36ACEE~1 archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\31\9D72E5~1 archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\33\376E90~1 archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\38\3A1C65~1 archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\4\1A3016~1 archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\40\1AB0E7~1 archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\40\1AB0E7~1/tsc.exe packed: UPX c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\40\707E38~1 archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\44\3D0B14~1 archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\50\65A6BA~1 archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\53\275461~1 archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\56\1DBBD0~1 archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\6\4A18DF~1 archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\6\4A18DF~1.IDX archive: GZIP c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\60\4E9607~1 archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000001.RCB archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000002.RCB archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000003.RCB archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000004.RCB archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000005.RCB archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000006.RCB archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000007.RCB archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000008.RCB archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000009.RCB archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000010.RCB archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000011.RCB archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000012.RCB archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000013.RCB archive: ZIP c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000014.RCB archive: ZIP c:\DOKUME~1\KIT\HOUSEC~1.6\TSC.EXE packed: UPX c:\DOKUME~1\KIT\LOKALE~1\ANWEND~1\IDENTI~1\{2A206~1\MICROS~1\OUTLOO~1\POSTAU~1.DBX archive: Mail MS Outlook 5 c:\DOKUME~1\KIT\LOKALE~1\ANWEND~1\IDENTI~1\{2A206~1\MICROS~1\OUTLOO~1\POSTEI~1.DBX archive: Mail MS Outlook 5 c:\DOKUME~1\KIT\LOKALE~1\ANWEND~1\MOZILLA\FIREFOX\PROFILES\UBG7A1~1.DEF\CACHE\111F1E~1 archive: GZIP c:\DOKUME~1\KIT\LOKALE~1\ANWEND~1\MOZILLA\FIREFOX\PROFILES\UBG7A1~1.DEF\CACHE\_CACHE~2 archive: Mail c:\DOKUME~1\KIT\LOKALE~1\TEMP\RAR$EX00.250\AVENGER.EXE packed: PE_Patch c:\DOKUME~1\KIT\LOKALE~1\TEMP\RAR$EX00.250\AVENGER.EXE packed: TeLock c:\DOKUME~1\KIT\LOKALE~1\TEMP\RAR$EX00.251\AVENGER.EXE packed: PE_Patch c:\DOKUME~1\KIT\LOKALE~1\TEMP\RAR$EX00.251\AVENGER.EXE packed: TeLock c:\DOKUME~1\KIT\LOKALE~1\TEMP\RAR$EX00.750\REGSEA~1.EXE packed: UPX __________ ______________ MFG Kit |
|
|
||
07.01.2007, 11:06
Ehrenmitglied
Beiträge: 29434 |
#27
1.
das proggie mit dem du da scannst (Noadware 5.0) - wird nicht loeschen, solange du es nicht kaufst die Eintraege werden nun immer erscheinen - ob sie nun noch vorhanden sind , oder nicht. »» scanne mit option 4 (Kaspersky) - kopiere nur ab, wenn noch Vireneintraege gefunden wurden , __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.01.2007, 12:16
Member
Themenstarter Beiträge: 19 |
#28
Ok,
Kaspersky findet nichts, aber diese Einträge befinden sich noch in der Registry. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit : C:\Dokumente und Einstellungen\kit\Anwendungsdaten\hidires\hidr.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\hldrrr : C:\WINDOWS\system32\hldrrr.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hldrrr : C:\WINDOWS\system32\hldrrr.exe gefunden mit JV6 Powertools bedeutet das nicht das der Trojaner noch vorhanden ist ? Nachbrenner: hab gerade noch mit der Windowssuche nach " hldrrr " gesucht: Kein Fund __________ ______________ MFG Kit |
|
|
||
07.01.2007, 12:19
Ehrenmitglied
Beiträge: 29434 |
#29
du kannst sehr effektiv in der registry suchen mit
http://virus-protect.org/artikel/tools/regsearch.html eigentlich hatt ich dir schon ein Registry-script zum entfernen erstellt (siehe oben) hast du es angewendet ? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.01.2007, 12:40
Member
Themenstarter Beiträge: 19 |
#30
Hab ich getan
nochmal gesucht : Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.2.0 ; Results at 07.01.2007 12:35:00 for strings: ; 'hldrrr' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hldrrr"="C:\\WINDOWS\\system32\\hldrrr.exe" [HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603] "000"="hldrrr" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "hldrrr"="C:\\WINDOWS\\system32\\hldrrr.exe" ; End Of The Log... Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.2.0 ; Results at 07.01.2007 12:36:42 for strings: ; 'datetime4' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.2.0 ; Results at 07.01.2007 12:38:00 for strings: ; 'drvsyskit' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"="C:\\Dokumente und Einstellungen\\kit\\Anwendungsdaten\\hidires\\hidr.exe" ; End Of The Log... Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.2.0 ; Results at 07.01.2007 12:39:11 for strings: ; 'm_hook' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... __________ ______________ MFG Kit |
|
|
||
beim Test mit Kaspersky stürzt der PC ab !
hab mal das Progamm laufen lassen:
Noadware 5.0
---------------------
Removing Spyware Tracking Cookie...
Removing Registry Tracking Cookie...
Removing RegValues Tracking Cookie...
Fixing RegValue dataTracking Cookie...
Removing Cookies Tracking Cookie...
[Deleted Cookie]
C:\Dokumente und Einstellungen\kit\Cookies\kit@www.xe[1].txt
Removing Files Tracking Cookie...
Removing Folders Tracking Cookie...
Removing Spyware W32/Bagle-KF...
Removing Registry W32/Bagle-KF...
Removing RegValues W32/Bagle-KF...
[Deleting Value...]
Key : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value : hldrrr
[Value Deleted]
Key : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value : hldrrr
[Deleting Value...]
Key : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value : hldrrr
[Value Deleted]
Key : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value : hldrrr
Fixing RegValue dataW32/Bagle-KF...
Removing Cookies W32/Bagle-KF...
Removing Files W32/Bagle-KF...
Removing Folders W32/Bagle-KF...
Removing Spyware Troj/BagleDl-BV...
Removing Registry Troj/BagleDl-BV...
Removing RegValues Troj/BagleDl-BV...
Fixing RegValue dataTroj/BagleDl-BV...
[Deleting Value...]
Key : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value : hldrrr
ValueData : C:\WINDOWS\system32\hldrrr.exe
[Value Deleted]
Key : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value : hldrrr
ValueData : C:\WINDOWS\system32\hldrrr.exe
Removing Cookies Troj/BagleDl-BV...
Removing Files Troj/BagleDl-BV...
Removing Folders Troj/BagleDl-BV...
" wurden aber nicht gelöscht, sind beim nächsten Durchlauf des Programms wieder da wieder da "
__________
______________
MFG Kit