ICQ Trojaner eingefangen !

Thema ist geschlossen!
Thema ist geschlossen!
#0
22.03.2007, 20:59
Member

Beiträge: 15
#1 Hi, ich glaube ich habe diesen Passstealer Trojaner im Icq.

Logfile of HijackThis v1.99.1
Scan saved at 21:00:30, on 22.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Winamp\winampa.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Teamspeak2_RC2\TeamSpeak.exe
C:\Programme\Java\jre1.5.0_10\bin\jucheck.exe
C:\Dokumente und Einstellungen\Chris\Eigene Dateien\Naruto\its_me.pif
C:\WINDOWS\System32\odtemdt2.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\RealOneMessageCenter.exe
C:\Programme\Winamp\Winamp.exe
C:\mIRC\mirc.exe
C:\Programme\ICQ\Icq.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Dokumente und Einstellungen\Chris\Desktop\Needful\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - (no file)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\uaeccjqk.dll (file missing)
O2 - BHO: (no name) - {40D12BB6-6371-406A-859D-A5B251E57B8A} - C:\WINDOWS\system32\pmnlk.dll (file missing)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programme\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {B2E3DF5B-35BC-331F-BD5A-3676143A55CF} - C:\WINDOWS\system32\cemsdp.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programme\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SemanticInsight] C:\Programme\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: strmatkc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: odtemdt2 - C:\WINDOWS\system32\odtemdt2.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe (file missing)



mfG
Chris
Seitenanfang Seitenende
23.03.2007, 08:54
Member
Avatar Chris4You

Beiträge: 694
#2 Hallo,

bitte folgendes abarbeiten:

Zitat

Zitat:
http://board.protecus.de/t23188.htm
- Erstellen eines Hijackthis-Logfiles (weglassen, hast Du ja schon)
- CleanUp (temporaeren Dateien loeschen)
- Combofix
- Logfiles mittels datfind.bat (alle Files, nur die letzten 3-6 Monate posten)
scanne mit option 1 und 2 und poste die reporte

Zitat:
http://virus-protect.org/artikel/tools/smitfrautfix.html
Da ist weit mehr auf Deinem Rechner; läuft Kaspersky noch (Service-EXE ist weg)?

Wenn Du willst kannst Du das hier schon mal fixen, aber es fehlen Infos d.h. wir werden nicht alles "erwischen";

Zitat

Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - (no file)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\uaeccjqk.dll (file missing)
O2 - BHO: (no name) - {40D12BB6-6371-406A-859D-A5B251E57B8A} - C:\WINDOWS\system32\pmnlk.dll (file missing)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {B2E3DF5B-35BC-331F-BD5A-3676143A55CF} - C:\WINDOWS\system32\cemsdp.dll (file missing)
O4 - HKLM\..\Run: [SemanticInsight] C:\Programme\RXToolBar\Semantic Insight\SemanticInsight.exe
O20 - AppInit_DLLs: strmatkc.dll
O20 - Winlogon Notify: odtemdt2 - C:\WINDOWS\system32\odtemdt2.dll
Seitenanfang Seitenende
23.03.2007, 10:13
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#3 Chris85

poste also alle logs (ausser hijackTHis, dann saeubern wir das ;)
http://board.protecus.de/t23188.htm
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.03.2007, 14:23
Member

Themenstarter

Beiträge: 15
#4 Mach ich sobald ich von der Arbeit komme *rumhäng wart*

... so daheim^^

Einmal HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 15:49:25, on 23.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Winamp\winampa.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Teamspeak2_RC2\TeamSpeak.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\System32\odtemdt2.exe
C:\Dokumente und Einstellungen\Chris\Desktop\Needful\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - (no file)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\uaeccjqk.dll (file missing)
O2 - BHO: (no name) - {40D12BB6-6371-406A-859D-A5B251E57B8A} - C:\WINDOWS\system32\pmnlk.dll (file missing)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programme\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {B2E3DF5B-35BC-331F-BD5A-3676143A55CF} - C:\WINDOWS\system32\cemsdp.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programme\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SemanticInsight] C:\Programme\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: strmatkc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: odtemdt2 - C:\WINDOWS\system32\odtemdt2.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe (file missing)

--------
Cleanup gemacht

--------

Combofix :

"Chris" - 07-03-23 15:55:23 Service Pack 2
ComboFix 07-03-22.2 - Running from: "C:\Dokumente und Einstellungen\Chris\Desktop\Needful"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\WINDOWS\system32\PPATCH~1
C:\qoobox\purity\WINDOWS\system32\PPATCH~1\m?iexec.exe


((((((((((((((((((((((((((((((( Files Created from 2007-02-23 to 2007-03-23 ))))))))))))))))))))))))))))))))))


2007-03-23 15:48 182,930 --a------ C:\WINDOWS\system32\odtemdt2.exe
2007-03-22 17:22 0 --a------ C:\WINDOWS\r81j7l4g.pif
2007-03-22 16:13 110,592 --a------ C:\WINDOWS\system32\Gi3DWFQ.dll
2007-03-22 16:13 0 --a------ C:\WINDOWS\9ergx.dat
2007-03-22 16:12 77,824 --a------ C:\WINDOWS\system32\strmatkc.dll
2007-03-22 16:12 77,824 --a------ C:\WINDOWS\system32\nmevmsas.dll
2007-03-22 16:12 61,440 --a------ C:\WINDOWS\system32\wmpcmsyu.exe
2007-03-22 16:12 4 --a------ C:\WINDOWS\system32\odtemdt2.dat
2007-03-22 16:12 241,664 --a------ C:\WINDOWS\system32\odtemdt2.dll
2007-03-22 16:12 <DIR> d--h----- C:\WINDOWS\PIF

2007-03-09 22:30 <DIR> d-------- C:\Programme\iTunes
2007-03-09 22:30 <DIR> d-------- C:\Programme\iPod
2007-03-09 22:30 <DIR> d-------- C:\DOKUME~1\Chris\ANWEND~1\Apple Computer
2007-03-09 22:29 <DIR> d-------- C:\Programme\QuickTime
2007-03-09 22:28 <DIR> d-------- C:\Programme\Apple Software Update
2007-03-09 22:28 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple Computer


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-22 17:44 -------- d-------- C:\Programme\icq
2007-03-22 15:48 -------- d-------- C:\DOKUME~1\Chris\ANWEND~1\teamspeak2
2007-03-07 15:29 -------- d-------- C:\Programme\world of warcraft
2007-02-05 17:02 -------- d-------- C:\Programme\megauploadtoolbar
2007-02-05 17:02 -------- d-------- C:\DOKUME~1\Chris\ANWEND~1\megauploadtoolbar
2006-12-31 18:26 617 --a------ C:\WINDOWS\ereg.dat
2006-12-31 16:56 48354 --a------ C:\WINDOWS\system32\perfc007.dat
2006-12-31 16:56 316924 --a------ C:\WINDOWS\system32\perfh007.dat
2006-12-31 16:39 63225 --a------ C:\WINDOWS\war3unin.dat
2006-12-31 16:35 2829 --a------ C:\WINDOWS\war3unin.pif
2006-12-31 16:35 139264 --a------ C:\WINDOWS\war3unin.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"D-Link AirPlus G"="C:\\Programme\\D-Link\\AirPlus G\\AirGCFG.exe"
"Mirabilis ICQ"="C:\\PROGRA~1\\ICQ\\ICQNet.exe"
"SoundMan"="SOUNDMAN.EXE"
"WinampAgent"="C:\\Programme\\Winamp\\winampa.exe"
"nTrayFw"="C:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nTrayFw.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"SemanticInsight"="C:\\Programme\\RXToolBar\\Semantic Insight\\SemanticInsight.exe"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
@=""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^FRITZ!DSL Startcenter.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\FRITZ!DSL Startcenter.lnk"
"backup"="C:\\WINDOWS\\pss\\FRITZ!DSL Startcenter.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\FRITZ!~1\\StCenter.exe "
"item"="FRITZ!DSL Startcenter"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinZip Quick Pick.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WZCSLDR2"
"hkey"="HKLM"
"command"="C:\\Programme\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDonkey2000]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eDonkey2000"
"hkey"="HKLM"
"command"="C:\\Programme\\eDonkey2000\\eDonkey2000.exe -t"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="isuspm"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\GEMEIN~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="steam"
"hkey"="HKCU"
"command"="\"c:\\programme\\steam\\steam.exe\" -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"de_serv"=dword:00000003
"ANIWZCSdService"=dword:00000002
"SAVScan"=dword:00000002
"NBService"=dword:00000003
"navapsvc"=dword:00000002
"ForcewareWebInterface"=dword:00000002
"ForceWare Intelligent Application Manager (IAM)"=dword:00000002
"AVM IGD CTRL Service"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="strmatkc.dll"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Programme\\Symantec\\LiveUpdate\\ALUNotify.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\odtemdt2

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Symantec NetDetect.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Dokumente und Einstellungen\Chris\Eigene Dateien\Azureus\Neuer Ordner\wow!! 2 Blonde SchC:\Dokumente und Einstellungen\Chris\Eigene Dateien\Azureus\Neuer Ordner\wow!! 2 Blonde SchC:\Dokumente und Einstellungen\Chris\Eigene Dateien\Azureus\Neuer Ordner\wow!! 2 Blonde Sch
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3

********************************************************************

Completion time: 07-03-23 15:56:42

------

datFind:

1.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: DCE4-35DE

Verzeichnis von C:\WINDOWS\system32

23.03.2007 15:48 182.930 odtemdt2.exe
23.03.2007 15:39 0 _nvidia_xxx_.log
23.03.2007 15:39 45.378 nvapps.xml
22.03.2007 16:13 110.592 Gi3DWFQ.dll
22.03.2007 16:13 4 odtemdt2.dat
22.03.2007 16:12 77.824 nmevmsas.dll
22.03.2007 16:12 61.440 wmpcmsyu.exe
22.03.2007 16:12 77.824 strmatkc.dll
22.03.2007 16:12 241.664 odtemdt2.dll

21.03.2007 19:31 2.206 wpa.dbl
07.03.2007 21:36 12.619.736 MRT.exe
17.02.2007 02:30 122.142 TZLog.log
16.02.2007 10:54 65.536 QuickTimeVR.qtx
16.02.2007 10:54 49.152 QuickTime.qts
29.01.2007 09:58 60.416 tzchange.exe
25.01.2007 13:52 617.472 urlmon.dll
23.01.2007 20:30 546.304 hhctrl.ocx
14.01.2007 11:42 0 nmp.log
11.01.2007 20:07 9.132 jupdate-1.5.0_10-b03.log

-

2.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: DCE4-35DE

Verzeichnis von C:\DOKUME~1\Chris\LOKALE~1\Temp

23.03.2007 15:39 512 ~DFCE6D.tmp
23.03.2007 15:39 16.384 ~DFCE60.tmp
2 Datei(en) 16.896 Bytes
0 Verzeichnis(se), 64.875.589.632 Bytes frei
-

3.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: DCE4-35DE

Verzeichnis von C:\WINDOWS

23.03.2007 15:45 1.052.445 WindowsUpdate.log
23.03.2007 15:38 0 0.log
23.03.2007 15:38 2.048 bootstat.dat
22.03.2007 22:35 32.346 SchedLgU.Txt
22.03.2007 18:07 0 j2xbgwck2.bmp
22.03.2007 17:22 0 r81j7l4g.pif
22.03.2007 16:13 0 gbrw8nl7.log
22.03.2007 16:13 0 9ergx.dat

21.03.2007 19:48 116 NeroDigital.ini
15.03.2007 22:57 652.976 iis6.log
15.03.2007 22:57 192.856 comsetup.log
15.03.2007 22:57 27.687 tabletoc.log
15.03.2007 22:57 116.098 ntdtcsetup.log

--

4.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: DCE4-35DE

Verzeichnis von C:\WINDOWS\temp

--

5.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: DCE4-35DE

Verzeichnis von C:\WINDOWS\Downloaded Program Files

24.08.2006 08:28 141.424 asinst.dll
22.08.2006 09:06 537 asinst.inf
24.07.2006 11:33 65 desktop.ini
16.06.2004 05:02 323.584 isusweb.dll
25.07.2002 17:13 24.576 dwusplay.dll
25.07.2002 17:13 196.608 dwusplay.exe
6 Datei(en) 686.794 Bytes
0 Verzeichnis(se), 64.875.581.440 Bytes frei

--
6.
Volumeseriennummer: DCE4-35DE

Verzeichnis von C:\

23.03.2007 16:01 0 sys.txt
23.03.2007 16:00 541 down.txt
23.03.2007 16:00 117 tmp.txt
23.03.2007 16:00 10.121 system.txt
23.03.2007 15:59 341 systemtemp.txt
23.03.2007 15:58 99.368 system32.txt
23.03.2007 15:56 9.432 ComboFix.txt
23.03.2007 15:38 1.610.612.736 pagefile.sys
02.12.2006 20:12 2.082 avenger.txt
01.12.2006 20:19 22.362 files.txt
01.12.2006 16:12 1.495 rapport.txt
30.11.2006 17:12 211 boot.ini
24.07.2006 19:18 1.024 .rnd
24.07.2006 12:54 32 ALCSetup.log
24.07.2006 11:34 0 MSDOS.SYS
24.07.2006 11:34 0 CONFIG.SYS
24.07.2006 11:34 0 IO.SYS
24.07.2006 11:34 0 AUTOEXEC.BAT

-----

So ich glaube das sollte es gewesen sein, hoffe es ist alles dabei ;)

mfG
Chris
Dieser Beitrag wurde am 23.03.2007 um 16:01 Uhr von Chris85 editiert.
Seitenanfang Seitenende
23.03.2007, 16:42
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#5 Chris85

««
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\WINDOWS\PIF" >>files.txt
dir "C:\Programme" >>files.txt
notepad files.txt
ººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººº

Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|SemanticInsight

Registry values to replace with dummy:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs

Registry keys to delete:
HKLM\SOFTWARE\Microsoft\odtemdt2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\odtemdt2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35F7813A-AF74-4474-B1DC-7EE6FB6C43C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40D12BB6-6371-406A-859D-A5B251E57B8A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67270207-b9ee-4d26-9270-860fdb060ca1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2E3DF5B-35BC-331F-BD5A-3676143A55CF}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2E3DF5B-35BC-331F-BD5A-3676143A55CF}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67270207-b9ee-4d26-9270-860fdb060ca1}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40D12BB6-6371-406A-859D-A5B251E57B8A}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}

Files to delete:
C:\WINDOWS\gbrw8nl7.log
C:\WINDOWS\j2xbgwck2.bmp
C:\WINDOWS\r81j7l4g.pif
C:\WINDOWS\9ergx.dat
C:\WINDOWS\system32\odtemdt2.exe
C:\WINDOWS\system32\Gi3DWFQ.dll
C:\WINDOWS\system32\odtemdt2.dat
C:\WINDOWS\system32\nmevmsas.dll
C:\WINDOWS\system32\wmpcmsyu.exe
C:\WINDOWS\system32\strmatkc.dll
C:\WINDOWS\system32\odtemdt2.dll

Folders to delete:
C:\Programme\RXToolBar

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

-------------
««
http://virus-protect.org/artikel/tools/sdfix.html
im Normalmodus

RunThis.bat doppelt klicken
reinschreiben: 3

3 : wird Sophos geladen - waehle 6 - scanne und poste den report
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.03.2007, 17:32
Member

Themenstarter

Beiträge: 15
#6 Hier das Avenger Script falls du brauchst:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\yhsfamco

*******************

Script file located at: \??\C:\WINDOWS\ptveiodk.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\gbrw8nl7.log deleted successfully.
File C:\WINDOWS\j2xbgwck2.bmp deleted successfully.
File C:\WINDOWS\r81j7l4g.pif deleted successfully.
File C:\WINDOWS\9ergx.dat deleted successfully.
File C:\WINDOWS\system32\odtemdt2.exe deleted successfully.
File C:\WINDOWS\system32\Gi3DWFQ.dll deleted successfully.
File C:\WINDOWS\system32\odtemdt2.dat deleted successfully.
File C:\WINDOWS\system32\nmevmsas.dll deleted successfully.
File C:\WINDOWS\system32\wmpcmsyu.exe deleted successfully.
File C:\WINDOWS\system32\strmatkc.dll deleted successfully.
File C:\WINDOWS\system32\odtemdt2.dll deleted successfully.


Folder C:\Programme\RXToolBar not found!
Deletion of folder C:\Programme\RXToolBar failed!

Could not process line:
C:\Programme\RXToolBar
Status: 0xc0000034

Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|SemanticInsight deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry key HKLM\SOFTWARE\Microsoft\odtemdt2 deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\odtemdt2 deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40D12BB6-6371-406A-859D-A5B251E57B8A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67270207-b9ee-4d26-9270-860fdb060ca1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2E3DF5B-35BC-331F-BD5A-3676143A55CF} deleted successfully.


Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2E3DF5B-35BC-331F-BD5A-3676143A55CF} not found!
Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2E3DF5B-35BC-331F-BD5A-3676143A55CF} failed!
Status: 0xc0000034



Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67270207-b9ee-4d26-9270-860fdb060ca1} not found!
Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67270207-b9ee-4d26-9270-860fdb060ca1} failed!
Status: 0xc0000034



Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40D12BB6-6371-406A-859D-A5B251E57B8A} not found!
Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40D12BB6-6371-406A-859D-A5B251E57B8A} failed!
Status: 0xc0000034



Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115} not found!
Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

-----

Hier der SDFix Report:

Sophos Anti-Virus
Version 4.15.0 [Win32/Intel]
Virus data version 4.15, March 2007
Includes detection for 225202 viruses, trojans and worms
Copyright (c) 1989-2007 Sophos Plc, www.sophos.com

System time 17:06:51, System date 23 March 2007
Command line qualifiers are: -f -remove -nc -nb --stop-scan

IDE directory is: C:\Dokumente und Einstellungen\Chris\Desktop\Needful\SDFix\IDE

>>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{A3021250-4CB1-43E1-B37C-18CC817ACD25}\RP71\A0029901.dll
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{A3021250-4CB1-43E1-B37C-18CC817ACD25}\RP71\A0029905.exe
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{A3021250-4CB1-43E1-B37C-18CC817ACD25}\RP71\A0030064.exe
Removal successful
>>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{A3021250-4CB1-43E1-B37C-18CC817ACD25}\RP71\A0030086.dll
Removal successful
>>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{A3021250-4CB1-43E1-B37C-18CC817ACD25}\RP71\A0030087.dll
Removal successful
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{A3021250-4CB1-43E1-B37C-18CC817ACD25}\RP71\A0030088.exe
Removal successful
>>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{A3021250-4CB1-43E1-B37C-18CC817ACD25}\RP71\A0030090.dll
Removal successful
>>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{A3021250-4CB1-43E1-B37C-18CC817ACD25}\RP71\A0030091.exe
Removal successful
>>> Virus fragment 'W95/Sledge-A' found in file C:\WINDOWS\system32\ActiveScan\pskavs.dll
Removal successful

1 boot sector swept.
14304 files swept in 24 minutes and 39 seconds.
9 viruses were discovered.
9 files out of 14304 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@sophos.com
or telephone +44 1235 559933
Ending Sophos Anti-Virus.


mfG
Chris
Seitenanfang Seitenende
23.03.2007, 17:35
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#7 1.
Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung --> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
(dann gleich wieder aktivieren)

2.
loesche das backup vom avenger + leere den papierkorb

3.
wenn die windowsupdates funktionieren - ist alles wieder i.o. ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.03.2007, 17:39
Member

Themenstarter

Beiträge: 15
#8 Nice, Danke.
Mal wieder schnell und professionell gelöst.

/kiss Sabina ;)

mfG
Chris
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: