Hallo ich hoffe ihr könnt mir helfen ich habe 2 probleme
1 Wenn ich meine Pc Starte und nach dem Windows geladen hat muss ich immer das konto auswelen ich habe aber nur 1 Benutzer. Is des möglich das der Windows automatisch rein geht ohne das ich auf Benutzer Knto klicken muss?
2 Jedes mal wen ich PC Starte dann kommt svcroot.exe konnte nich gefunden werden....
Bitte euch um hilfe
Warum kostenlos registrieren?
Nur als registriertes Mitglied hast Du vollen Zugriff auf alle Funktionen unserer Website. So kannst Du eigene Fragen stellen und hast die volle Übersicht über neue interessante Themen im Forum.
Jetzt kostenlos registrieren.
Login
Svcroot.exe
18 Beiträge • Seite 1 von 2 • 1, 2
von gipsy111 am 15.06.2007, 15:22
Hallo,
zu 1.
Dies hier durchlesen
http://www.gipsy-computer.de/anleitunge ... /index.php
zu 2.
2.1 Cleanup, wie hier beschrieben anwenden, + PC neu starten
http://www.gipsy-computer.de/downloads/ ... /index.php
2.2 Mache ein Hijackthis Logfile und poste es hier.
http://www.gipsy-computer.de/anleitunge ... /index.php
zu 1.
Dies hier durchlesen
http://www.gipsy-computer.de/anleitunge ... /index.php
zu 2.
2.1 Cleanup, wie hier beschrieben anwenden, + PC neu starten
http://www.gipsy-computer.de/downloads/ ... /index.php
2.2 Mache ein Hijackthis Logfile und poste es hier.
http://www.gipsy-computer.de/anleitunge ... /index.php
- gipsy111
- Moderator
- Beiträge: 1608
- Registriert: 26.12.2005, 18:02
- Wohnort: Baden - Württemberg
von maksim789 am 15.06.2007, 17:21
aso kk danke hier der logfile
Logfile of HijackThis v1.99.1
Scan saved at 17:19:43, on 15.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Spyware Doctor\svcntaux.exe
C:\Programme\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\lexpps.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Maksim\LOKALE~1\Temp\Rar$EX00.078\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F2 - REG:system.ini: Shell=Explorer.exe svcroot.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SDTray] C:\Programme\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\gemeinsame dateien\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\gemeinsame dateien\pc tools\lsp\pctlsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 17:19:43, on 15.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Spyware Doctor\svcntaux.exe
C:\Programme\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\lexpps.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Maksim\LOKALE~1\Temp\Rar$EX00.078\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F2 - REG:system.ini: Shell=Explorer.exe svcroot.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SDTray] C:\Programme\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\gemeinsame dateien\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\gemeinsame dateien\pc tools\lsp\pctlsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
- maksim789
- Beiträge: 7
- Registriert: 15.06.2007, 08:43
von BlueScreen-Bertrand am 15.06.2007, 19:52
Bei dir läuft ein Keylogger. Du solltest dir überlegen, eventuell deine Kennwörter zu erneuern.
- BlueScreen-Bertrand
- Moderator
- Beiträge: 11211
- Registriert: 28.11.2005, 19:01
- Wohnort: Waldshut-Tiengen
von gipsy111 am 15.06.2007, 19:58
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
____________________________________________________________________________________
Deinstalliere bitte
Spyware Doctor
____________________________________________________________________________________
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein
Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten
**
poste das log vom Avenger, was nach Neustart erscheint
____________________________________________________________________________________
multiavtool
http://virus-protect.org/multiavtool.html
klicke "2" , nun beginnt der Scan von Trend Micro
klicke "3" - McAfee -- es erscheint ein leeres DOS-Fenster.
bei der Eingabe "3" im MULTIAVTOOL muss eine Internetverbindung vorhanden sein
- man muss eingeben, was gescannt werden soll
- C:\Windows\System32 -> dann beginnt der Scan, man sollte dann auch scannen lassen:
- C:\Windows
- C:\
* klicke "6 --> der PC wird neustarten --> suche die 3 Scanreporte in C:\AV-CLS und kopiere sie
____________________________________________________________________________________
Danach lade CounterSpy und mache die dazugehörige Updates und trennst dann das Internet.
Wenn die alle Updates erfolgreich installiert wurden, mache einen vollständigen Scan!
Nach dem Scan unter > Action (Default) wählen, was man mit der Malware machen will:
*Ignore
*Quarantine
*Remove
Wähle bei jeder einzelnen gefundenen Malware immer -> *Remove
poste bitte den Scanreport
http://virus-protect.org/counterspy1.html
____________________________________________________________________________________
Mache auch das was BlueScreenBetrand gesagt hat!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F2 - REG:system.ini: Shell=Explorer.exe svcroot.exe
____________________________________________________________________________________
Deinstalliere bitte
Spyware Doctor
____________________________________________________________________________________
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein
Files to delete:
c:\windows\system32\sndloader.exe
c:\windows\system32\svcroot.exe
c:\windows\system32\svcroot.dll
registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SVCROOT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\svcroot
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SVCROOT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\svcroot
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SVCROOT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\svcroot
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVCROOT]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svcroot
Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten
**
poste das log vom Avenger, was nach Neustart erscheint
____________________________________________________________________________________
multiavtool
http://virus-protect.org/multiavtool.html
klicke "2" , nun beginnt der Scan von Trend Micro
klicke "3" - McAfee -- es erscheint ein leeres DOS-Fenster.
bei der Eingabe "3" im MULTIAVTOOL muss eine Internetverbindung vorhanden sein
- man muss eingeben, was gescannt werden soll
- C:\Windows\System32 -> dann beginnt der Scan, man sollte dann auch scannen lassen:
- C:\Windows
- C:\
* klicke "6 --> der PC wird neustarten --> suche die 3 Scanreporte in C:\AV-CLS und kopiere sie
____________________________________________________________________________________
Danach lade CounterSpy und mache die dazugehörige Updates und trennst dann das Internet.
Wenn die alle Updates erfolgreich installiert wurden, mache einen vollständigen Scan!
Nach dem Scan unter > Action (Default) wählen, was man mit der Malware machen will:
*Ignore
*Quarantine
*Remove
Wähle bei jeder einzelnen gefundenen Malware immer -> *Remove
poste bitte den Scanreport
http://virus-protect.org/counterspy1.html
____________________________________________________________________________________
Mache auch das was BlueScreenBetrand gesagt hat!
- gipsy111
- Moderator
- Beiträge: 1608
- Registriert: 26.12.2005, 18:02
- Wohnort: Baden - Württemberg
von BlueScreen-Bertrand am 15.06.2007, 20:01
Hallo gipsy!
Der R0-eintra gist völlig Harmlos. Wenn scheinbar keine Suchmaschine festgelegt wurde, verwendet der Internet Explorer die Live-Suche. Wahrscheinlich hat das mit dem Wettbewerb zu tun, denn laut Eintrag ist ja keine Suche festgelegt.
gipsy111 hat geschrieben:öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustartenR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F2 - REG:system.ini: Shell=Explorer.exe svcroot.exe
Der R0-eintra gist völlig Harmlos. Wenn scheinbar keine Suchmaschine festgelegt wurde, verwendet der Internet Explorer die Live-Suche. Wahrscheinlich hat das mit dem Wettbewerb zu tun, denn laut Eintrag ist ja keine Suche festgelegt.
- BlueScreen-Bertrand
- Moderator
- Beiträge: 11211
- Registriert: 28.11.2005, 19:01
- Wohnort: Waldshut-Tiengen
von gipsy111 am 15.06.2007, 20:04
@BlueScreen-Bertrand
Das ist Kopf wie gesprungen. Dann kommt halt der Eintrag nach dem Internetzugang wieder!
@maksim789
Mache meine Anleitung so wie ich es beschrieben habe!
Gruß
Gipsy
Das ist Kopf wie gesprungen. Dann kommt halt der Eintrag nach dem Internetzugang wieder!
@maksim789
Mache meine Anleitung so wie ich es beschrieben habe!
Gruß
Gipsy
- gipsy111
- Moderator
- Beiträge: 1608
- Registriert: 26.12.2005, 18:02
- Wohnort: Baden - Württemberg
von maksim789 am 15.06.2007, 21:56
Also ich danke euch dass ihr mir so hilft ohne euch wär das blöde Fenster imma noch gekommen 
.
Also hier von Avanger
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\btaidvhg
*******************
Script file located at: \??\C:\Program Files\lfmlumuf.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File c:\windows\system32\sndloader.exe not found!
Deletion of file c:\windows\system32\sndloader.exe failed!
Could not process line:
c:\windows\system32\sndloader.exe
Status: 0xc0000034
File c:\windows\system32\svcroot.exe not found!
Deletion of file c:\windows\system32\svcroot.exe failed!
Could not process line:
c:\windows\system32\svcroot.exe
Status: 0xc0000034
File c:\windows\system32\svcroot.dll not found!
Deletion of file c:\windows\system32\svcroot.dll failed!
Could not process line:
c:\windows\system32\svcroot.dll
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SVCROOT not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SVCROOT failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SVCROOT
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\svcroot not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\svcroot failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\svcroot
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SVCROOT not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SVCROOT failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SVCROOT
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\svcroot not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\svcroot failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\svcroot
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SVCROOT not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SVCROOT failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SVCROOT
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\svcroot not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\svcroot failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\svcroot
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVCROOT] not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVCROOT] failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVCROOT]
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svcroot not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svcroot failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svcroot
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Des mit Multi Av ich kann die Datei nicht runterladen der Downloadlink funktioniert nicht.
BlueScreen-Bertrand ich habe in den letzten tagen von so Russische Seite ein rar runtergeladen da sin so Virus zum Testen von Antivirus möglicher is der Keylogger von dort.
.
Also hier von Avanger
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\btaidvhg
*******************
Script file located at: \??\C:\Program Files\lfmlumuf.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File c:\windows\system32\sndloader.exe not found!
Deletion of file c:\windows\system32\sndloader.exe failed!
Could not process line:
c:\windows\system32\sndloader.exe
Status: 0xc0000034
File c:\windows\system32\svcroot.exe not found!
Deletion of file c:\windows\system32\svcroot.exe failed!
Could not process line:
c:\windows\system32\svcroot.exe
Status: 0xc0000034
File c:\windows\system32\svcroot.dll not found!
Deletion of file c:\windows\system32\svcroot.dll failed!
Could not process line:
c:\windows\system32\svcroot.dll
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SVCROOT not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SVCROOT failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SVCROOT
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\svcroot not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\svcroot failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\svcroot
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SVCROOT not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SVCROOT failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SVCROOT
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\svcroot not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\svcroot failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\svcroot
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SVCROOT not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SVCROOT failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SVCROOT
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\svcroot not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\svcroot failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\svcroot
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVCROOT] not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVCROOT] failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVCROOT]
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svcroot not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svcroot failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svcroot
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Des mit Multi Av ich kann die Datei nicht runterladen der Downloadlink funktioniert nicht.
BlueScreen-Bertrand ich habe in den letzten tagen von so Russische Seite ein rar runtergeladen da sin so Virus zum Testen von Antivirus möglicher is der Keylogger von dort.
- maksim789
- Beiträge: 7
- Registriert: 15.06.2007, 08:43
von gipsy111 am 15.06.2007, 22:00
Aha das sehe ich jetzt auch!
Mache trotzdem weiter!
Edit:
Hast du die rar Datei noch?
Mache trotzdem weiter!
gipsy111 hat geschrieben:Danach lade CounterSpy und mache die dazugehörige Updates und trennst dann das Internet.
Wenn die alle Updates erfolgreich installiert wurden, mache einen vollständigen Scan!
Nach dem Scan unter > Action (Default) wählen, was man mit der Malware machen will:
*Ignore
*Quarantine
*Remove
Wähle bei jeder einzelnen gefundenen Malware immer -> *Remove
http://virus-protect.org/counterspy1.html
Edit:
Hast du die rar Datei noch?
- gipsy111
- Moderator
- Beiträge: 1608
- Registriert: 26.12.2005, 18:02
- Wohnort: Baden - Württemberg
von maksim789 am 16.06.2007, 10:45
Guten Morgen
Also hier der Scan Ergebnis
gipsy111 tut mir leid ich habe die rar datei nicht mehr.
Scan History Details
Start Date: 15.06.2007 22:41:45
End Date: 15.06.2007 23:29:54
Total Time: 48 Min 9 Sec
Detected security risks
BearShare P2P Program more information...
Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Ignored
Files detected
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\BearShare.lnk
C:\Dokumente und Einstellungen\Maksim\Desktop\BearShare Downloads.lnk
C:\Dokumente und Einstellungen\Maksim\Desktop\BearShare.lnk
C:\PROGRAMME\BEARSHARE\BearShare.dat
C:\PROGRAMME\BEARSHARE\BearShare.exe
C:\PROGRAMME\BEARSHARE\BSidle.dll
C:\PROGRAMME\BEARSHARE\db\config.bin
C:\PROGRAMME\BEARSHARE\db\connect.txt
C:\PROGRAMME\BEARSHARE\db\gwebcache.dat
C:\PROGRAMME\BEARSHARE\db\Hostiles-Chat.txt
C:\PROGRAMME\BEARSHARE\db\Hostiles.txt
C:\PROGRAMME\BEARSHARE\db\library.2.db
C:\PROGRAMME\BEARSHARE\db\library.2.db.lastgoodload.bak
C:\PROGRAMME\BEARSHARE\db\library.db
C:\PROGRAMME\BEARSHARE\db\library.db.lastgoodload.bak
C:\PROGRAMME\BEARSHARE\db\searches.ini
C:\PROGRAMME\BEARSHARE\FreePeers.ini
C:\PROGRAMME\BEARSHARE\History.txt
C:\PROGRAMME\BEARSHARE\INSTALL.LOG
C:\PROGRAMME\BEARSHARE\Logs\hosts-state.txt
C:\PROGRAMME\BEARSHARE\Logs\memory.txt
C:\PROGRAMME\BEARSHARE\Logs\ordinal.txt
C:\PROGRAMME\BEARSHARE\Logs\streams.txt
C:\PROGRAMME\BEARSHARE\proinstall2.ini
C:\PROGRAMME\BEARSHARE\RunMSC.dll
C:\PROGRAMME\BEARSHARE\sounds\notify.wav
C:\PROGRAMME\BEARSHARE\Webstats.bat
C:\PROGRAMME\BEARSHARE\Webstats.exe
C:\PROGRAMME\BEARSHARE\Webstats.ini
C:\PROGRAMME\BEARSHARE
C:\PROGRAMME\BEARSHARE\DB
C:\PROGRAMME\BEARSHARE\EXTRAS
C:\PROGRAMME\BEARSHARE\INSTALLER
C:\PROGRAMME\BEARSHARE\LOGS
C:\PROGRAMME\BEARSHARE\PLAYLISTS
C:\PROGRAMME\BEARSHARE\SOUNDS
C:\PROGRAMME\BEARSHARE\TEMP
C:\PROGRAMME\BEARSHARE\WEBSTATS
Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\BEARSHARE
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\shellex
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\shellex
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\shellex\MayChangeDefaultMenu
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\shellex\MayChangeDefaultMenu
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE\shell
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE\shell\open
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE\shell\open\command
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE\shell\open\command
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0DF2-3A0A-4D94-853C-54A12A745905}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0DF2-3A0A-4D94-853C-54A12A745905}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0DF2-3A0A-4D94-853C-54A12A745905}\1.0\0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0DF2-3A0A-4D94-853C-54A12A745905}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0DF2-3A0A-4D94-853C-54A12A745905}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0DF2-3A0A-4D94-853C-54A12A745905}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0DF2-3A0A-4D94-853C-54A12A745905}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0DF2-3A0A-4D94-853C-54A12A745905}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0DF2-3A0A-4D94-853C-54A12A745905}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE
HKEY_USERS\.DEFAULT\APPEVENTS\EVENTLABELS\BEARSHARECHATNOTIFYMSG
HKEY_USERS\.DEFAULT\APPEVENTS\EVENTLABELS\BEARSHARECHATNOTIFYMSG
HKEY_USERS\.DEFAULT\APPEVENTS\SCHEMES\APPS\BEARSHARE
HKEY_USERS\.DEFAULT\APPEVENTS\SCHEMES\APPS\BEARSHARE
HKEY_USERS\.DEFAULT\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg
HKEY_USERS\.DEFAULT\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg
HKEY_USERS\.DEFAULT\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg\.Current
HKEY_USERS\.DEFAULT\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg\.Current
HKEY_USERS\S-1-5-18\APPEVENTS\EVENTLABELS\BEARSHARECHATNOTIFYMSG
HKEY_USERS\S-1-5-18\APPEVENTS\EVENTLABELS\BEARSHARECHATNOTIFYMSG
HKEY_USERS\S-1-5-18\APPEVENTS\SCHEMES\APPS\BEARSHARE
HKEY_USERS\S-1-5-18\APPEVENTS\SCHEMES\APPS\BEARSHARE
HKEY_USERS\S-1-5-18\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg
HKEY_USERS\S-1-5-18\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg
HKEY_USERS\S-1-5-18\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg\.Current
HKEY_USERS\S-1-5-18\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg\.Current
HKEY_USERS\S-1-5-21-823518204-1364589140-839522115-1004\APPEVENTS\EVENTLABELS\BEARSHARECHATNOTIFYMSG
HKEY_USERS\S-1-5-21-823518204-1364589140-839522115-1004\APPEVENTS\EVENTLABELS\BEARSHARECHATNOTIFYMSG
HKEY_USERS\S-1-5-21-823518204-1364589140-839522115-1004\APPEVENTS\SCHEMES\APPS\BEARSHARE
HKEY_USERS\S-1-5-21-823518204-1364589140-839522115-1004\APPEVENTS\SCHEMES\APPS\BEARSHARE
HKEY_USERS\S-1-5-21-823518204-1364589140-839522115-1004\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg
HKEY_USERS\S-1-5-21-823518204-1364589140-839522115-1004\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg
HKEY_USERS\S-1-5-21-823518204-1364589140-839522115-1004\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg\.Current
HKEY_USERS\S-1-5-21-823518204-1364589140-839522115-1004\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg\.Current
WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Deleted
Files detected
C:\Programme\BearShare\RunMSC.dll
Ardamax Keylogger Commercial Key Logger more information...
Status: Deleted
Files detected
C:\WINDOWS\system32AKV.exe
C:\WINDOWS\system32JUYN.006
Also hier der Scan Ergebnis
gipsy111 tut mir leid ich habe die rar datei nicht mehr.
Scan History Details
Start Date: 15.06.2007 22:41:45
End Date: 15.06.2007 23:29:54
Total Time: 48 Min 9 Sec
Detected security risks
BearShare P2P Program more information...
Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Ignored
Files detected
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\BearShare.lnk
C:\Dokumente und Einstellungen\Maksim\Desktop\BearShare Downloads.lnk
C:\Dokumente und Einstellungen\Maksim\Desktop\BearShare.lnk
C:\PROGRAMME\BEARSHARE\BearShare.dat
C:\PROGRAMME\BEARSHARE\BearShare.exe
C:\PROGRAMME\BEARSHARE\BSidle.dll
C:\PROGRAMME\BEARSHARE\db\config.bin
C:\PROGRAMME\BEARSHARE\db\connect.txt
C:\PROGRAMME\BEARSHARE\db\gwebcache.dat
C:\PROGRAMME\BEARSHARE\db\Hostiles-Chat.txt
C:\PROGRAMME\BEARSHARE\db\Hostiles.txt
C:\PROGRAMME\BEARSHARE\db\library.2.db
C:\PROGRAMME\BEARSHARE\db\library.2.db.lastgoodload.bak
C:\PROGRAMME\BEARSHARE\db\library.db
C:\PROGRAMME\BEARSHARE\db\library.db.lastgoodload.bak
C:\PROGRAMME\BEARSHARE\db\searches.ini
C:\PROGRAMME\BEARSHARE\FreePeers.ini
C:\PROGRAMME\BEARSHARE\History.txt
C:\PROGRAMME\BEARSHARE\INSTALL.LOG
C:\PROGRAMME\BEARSHARE\Logs\hosts-state.txt
C:\PROGRAMME\BEARSHARE\Logs\memory.txt
C:\PROGRAMME\BEARSHARE\Logs\ordinal.txt
C:\PROGRAMME\BEARSHARE\Logs\streams.txt
C:\PROGRAMME\BEARSHARE\proinstall2.ini
C:\PROGRAMME\BEARSHARE\RunMSC.dll
C:\PROGRAMME\BEARSHARE\sounds\notify.wav
C:\PROGRAMME\BEARSHARE\Webstats.bat
C:\PROGRAMME\BEARSHARE\Webstats.exe
C:\PROGRAMME\BEARSHARE\Webstats.ini
C:\PROGRAMME\BEARSHARE
C:\PROGRAMME\BEARSHARE\DB
C:\PROGRAMME\BEARSHARE\EXTRAS
C:\PROGRAMME\BEARSHARE\INSTALLER
C:\PROGRAMME\BEARSHARE\LOGS
C:\PROGRAMME\BEARSHARE\PLAYLISTS
C:\PROGRAMME\BEARSHARE\SOUNDS
C:\PROGRAMME\BEARSHARE\TEMP
C:\PROGRAMME\BEARSHARE\WEBSTATS
Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\BEARSHARE
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\shellex
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\shellex
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\shellex\MayChangeDefaultMenu
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\shellex\MayChangeDefaultMenu
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE\shell
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE\shell\open
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE\shell\open\command
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE\shell\open\command
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0DF2-3A0A-4D94-853C-54A12A745905}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0DF2-3A0A-4D94-853C-54A12A745905}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0DF2-3A0A-4D94-853C-54A12A745905}\1.0\0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0DF2-3A0A-4D94-853C-54A12A745905}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0DF2-3A0A-4D94-853C-54A12A745905}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0DF2-3A0A-4D94-853C-54A12A745905}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0DF2-3A0A-4D94-853C-54A12A745905}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0DF2-3A0A-4D94-853C-54A12A745905}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{905D0DF2-3A0A-4D94-853C-54A12A745905}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE
HKEY_USERS\.DEFAULT\APPEVENTS\EVENTLABELS\BEARSHARECHATNOTIFYMSG
HKEY_USERS\.DEFAULT\APPEVENTS\EVENTLABELS\BEARSHARECHATNOTIFYMSG
HKEY_USERS\.DEFAULT\APPEVENTS\SCHEMES\APPS\BEARSHARE
HKEY_USERS\.DEFAULT\APPEVENTS\SCHEMES\APPS\BEARSHARE
HKEY_USERS\.DEFAULT\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg
HKEY_USERS\.DEFAULT\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg
HKEY_USERS\.DEFAULT\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg\.Current
HKEY_USERS\.DEFAULT\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg\.Current
HKEY_USERS\S-1-5-18\APPEVENTS\EVENTLABELS\BEARSHARECHATNOTIFYMSG
HKEY_USERS\S-1-5-18\APPEVENTS\EVENTLABELS\BEARSHARECHATNOTIFYMSG
HKEY_USERS\S-1-5-18\APPEVENTS\SCHEMES\APPS\BEARSHARE
HKEY_USERS\S-1-5-18\APPEVENTS\SCHEMES\APPS\BEARSHARE
HKEY_USERS\S-1-5-18\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg
HKEY_USERS\S-1-5-18\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg
HKEY_USERS\S-1-5-18\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg\.Current
HKEY_USERS\S-1-5-18\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg\.Current
HKEY_USERS\S-1-5-21-823518204-1364589140-839522115-1004\APPEVENTS\EVENTLABELS\BEARSHARECHATNOTIFYMSG
HKEY_USERS\S-1-5-21-823518204-1364589140-839522115-1004\APPEVENTS\EVENTLABELS\BEARSHARECHATNOTIFYMSG
HKEY_USERS\S-1-5-21-823518204-1364589140-839522115-1004\APPEVENTS\SCHEMES\APPS\BEARSHARE
HKEY_USERS\S-1-5-21-823518204-1364589140-839522115-1004\APPEVENTS\SCHEMES\APPS\BEARSHARE
HKEY_USERS\S-1-5-21-823518204-1364589140-839522115-1004\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg
HKEY_USERS\S-1-5-21-823518204-1364589140-839522115-1004\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg
HKEY_USERS\S-1-5-21-823518204-1364589140-839522115-1004\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg\.Current
HKEY_USERS\S-1-5-21-823518204-1364589140-839522115-1004\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg\.Current
WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Deleted
Files detected
C:\Programme\BearShare\RunMSC.dll
Ardamax Keylogger Commercial Key Logger more information...
Status: Deleted
Files detected
C:\WINDOWS\system32AKV.exe
C:\WINDOWS\system32JUYN.006
- maksim789
- Beiträge: 7
- Registriert: 15.06.2007, 08:43
von gipsy111 am 16.06.2007, 11:40
Hallo,
mache bitte einen PandaOnlineScan und poste den Scanreport (see Report --> save Report)
http://virus-protect.org/onlinescan.html
mache bitte einen PandaOnlineScan und poste den Scanreport (see Report --> save Report)
http://virus-protect.org/onlinescan.html
- gipsy111
- Moderator
- Beiträge: 1608
- Registriert: 26.12.2005, 18:02
- Wohnort: Baden - Württemberg
von maksim789 am 16.06.2007, 21:56
Hier mein report
Incident Status Location
Spyware:Cookie/Statcounter Not disinfected C:\Dokumente und Einstellungen\Maksim\Anwendungsdaten\Mozilla\Firefox\Profiles\56y4tswf.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Com.com Not disinfected C:\Dokumente und Einstellungen\Maksim\Anwendungsdaten\Mozilla\Firefox\Profiles\56y4tswf.default\cookies.txt[.com.com/]
Spyware:Cookie/Atwola Not disinfected C:\Dokumente und Einstellungen\Maksim\Anwendungsdaten\Mozilla\Firefox\Profiles\56y4tswf.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Atwola Not disinfected C:\Dokumente und Einstellungen\Maksim\Cookies\maksim@atwola[1].txt
Potentially unwanted tool:Application/RealSpy Not disinfected C:\WINDOWS\system32\actskn45.ocx
Potentially unwanted tool:Application/Ardamax Not disinfected C:\WINDOWS\system32JUYN.007
Potentially unwanted tool:Application/Ardamax Not disinfected D:\Tibia Servers und ädliche tools\rar daten\Tibia Luz 5.1.zip[Tibia Luz.exe]
Virus:Trj/Downloader.MDW Disinfected E:\ICQ Lite\257900336\Florent_197669424\Virus\BILD1.EXE
Incident Status Location
Spyware:Cookie/Statcounter Not disinfected C:\Dokumente und Einstellungen\Maksim\Anwendungsdaten\Mozilla\Firefox\Profiles\56y4tswf.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Com.com Not disinfected C:\Dokumente und Einstellungen\Maksim\Anwendungsdaten\Mozilla\Firefox\Profiles\56y4tswf.default\cookies.txt[.com.com/]
Spyware:Cookie/Atwola Not disinfected C:\Dokumente und Einstellungen\Maksim\Anwendungsdaten\Mozilla\Firefox\Profiles\56y4tswf.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Atwola Not disinfected C:\Dokumente und Einstellungen\Maksim\Cookies\maksim@atwola[1].txt
Potentially unwanted tool:Application/RealSpy Not disinfected C:\WINDOWS\system32\actskn45.ocx
Potentially unwanted tool:Application/Ardamax Not disinfected C:\WINDOWS\system32JUYN.007
Potentially unwanted tool:Application/Ardamax Not disinfected D:\Tibia Servers und ädliche tools\rar daten\Tibia Luz 5.1.zip[Tibia Luz.exe]
Virus:Trj/Downloader.MDW Disinfected E:\ICQ Lite\257900336\Florent_197669424\Virus\BILD1.EXE
- maksim789
- Beiträge: 7
- Registriert: 15.06.2007, 08:43
von gipsy111 am 17.06.2007, 16:21
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere in:
Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten
**
poste das Logfile, was dann erscheint
____________________________________________________________________________________
SmitfraudFix so ausführen, wie es hier beschrieben ist
http://virus-protect.org/artikel/tools/ ... utfix.html
____________________________________________________________________________________
poste ein neues Hijackthis-Logfile
Kommt diese Fehlermeldung noch?
http://virus-protect.org/artikel/tools/avenger.html
kopiere in:
Files to delete:
c:\windows\system32\actskn45.ocx
D:\Tibia Servers und ädliche tools\rar daten\Tibia Luz 5.1.zip[Tibia Luz.exe]
E:\ICQ Lite\257900336\Florent_197669424\Virus\BILD1.EXE
Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten
**
poste das Logfile, was dann erscheint
____________________________________________________________________________________
SmitfraudFix so ausführen, wie es hier beschrieben ist
http://virus-protect.org/artikel/tools/ ... utfix.html
____________________________________________________________________________________
poste ein neues Hijackthis-Logfile
Kommt diese Fehlermeldung noch?
Jedes mal wen ich PC Starte dann kommt svcroot.exe konnte nich gefunden werden
- gipsy111
- Moderator
- Beiträge: 1608
- Registriert: 26.12.2005, 18:02
- Wohnort: Baden - Württemberg
von maksim789 am 17.06.2007, 19:38
Also hier das 1 Report
SmitFraudFix v2.195
Scan done at 19:31:02,57, 17.06.2007
Run from C:\Dokumente und Einstellungen\Maksim\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
DAS 2
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dvsdbwuj
*******************
Script file located at: \??\C:\Program Files\lmtoxhsg.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File c:\windows\system32\actskn45.ocx deleted successfully.
File D:\Tibia Servers und ädliche tools\rar daten\Tibia Luz 5.1.zip[Tibia Luz.exe] not found!
Deletion of file D:\Tibia Servers und ädliche tools\rar daten\Tibia Luz 5.1.zip[Tibia Luz.exe] failed!
Could not process line:
D:\Tibia Servers und ädliche tools\rar daten\Tibia Luz 5.1.zip[Tibia Luz.exe]
Status: 0xc0000034
File E:\ICQ Lite\257900336\Florent_197669424\Virus\BILD1.EXE not found!
Deletion of file E:\ICQ Lite\257900336\Florent_197669424\Virus\BILD1.EXE failed!
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8AC52090-4438-4CC6-8555-11E35E945BEF}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8AC52090-4438-4CC6-8555-11E35E945BEF}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8AC52090-4438-4CC6-8555-11E35E945BEF}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
DAS 3
Logfile of HijackThis v1.99.1
Scan saved at 19:35:43, on 17.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\WinRAR\WinRAR.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOKUME~1\Maksim\LOKALE~1\Temp\Rar$EX01.172\HijackThis.exe
C:\WINDOWS\System32\svchost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/de/
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SBCSTray] C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Muss ich bei SmitfraudFix Zones und Restricted Zones wiederherstellen?
Nein, die Fehlermeldung kommt nicht mehr.
SmitFraudFix v2.195
Scan done at 19:31:02,57, 17.06.2007
Run from C:\Dokumente und Einstellungen\Maksim\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
DAS 2
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dvsdbwuj
*******************
Script file located at: \??\C:\Program Files\lmtoxhsg.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File c:\windows\system32\actskn45.ocx deleted successfully.
File D:\Tibia Servers und ädliche tools\rar daten\Tibia Luz 5.1.zip[Tibia Luz.exe] not found!
Deletion of file D:\Tibia Servers und ädliche tools\rar daten\Tibia Luz 5.1.zip[Tibia Luz.exe] failed!
Could not process line:
D:\Tibia Servers und ädliche tools\rar daten\Tibia Luz 5.1.zip[Tibia Luz.exe]
Status: 0xc0000034
File E:\ICQ Lite\257900336\Florent_197669424\Virus\BILD1.EXE not found!
Deletion of file E:\ICQ Lite\257900336\Florent_197669424\Virus\BILD1.EXE failed!
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8AC52090-4438-4CC6-8555-11E35E945BEF}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8AC52090-4438-4CC6-8555-11E35E945BEF}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8AC52090-4438-4CC6-8555-11E35E945BEF}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
DAS 3
Logfile of HijackThis v1.99.1
Scan saved at 19:35:43, on 17.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\WinRAR\WinRAR.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOKUME~1\Maksim\LOKALE~1\Temp\Rar$EX01.172\HijackThis.exe
C:\WINDOWS\System32\svchost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/de/
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SBCSTray] C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Muss ich bei SmitfraudFix Zones und Restricted Zones wiederherstellen?
Nein, die Fehlermeldung kommt nicht mehr.
- maksim789
- Beiträge: 7
- Registriert: 15.06.2007, 08:43
18 Beiträge • Seite 1 von 2 • 1, 2
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 0 Gäste