Home » Viren, Trojaner & Malware Forum » virus stration.gen » Themenansicht

virus stration.gen
#0
11.03.2007, 18:57
1Jenny1
...neu hier

Beiträge: 3
#1 bekomme den einfach nicht gelöscht . alles versucht mit avenger etc.... log files im anhang danke im vorraus

hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 18:53:13, on 11.03.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programme\Creative\MediaSource5\MtdAcqu.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\xpspqdvd.exe
C:\Dokumente und Einstellungen\Jennifer\Desktop\v-g\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ifcdiag] C:\WINDOWS\System32\ifcconf.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\Programme\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - AppInit_DLLs: e1.dll confdbg.dll dbgstat.dll confifc.dll ifcstat.dll
O20 - Winlogon Notify: dbgmgr - C:\WINDOWS\SYSTEM32\ifcmgr32.dll
O20 - Winlogon Notify: jpgmgr - jpgmgr32.dll (file missing)
O20 - Winlogon Notify: wmvmgr - wmvmgr32.dll (file missing)
O20 - Winlogon Notify: xpspqdvd - C:\WINDOWS\System32\xpspqdvd.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

datfindbad im anhang!!!
Seitenanfang Seitenende
11.03.2007, 22:50
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 1Jenny1

stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
11.03.2007, 23:00
1Jenny1
...neu hier

Themenstarter

Beiträge: 3
#3 cleanup angewendet

datfindbat logs aus dem anhang :


DATFINDBAT:

system 32.txt.

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 807A-9C3B

Verzeichnis von C:\WINDOWS\system32

11.03.2007 18:41 80.501 xpspqdvd.exe
10.03.2007 14:39 49.152 ifcprf32.dll
10.03.2007 14:39 126.976 ifcstat.dll
10.03.2007 14:39 53.248 confifc.dll
10.03.2007 14:39 331.776 ifcmgr32.dll
10.03.2007 14:39 40.960 ifcperf.exe
10.03.2007 14:39 4 xpspqdvd.dat
09.03.2007 15:54 40.960 dbgperf.exe
06.03.2007 18:39 13.646 wpa.dbl
20.02.2007 15:58 102.400 xpspqdvd.dll
09.01.2007 20:40 16.832 amcompat.tlb
09.01.2007 20:40 23.392 nscompat.tlb
09.01.2007 20:18 417.792 awrdscdc.ax

1848 Datei(en) 342.695.059 Bytes
0 Verzeichnis(se), 31.417.036.800 Bytes frei

SYSTEMTEMP.TXT

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 807A-9C3B

Verzeichnis von C:\DOKUME~1\Jennifer\LOKALE~1\Temp

11.03.2007 18:31 16.384 ~DFE596.tmp
11.03.2007 18:31 512 ~DF5A6D.tmp
11.03.2007 18:31 16.384 ~DF59FF.tmp
11.03.2007 18:31 0 JET791C.tmp
11.03.2007 18:31 888 jusched.log
11.03.2007 18:22 16.384 ~DFDFAD.tmp
11.03.2007 18:22 16.384 ~DF5733.tmp
11.03.2007 18:09 16.384 ~DFE5BC.tmp
11.03.2007 18:08 16.384 ~DFDDF0.tmp
9 Datei(en) 99.704 Bytes
0 Verzeichnis(se), 31.416.963.072 Bytes frei

Windows.txt

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 807A-9C3B

Verzeichnis von C:\WINDOWS

11.03.2007 18:32 0 0.log
11.03.2007 18:31 2.048 bootstat.dat
11.03.2007 18:30 32.588 SchedLgU.Txt
03.03.2007 12:11 16 fwall32.dat
01.03.2007 17:25 0 gn3kud5.log
27.02.2007 14:51 0 odfvf.dat
27.02.2007 14:51 34.816 spow32.exe
23.02.2007 15:44 0 gjo2qi.ini
23.02.2007 14:27 2.025.746 WindowsUpdate.log
23.02.2007 14:27 16 npad32.dat
21.02.2007 12:09 0 d5txeh9i.bmp
20.02.2007 17:27 0 np8dbq.exe
10.02.2007 13:07 103.552 wmsetup.log
20.01.2007 22:48 47 wiaservc.log
20.01.2007 22:48 216 wiadebug.log
09.01.2007 21:07 539.812 setupapi.log
09.01.2007 20:48 86 setup.log
09.01.2007 20:47 175.446 KB895316.log
09.01.2007 20:45 316.640 WMSysPr9.prx


91 Datei(en) 23.002.285 Bytes
0 Verzeichnis(se), 31.416.950.784 Bytes frei
TEMP.TXT

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 807A-9C3B

Verzeichnis von C:\WINDOWS\Temp

Down.TXT

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 807A-9C3B

Verzeichnis von C:\WINDOWS\Downloaded Program Files

04.01.2005 18:12 65 desktop.ini
05.11.2004 15:58 119.496 MsnMessengerSetupDownloader.ocx
29.09.2004 12:21 740 jinstall-1_4_2_06.inf
11.08.2004 01:22 3.036 wmv9dmo.inf
13.07.2004 11:41 227 MsnMessengerSetupDownloader.inf
30.06.2003 22:41 1.689 WMV9VCM.inf
6 Datei(en) 125.253 Bytes
0 Verzeichnis(se), 31.416.930.304 Bytes frei


C.TXT

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 807A-9C3B

Verzeichnis von C:\

11.03.2007 18:45 0 sys.txt
11.03.2007 18:45 591 down.txt
11.03.2007 18:45 117 tmp.txt
11.03.2007 18:44 4.731 system.txt
11.03.2007 18:44 687 systemtemp.txt
11.03.2007 18:43 90.131 system32.txt
11.03.2007 18:31 3.330 avenger.txt
11.03.2007 18:31 804.835.328 hiberfil.sys
11.03.2007 18:31 1.207.959.552 pagefile.sys
04.01.2005 18:14 0 CONFIG.SYS
04.01.2005 18:14 0 IO.SYS
04.01.2005 18:14 0 MSDOS.SYS
04.01.2005 18:14 0 AUTOEXEC.BAT
04.01.2005 18:05 194 boot.ini
02.04.2003 13:00 4.952 bootfont.bin
02.04.2003 13:00 47.580 NTDETECT.COM
02.04.2003 13:00 235.296 ntldr
17 Datei(en) 2.013.182.489 Bytes
0 Verzeichnis(se), 31.416.926.208 Bytes frei
Seitenanfang Seitenende
12.03.2007, 10:19
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 1Jenny1

Information:
http://virus-protect.org/artikel/spyware/warezov3.html

------------------------------------------------------------------------

Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Registry values to replace with dummy:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ifcdiag
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WhenUSave

Registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dbgmgr
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jpgmgr
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wmvmgr
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xpspqdvd

Files to delete:
C:\WINDOWS\system32\xpspqdvd.exe
C:\WINDOWS\system32\ifcprf32.dll
C:\WINDOWS\system32\ifcstat.dll
C:\WINDOWS\system32\confifc.dll
C:\WINDOWS\system32\ifcmgr32.dll
C:\WINDOWS\system32\ifcperf.exe
C:\WINDOWS\system32\xpspqdvd.dat
C:\WINDOWS\system32\dbgperf.exe
C:\WINDOWS\system32\xpspqdvd.dll
C:\WINDOWS\fwall32.dat
C:\WINDOWS\gn3kud5.log
C:\WINDOWS\odfvf.dat
C:\WINDOWS\spow32.exe
C:\WINDOWS\gjo2qi.ini
C:\WINDOWS\npad32.dat
C:\WINDOWS\d5txeh9i.bmp
C:\WINDOWS\np8dbq.exe

Folders to delete:
C:\Programme\Save

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

----------

««
Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung --> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.

««
http://virus-protect.org/artikel/tools/sdfix.html
im Normalmodus

RunThis.bat doppelt klicken
reinschreiben:3
3 : wird Sophos geladen - waehle 6 - scanne und poste den scanreport
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.03.2007, 19:26
1Jenny1
...neu hier

Themenstarter

Beiträge: 3
#5 okay der Virus ist weg , jetzt hab ich das Problem das die Windows Updates nicht mehr funktionieren auch nicht wenn ich sie manuell starten will!....

hier post von sophos wobei ich verggessen hab die system wiederherrstellung zu deaktivieren ( kann ich das manuel machen!?)

hier der post:

Sophos Anti-Virus
Version 4.15.0 [Win32/Intel]
Virus data version 4.15, March 2007
Includes detection for 224971 viruses, trojans and worms
Copyright (c) 1989-2007 Sophos Plc, www.sophos.com

System time 19:18:34, System date 15 March 2007
Command line qualifiers are: -f -remove -nc -nb --stop-scan

IDE directory is: C:\Dokumente und Einstellungen\Jennifer\Eigene Dateien\DATAGEORG\SDFix\IDE

Could not open C:\hiberfil.sys
Could not open C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP176\A0198310.exe
Could not open C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP176\A0198313.exe
Could not open C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP176\A0198326.exe
>>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP177\A0198333.dll
Removal successful
Could not open C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP177\A0198334.dll
Could not open C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP177\A0198335.exe
Could not open C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP177\A0198361.exe
Could not open C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP177\A0198363.exe
Could not open C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP177\A0198372.exe
Could not open C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP178\A0198383.exe
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP179\A0199382.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP179\A0199386.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP180\A0200382.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP180\A0200385.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP180\A0200401.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP181\A0200422.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP182\A0200433.exe
Removal successful
>>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP182\A0200435.dll
Removal successful
>>> Virus 'W32/Stratio-FC' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP182\A0200437.dll
Removal successful
>>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP182\A0200438.dll
Removal successful
>>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP182\A0200439.dll\FILE:0001
>>> Virus 'W32/Stratio-FC' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP182\A0200439.dll\FILE:0002
>>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP182\A0200439.dll\FILE:0003
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP182\A0200443.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP182\A0201435.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP182\A0201445.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP183\A0202443.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP183\A0202455.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP183\A0202466.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP183\A0203466.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP183\A0203477.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP183\A0204476.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP184\A0204484.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP184\A0204511.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP184\A0204518.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP185\A0204529.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP185\A0204532.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP185\A0204541.exe
Removal successful
>>> Virus 'W32/Stratio-ET' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP186\A0204549.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP186\A0204551.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP186\A0205549.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP188\A0205760.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP188\A0205772.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP188\A0205778.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP189\A0206777.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP189\A0206784.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP189\A0206792.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP189\A0206795.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP190\A0208793.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP191\A0209794.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP191\A0209804.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP191\A0210803.exe
Removal successful
>>> Virus 'W32/Stratio-EE' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP191\A0210804.dll
Removal successful
>>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP191\A0210807.dll
Removal successful
>>> Virus 'W32/Stratio-EE' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP191\A0210808.dll\FILE:0001
>>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP191\A0210808.dll\FILE:0003
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP191\A0210810.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP192\A0210820.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP192\A0210823.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP192\A0213821.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP192\A0214826.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP193\A0214868.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP193\A0214876.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP193\A0214887.exe
Removal successful
>>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP193\A0214890.dll
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP193\A0215898.exe
Removal successful
>>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP193\A0216903.dll
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP193\A0216906.exe
Removal successful
>>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP194\A0216919.dll
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP194\A0216921.exe
Removal successful
>>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP195\A0218920.dll
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP195\A0218923.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP195\A0219921.exe
Removal successful
>>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP195\A0219938.dll\FILE:0003
Removal successful
>>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP195\A0219941.dll
Removal successful
>>> Virus 'W32/Stratio-EU' found in file C:\System Volume Information\_restore{EBA68ED8-61A4-45C0-9053-F044DCE7FE8F}\RP195\A0219944.dll
Removal successful

1 boot sector swept.
16853 files swept in 29 minutes and 9 seconds.
10 errors were encountered.
67 viruses were discovered.
64 files out of 16853 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@sophos.com
or telephone +44 1235 559933
Ending Sophos Anti-Virus.
Dieser Beitrag wurde am 15.03.2007 um 20:22 Uhr von 1Jenny1 editiert.
Seitenanfang Seitenende
15.03.2007, 21:59
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 wenn du das ausgefuehrt haettest (wie angewiesen)

Zitat

««
Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung --> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
waere alles sauber ;)

««
scanne noch mal mit sophos, nach deaktivieren der systemwiederherstellung, dann

««
http://www.rz.uni-kiel.de/pc/sus/index.html
* Einstellungen rund um Automtische Updates prüfen mittels vbs-Datei
Die Prüfung der Einstellungen rund um den "Automatische Updates" Dienst sind mittels einer Visual Basic Script (.vbs) Datei möglich. Laden Sie die entsprechende Datei "AUBehave.vbs" herunter und rufen Sie diese auf. Folgen Sie den Anweisungen.

««
berichte, ob die windowsupdates wieder funktionieren
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1