Home » Viren, Trojaner & Malware Forum » Wie löschen : W32.beagle.dz,w32/beagledi-bv, Tr/rkit.beagle.gl » Themenansicht

Wie löschen : W32.beagle.dz,w32/beagledi-bv, Tr/rkit.beagle.gl

Thema ist geschlossen!
Thema ist geschlossen!
#0
06.01.2007, 09:50
kit
Member

Themenstarter

Beiträge: 19
#16 Ist leider nicht sauber.


beim Test mit Kaspersky stürzt der PC ab !


hab mal das Progamm laufen lassen:

Noadware 5.0

---------------------



Removing Spyware Tracking Cookie...

Removing Registry Tracking Cookie...

Removing RegValues Tracking Cookie...

Fixing RegValue dataTracking Cookie...





Removing Cookies Tracking Cookie...



[Deleted Cookie]

C:\Dokumente und Einstellungen\kit\Cookies\kit@www.xe[1].txt

Removing Files Tracking Cookie...

Removing Folders Tracking Cookie...

Removing Spyware W32/Bagle-KF...

Removing Registry W32/Bagle-KF...

Removing RegValues W32/Bagle-KF...



[Deleting Value...]

Key : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Value : hldrrr



[Value Deleted]

Key : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Value : hldrrr



[Deleting Value...]

Key : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value : hldrrr



[Value Deleted]

Key : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value : hldrrr

Fixing RegValue dataW32/Bagle-KF...

Removing Cookies W32/Bagle-KF...

Removing Files W32/Bagle-KF...

Removing Folders W32/Bagle-KF...

Removing Spyware Troj/BagleDl-BV...

Removing Registry Troj/BagleDl-BV...

Removing RegValues Troj/BagleDl-BV...

Fixing RegValue dataTroj/BagleDl-BV...



[Deleting Value...]

Key : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value : hldrrr

ValueData : C:\WINDOWS\system32\hldrrr.exe





[Value Deleted]

Key : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value : hldrrr

ValueData : C:\WINDOWS\system32\hldrrr.exe



Removing Cookies Troj/BagleDl-BV...

Removing Files Troj/BagleDl-BV...

Removing Folders Troj/BagleDl-BV...


" wurden aber nicht gelöscht, sind beim nächsten Durchlauf des Programms wieder da wieder da "
__________
______________
MFG Kit
Seitenanfang Seitenende
06.01.2007, 15:09
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#17 Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

hldrrr

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

in: "Enter search strings" (reinschreiben oder reinkopieren)

DateTime4

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

in: "Enter search strings" (reinschreiben oder reinkopieren)

drvsyskit

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

in: "Enter search strings" (reinschreiben oder reinkopieren)

m_hook

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.01.2007, 16:13
kit
Member

Themenstarter

Beiträge: 19
#18 Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 06.01.2007 16:08:27 for strings:
; 'hldrrr'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hldrrr"="C:\\WINDOWS\\system32\\hldrrr.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"hldrrr"="C:\\WINDOWS\\system32\\hldrrr.exe"

; End Of The Log...

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 06.01.2007 16:09:36 for strings:
; 'datetime4'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 06.01.2007 16:11:16 for strings:
; 'drvsyskit'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"drvsyskit"="C:\\Dokumente und Einstellungen\\kit\\Anwendungsdaten\\hidires\\hidr.exe"

; End Of The Log...

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 06.01.2007 16:12:19 for strings:
; 'm_hook'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...
__________
______________
MFG Kit
Seitenanfang Seitenende
06.01.2007, 16:32
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#19 1.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.
. Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry mit "ja" oder "yes" beifügen

Zitat

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hldrrr"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"hldrrr"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"drvsyskit"=-
2.
Avenger:
kopiere rein:

Zitat

Files to delete:
C:\WINDOWS\system32\hldrrr.exe
3.
scane und poste den scanreport
http://virus-protect.org/cureit.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.01.2007, 16:57
kit
Member

Themenstarter

Beiträge: 19
#20 //////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\klyneqcr

*******************

Script file located at: \??\C:\oelwbhmy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
__________
______________
MFG Kit
Seitenanfang Seitenende
06.01.2007, 16:58
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#21 http://www.f-secure.com/blacklight/
starte die Datei, nimm die Lizenzbestimmung an und waehle scan, wenn es mit dem Scan fertig ist, druecke next und danach close. Nun befindet sich im selben Ordner von Blacklight eine FSB*.TXT Datei
poste das log
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.01.2007, 17:04
kit
Member

Themenstarter

Beiträge: 19
#22 01/06/07 16:59:54 [Info]: BlackLight Engine 1.0.55 initialized
01/06/07 16:59:54 [Info]: OS: 5.1 build 2600 ()
01/06/07 16:59:54 [Note]: 7019 4
01/06/07 16:59:54 [Note]: 7005 0
01/06/07 16:59:57 [Note]: 7006 0
01/06/07 16:59:57 [Note]: 7011 1756
01/06/07 16:59:57 [Note]: 7026 0
01/06/07 16:59:57 [Note]: 7026 0
01/06/07 17:00:04 [Note]: FSRAW library version 1.7.1021
01/06/07 17:03:55 [Note]: 7007 0
__________
______________
MFG Kit
Seitenanfang Seitenende
06.01.2007, 17:13
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#23 es muesste wieder alles i.o. sein
dennoch: scanne mit Trendmicro und poste den scanreport (falls du nicht schon den dr.web geladen hast)
http://virus-protect.org/multiavtool.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.01.2007, 17:15
kit
Member

Themenstarter

Beiträge: 19
#24 [File Deleted]

C:\WINDOWS\Tasks\At2.job

Removing Folders W32.Rontokbro.AN@mm...

Removing Spyware Troj/BagleDl-BV...

Removing Registry Troj/BagleDl-BV...

Removing RegValues Troj/BagleDl-BV...

Fixing RegValue dataTroj/BagleDl-BV...


Removing Folders Troj/BagleDl-BV...

Removing Spyware HotBar...

Removing Registry HotBar...

[Deleting Key...]

Key : HKEY_LOCAL_MACHINE\System\currentcontrolset\enum\sw\{96e080c7-143c-11d1-b40f-00a0c9223196}



[Key Deleted]

Key : HKEY_LOCAL_MACHINE\System\currentcontrolset\enum\sw\{96e080c7-143c-11d1-b40f-00a0c9223196}

Removing RegValues HotBar...

Fixing RegValue dataHotBar...

Removing Cookies HotBar...

Removing Files HotBar...

Removing Folders HotBar...

" wurden wieder nicht gelöscht "









/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2007-01-06, 17:23:16, Auto-clean mode specified.
2007-01-06, 17:23:16, Running scanner "c:\AV-CLS\Trend\TSC.BIN"...
2007-01-06, 17:23:29, Scanner "c:\AV-CLS\Trend\TSC.BIN" has finished running.
2007-01-06, 17:23:29, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: )

Start time : Sa Jan 06 2007 17:23:16

Load Damage Cleanup Template (DCT) "c:\AV-CLS\Trend\tsc.ptn" (version 824) [success]

Complete time : Sa Jan 06 2007 17:23:29
Execute pattern count(3030), Virus found count(0), Virus clean count(0), Clean failed count(0)

2007-01-06, 17:23:32, An error was detected on "C:\System Volume Information\*.*": Zugriff verweigert
2007-01-06, 17:23:53, An error was detected on "D:\System Volume Information\*.*": Zugriff verweigert
2007-01-06, 17:23:53, An error was detected on "E:\System Volume Information\*.*": Zugriff verweigert
2007-01-06, 17:24:17, An error was detected on "H:\System Volume Information\*.*": Zugriff verweigert
2007-01-06, 17:38:50, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/6/2007 17:24:17
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 163 (149090 Patterns) (2007/01/05) (416300)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend

C:\Programme\7za.exe [TROJ_PROXY.IA]
35852 files have been read.
35852 files have been checked.
30833 files have been scanned.
137896 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/6/2007 17:38:50
---------*---------*---------*---------*---------*---------*---------*---------*
2007-01-06, 17:38:50, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 1/6/2007 17:24:17
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 163 (149090 Patterns) (2007/01/05) (416300)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend

35852 files have been read.
35852 files have been checked.
30833 files have been scanned.
137896 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/6/2007 17:38:50 14 minutes 32 seconds (872.13 seconds) has elapsed.
__________
______________
MFG Kit
Dieser Beitrag wurde am 06.01.2007 um 17:58 Uhr von kit editiert.
Seitenanfang Seitenende
06.01.2007, 21:38
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#25 jetzt mit dem gleiche proggie: kaspersky anwenden + den report posten
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.01.2007, 09:04
kit
Member

Themenstarter

Beiträge: 19
#26 þ AVPDOS32 Start 07-01-2007 09:01:23


Version 3.0 build 135
Last update: 07.01.2007, 256611 records.

Command line: /- /E /* /MD /MP /Y /Z- /W+=ScanReport.txt *:
Profile defdos32.prf (from 27.06.2001 03:00:00)

c:\AV-CLS\UNRAR.EXE packed: UPX
c:\AV-CLS\UNZIP.EXE packed: Diet
c:\AV-CLS\UNZIP.EXE packed: Com2Exe
c:\AV-CLS\SOPHOS\SAV32SFX.EXE packed: PE_Patch
c:\AV-CLS\SOPHOS\SAV32SFX.EXE archive: ZIP
c:\AV-CLS\SOPHOS\SAV32SFX.EXE archive: ZIP
c:\AV-CLS\TREND\SYSCLEAN.COM archive: Embedded EXE
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\ALEXAR~1.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\ALEXAR~1.ZIP/related.htm password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\ALEXAR~1.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO0FB2~1.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO0FB2~1.ZIP/AdultGambling.url password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO0FB2~1.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO0FB6~1.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO0FB6~1.ZIP/Free Online Dating.url password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO0FB6~1.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO0FBA~1.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO0FBA~1.ZIP/F*** Real Girls.url password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO0FBA~1.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5399~1.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5399~1.ZIP/Play Adult-Poker.url password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5399~1.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO53A9~1.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO53A9~1.ZIP/Free Online Dating.url password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO53A9~1.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5799~1.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5799~1.ZIP/Online Sex Poker Rooms.url password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5799~1.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO57A9~1.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO57A9~1.ZIP/AdultGambling.url password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO57A9~1.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5B99~1.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5B99~1.ZIP/Kill Annoying Popups.url password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5B99~1.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5F99~1.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5F99~1.ZIP/F*** Real Girls.url password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\CO5F99~1.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COEEB2~1.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COEEB2~1.ZIP/SPYWARE.url password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COEEB2~1.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COEEB6~1.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COEEB6~1.ZIP/XXX personal photos.url password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COEEB6~1.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COEEBE~1.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COEEBE~1.ZIP/Spyware Uninstall.url password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COEEBE~1.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEB2~1.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEB2~1.ZIP/Online Sex Poker Rooms.url password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEB2~1.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEB6~1.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEB6~1.ZIP/Play Adult-Poker.url password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEB6~1.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEBA~1.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEBA~1.ZIP/Remove Toolbars.url password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEBA~1.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEBE~1.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEBE~1.ZIP/Kill Annoying Popups.url password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COFEBE~1.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~1.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~1.ZIP/XXX personal photos.url password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~1.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~2.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~2.ZIP/SPYWARE.url password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~2.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~3.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~3.ZIP/Spyware Uninstall.url password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~3.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~4.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~4.ZIP/Remove Toolbars.url password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\COOLWW~4.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\MICROS~1.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\MICROS~1.ZIP/sbRecovery.reg password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\MICROS~1.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\MICROS~2.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\MICROS~2.ZIP/sbRecovery.reg password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\MICROS~2.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\MICROS~3.ZIP archive: ZIP
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\MICROS~3.ZIP/sbRecovery.reg password protected.
c:\DOKUME~1\ALLUSE~1\ANWEND~1\SPYBOT~1\RECOVERY\MICROS~3.ZIP/sbRecovery.ini password protected.
c:\DOKUME~1\KIT\ANWEND~1\MICROS~1\EXCEL\XLSTART\PDFMAKER.XLA archive: Embedded
c:\DOKUME~1\KIT\ANWEND~1\MICROS~1\VORLAGEN\NORMAL.DOT archive: Embedded
c:\DOKUME~1\KIT\ANWEND~1\MOZILLA\FIREFOX\PROFILES\UBG7A1~1.DEF\EXTENS~1\{3112C~1\CHROME\GOOGLE~1.JAR archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\MOZILLA\FIREFOX\PROFILES\UBG7A1~1.DEF\EXTENS~1\{888D9~1\CHROME\RELOAD~1.JAR archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\10\13BE42~1 archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\16\65D8DC~1 archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\19\20834B~1 archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\27\36ACEE~1 archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\31\9D72E5~1 archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\33\376E90~1 archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\38\3A1C65~1 archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\4\1A3016~1 archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\40\1AB0E7~1 archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\40\1AB0E7~1/tsc.exe packed: UPX
c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\40\707E38~1 archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\44\3D0B14~1 archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\50\65A6BA~1 archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\53\275461~1 archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\56\1DBBD0~1 archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\6\4A18DF~1 archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\6\4A18DF~1.IDX archive: GZIP
c:\DOKUME~1\KIT\ANWEND~1\SUN\JAVA\DEPLOY~1\CACHE\6.0\60\4E9607~1 archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000001.RCB archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000002.RCB archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000003.RCB archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000004.RCB archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000005.RCB archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000006.RCB archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000007.RCB archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000008.RCB archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000009.RCB archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000010.RCB archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000011.RCB archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000012.RCB archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000013.RCB archive: ZIP
c:\DOKUME~1\KIT\ANWEND~1\TUNEUP~1\TUNEUP~1\BACKUPS\00000014.RCB archive: ZIP
c:\DOKUME~1\KIT\HOUSEC~1.6\TSC.EXE packed: UPX
c:\DOKUME~1\KIT\LOKALE~1\ANWEND~1\IDENTI~1\{2A206~1\MICROS~1\OUTLOO~1\POSTAU~1.DBX archive: Mail MS Outlook 5
c:\DOKUME~1\KIT\LOKALE~1\ANWEND~1\IDENTI~1\{2A206~1\MICROS~1\OUTLOO~1\POSTEI~1.DBX archive: Mail MS Outlook 5
c:\DOKUME~1\KIT\LOKALE~1\ANWEND~1\MOZILLA\FIREFOX\PROFILES\UBG7A1~1.DEF\CACHE\111F1E~1 archive: GZIP
c:\DOKUME~1\KIT\LOKALE~1\ANWEND~1\MOZILLA\FIREFOX\PROFILES\UBG7A1~1.DEF\CACHE\_CACHE~2 archive: Mail
c:\DOKUME~1\KIT\LOKALE~1\TEMP\RAR$EX00.250\AVENGER.EXE packed: PE_Patch
c:\DOKUME~1\KIT\LOKALE~1\TEMP\RAR$EX00.250\AVENGER.EXE packed: TeLock
c:\DOKUME~1\KIT\LOKALE~1\TEMP\RAR$EX00.251\AVENGER.EXE packed: PE_Patch
c:\DOKUME~1\KIT\LOKALE~1\TEMP\RAR$EX00.251\AVENGER.EXE packed: TeLock
c:\DOKUME~1\KIT\LOKALE~1\TEMP\RAR$EX00.750\REGSEA~1.EXE packed: UPX
__________
______________
MFG Kit
Seitenanfang Seitenende
07.01.2007, 11:06
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#27 1.
das proggie mit dem du da scannst (Noadware 5.0) - wird nicht loeschen, solange du es nicht kaufst ;)
die Eintraege werden nun immer erscheinen - ob sie nun noch vorhanden sind , oder nicht.

»»
scanne mit option 4 (Kaspersky) - kopiere nur ab, wenn noch Vireneintraege gefunden wurden ,
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.01.2007, 12:16
kit
Member

Themenstarter

Beiträge: 19
#28 Ok,

Kaspersky findet nichts, aber diese Einträge befinden sich noch in der Registry.



HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit : C:\Dokumente und Einstellungen\kit\Anwendungsdaten\hidires\hidr.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\hldrrr : C:\WINDOWS\system32\hldrrr.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hldrrr : C:\WINDOWS\system32\hldrrr.exe

gefunden mit JV6 Powertools

bedeutet das nicht das der Trojaner noch vorhanden ist ?

Nachbrenner:

hab gerade noch mit der Windowssuche nach " hldrrr " gesucht:

Kein Fund
__________
______________
MFG Kit
Seitenanfang Seitenende
07.01.2007, 12:19
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#29 du kannst sehr effektiv in der registry suchen mit
http://virus-protect.org/artikel/tools/regsearch.html

eigentlich hatt ich dir schon ein Registry-script zum entfernen erstellt (siehe oben)
hast du es angewendet ?
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.01.2007, 12:40
kit
Member

Themenstarter

Beiträge: 19
#30 Hab ich getan


nochmal gesucht :

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 07.01.2007 12:35:00 for strings:
; 'hldrrr'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hldrrr"="C:\\WINDOWS\\system32\\hldrrr.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="hldrrr"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"hldrrr"="C:\\WINDOWS\\system32\\hldrrr.exe"

; End Of The Log...

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 07.01.2007 12:36:42 for strings:
; 'datetime4'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 07.01.2007 12:38:00 for strings:
; 'drvsyskit'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"drvsyskit"="C:\\Dokumente und Einstellungen\\kit\\Anwendungsdaten\\hidires\\hidr.exe"

; End Of The Log...

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 07.01.2007 12:39:11 for strings:
; 'm_hook'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...
__________
______________
MFG Kit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 123