| |
| |||||||
Antiviren-, Firewall- und andere Schutzprogramme: VirusRespone2009Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
 |
29.10.2008, 22:32
| #1 |
| |  VirusRespone2009 Guten Tag, ein Freund von mir hat mir eure Seite empfollen weil ich ein starkes Problem habe und mir keiner helfen konnte. Ich hoffe aber das ihr es könnt. Also ich bin so bischen im Inet rum gesurft und bin dan auf eine Kostenlose Stream seite gestoßen und dann hat sich auf meinen Pc ganz automatisch ein Antivirus Programm Instaliert das nennt sich virusresponse2009. Ich habe Versucht das Programm von meinen PC wieder zu löschen doch nur durch 80% erfolg. Als ich es gelöscht habe kommt immer eine meldung mit Security Alert: Spyware Found. Die Website vom Programm das was ich heraus finden konnte: h**p://virusresponse2009.com/?aid=1012 Hier noch ein Screen: Klick Mich Edit new noch ein Screen: Klick Mich Hoffe ihr könnt mehr helfen das Programm komplett wieder von meine PC zu schmeißen. Ich war bei Systemsteuerung und dann Software und habe es versucht da zu Deinstaliern was auch eigentlich geklapt hat aber irgentwie sind trotzdem noch teile vom Programm auf mein PC. Bitte um eure Hilfe meine letze chance bei euch ^^ Mfg TechniX Geändert von Technix (29.10.2008 um 22:41 Uhr) |
|
30.10.2008, 19:49
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  VirusRespone2009 Hallo und
__________________ Acker diese Punkte für weitere Analysen ab: 1.) Poste ein (neues) Hijackthis Logfile, nimm dazu diese umbenannte hijackthis.exe - editiere die Links und privaten Infos!! 2.) Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des System durch einen Wiederherstellungspunkt das System wahrscheinlich wieder infizieren würde. 3.) Führe dieses MBR-Tool aus und poste die Ausgabe 4.) Blacklight und Malwarebytes Antimalware ausführen und Logfiles posten 5.) Führe Silentrunners nach dieser Anleitung aus und poste das Logfile (mit Codetags umschlossen), falls es zu groß sein sollte kannst Du es (gezippt) bei file-upload.net hochladen und hier verlinken. 6.) ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. Poste alle Logfiles bitte mit Codetags umschlossen (#-Button) also so: HTML-Code: [code] Hier das Logfile rein! [/code]
Diese listing.txt z.B. bei File-Upload.net hochladen und hier verlinken, da dieses Logfile zu groß fürs Board ist.
__________________ |
|
30.10.2008, 22:22
| #3 |
| |  VirusRespone2009 fsbl-20081030200002
__________________Code:
ATTFilter 10/30/08 21:00:02 [Info]: BlackLight Engine 2.2.1092 initialized
10/30/08 21:00:02 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/30/08 21:00:03 [Note]: 7019 4
10/30/08 21:00:03 [Note]: 7005 0
10/30/08 21:00:05 [Note]: 7006 0
10/30/08 21:00:05 [Note]: 7011 1288
10/30/08 21:00:06 [Note]: 7035 0
10/30/08 21:00:06 [Note]: 7026 0
10/30/08 21:00:06 [Note]: 7026 0
10/30/08 21:00:09 [Note]: FSRAW library version 1.7.1024
10/30/08 21:06:05 [Note]: 7007 0
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:54:41, on 30.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\Explorer.EXE F:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe F:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe F:\Programme\Norton Internet Security\ISSVC.exe F:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe F:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe F:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe F:\WINDOWS\system32\spoolsv.exe F:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe F:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe F:\WINDOWS\system32\nvsvc32.exe F:\WINDOWS\system32\PnkBstrA.exe F:\Programme\Applications\wcs.exe F:\Programme\Applications\iebtm.exe F:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe F:\Programme\Java\jre1.6.0_07\bin\jusched.exe E:\pstrip.exe D:\Winamp\winampa.exe F:\Programme\Winamp Remote\bin\OrbTray.exe F:\Programme\Applications\wcm.exe F:\WINDOWS\system32\algg.exe F:\Programme\Applications\iebtmm.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\wuauclt.exe D:\ICQ6\ICQ.exe F:\Programme\Mozilla Firefox\firefox.exe F:\Programme\Messenger\msmsgs.exe F:\Dokumente und Einstellungen\Peter\Desktop\deathrunmaps\qlketzd.com R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BitComet\tools\BitCometBHO_1.2.6.26.dll O2 - BHO: (no name) - {3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} - F:\Programme\Applications\iebt.dll O2 - BHO: 512686 helper - {51B15F5A-E98B-4658-B9CB-9307B74773A7} - F:\WINDOWS\system32\512686\512686.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: VResLabWarningBHO Class - {B494E7BB-1E33-4922-A947-F74EFF4E714F} - F:\Programme\VResLab\VResLabWarning.dll (file missing) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - F:\Programme\Applications\iebr.dll O4 - HKLM\..\Run: [ccApp] "F:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] F:\Programme\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [PowerStrip] e:\pstrip.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\adobeps\apdproxy.exe" O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKCU\..\Run: [MsnMsgr] "F:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BitComet] "E:\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [Skype] "F:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Orb] "F:\Programme\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [VResLab] "F:\Programme\VResLab\VResLab.exe" O4 - HKCU\..\Run: [wblogon] F:\WINDOWS\system32\algg.exe O4 - HKLM\..\Policies\Explorer\Run: [smile] F:\Programme\Applications\wcs.exe O4 - HKLM\..\Policies\Explorer\Run: [start] F:\Programme\Applications\iebtm.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Xfire.lnk = D:\Xfire\xfire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Alles mit BitComet downloaden - res://E:\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Alle &Videos mit BitComet &d&ownloaden - res://E:\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Mit BitComet &downloaden - res://E:\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.onlyiesettings.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.onlyiesettings.com/redirect.php (file missing) O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programme\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: bismuthiferous - {d04bbe06-7ce7-405e-8730-cd56d9531cbb} - F:\WINDOWS\system32\vimhx.dll O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - F:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - F:\Programme\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - F:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SAVScan - Symantec Corporation - F:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe -- End of file - 9012 bytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.30
Datenbank Version: 1340
Windows 5.1.2600 Service Pack 2
30.10.2008 21:50:51
mbam-log-2008-10-30 (21-50-51).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 103602
Laufzeit: 43 minute(s), 8 second(s)
Infizierte Speicherprozesse: 5
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 29
Infizierte Registrierungswerte: 9
Infizierte Dateiobjekte der Registrierung: 14
Infizierte Verzeichnisse: 2
Infizierte Dateien: 20
Infizierte Speicherprozesse:
F:\WINDOWS\system32\algg.exe (Trojan.Zlob) -> Unloaded process successfully.
F:\Programme\Applications\iebtm.exe (Trojan.Zlob) -> Unloaded process successfully.
F:\Programme\Applications\iebtmm.exe (Trojan.Zlob) -> Unloaded process successfully.
F:\Programme\Applications\wcm.exe (Trojan.Zlob) -> Unloaded process successfully.
F:\Programme\Applications\wcs.exe (Trojan.Zlob) -> Unloaded process successfully.
Infizierte Speichermodule:
F:\WINDOWS\system32\vimhx.dll (Trojan.Zlob) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{d04bbe06-7ce7-405e-8730-cd56d9531cbb} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\z444.z444mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\z444.z444mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F5734812-E6A1-8833-ECA9-949B5B8A88BF} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VResLab (Rogue.AntiVirusLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\vreslabwarning.warningbho (Rogue.AntiVirusLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\vreslabwarning.warningbho.1 (Rogue.AntiVirusLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d04bbe06-7ce7-405e-8730-cd56d9531cbb} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wblogon (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Software Licensors\Antispyware PRO XP (Rogue.AntiSpywareProXP) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\512686 (Trojan.BHO) -> Quarantined and deleted successfully.
Infizierte Dateien:
F:\WINDOWS\system32\vimhx.dll (Trojan.Zlob.H) -> Delete on reboot.
F:\WINDOWS\system32\512686\512686.dll (Trojan.BHO) -> Quarantined and deleted successfully.
F:\Programme\Applications\iebr.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
F:\Programme\Applications\iebt.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\algg.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
F:\Dokumente und Einstellungen\All Users\Startmenü\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
F:\Programme\Applications\iebtm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
F:\Programme\Applications\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
F:\Programme\Applications\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
F:\Programme\Applications\iebu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
F:\Programme\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
F:\Programme\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
F:\Programme\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
F:\Programme\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
F:\Programme\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
F:\Programme\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
F:\Programme\Applications\wcm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
F:\Programme\Applications\wcs.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
F:\Programme\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
F:\Dokumente und Einstellungen\pascal\Lokale Einstellungen\Temp\xrg2.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
Code:
ATTFilter Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
da ich heute wenig zeit hatte...Aber hoffe es reicht für heute ^^ |
|
03.11.2008, 22:45
| #4 |
| | VirusRespone2009 Okk... Eins eurer Programme die ihr hier gepostet habt...Hat das irgentwie gelöscht ^^ Vielen dank für die Anleitung und Hilfe... Werde euch weiter empfehlen. Mfg TechniX |
|
04.11.2008, 09:17
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | VirusRespone2009
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.11.2008, 18:41
| #6 |
| | VirusRespone2009 Hallo, Ich habe nur von den die Logfiles... Brauchte woll die anderen woll nicht mehr den das Programm ist weg und diese kommische anzeige auch... Oder muss ich die unbedingt auch noch machen ?  |
|
04.11.2008, 18:57
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ |  VirusRespone2009Zitat:
 Acker einfach die Liste so ab, wie ich sie gepostet habe. 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu VirusRespone2009 |
| alert, automatisch, freund, gelöscht, guten, helfen, hoffe, klick, komplett, löschen, nennt, problem, programm, rum, screen, security, security alert, seite, software, spyware, systems, systemsteuerung, teile, versucht, website |
