Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   virusprotectpro/Video ActiveX Access entfernen (https://www.trojaner-board.de/42775-virusprotectpro-video-activex-access-entfernen.html)

LordOfStriker 29.08.2007 07:24
virusprotectpro/Video ActiveX Access entfernen
 
hab virusprotectpro auf dem rechner...
hab smitfraud drüber laufenlassen und den bericht hier gepostet.
wär nett wenn sich sobald wie möglich jemand darum kümmern könnte...

SmitFraudFix v2.217

Scan done at 14:42:22,43, 28.08.2007
Run from C:\Downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{cc824bb2-d4b3-41f1-bba0-f8240e4cc495}"="glauke"

[HKEY_CLASSES_ROOT\CLSID\{cc824bb2-d4b3-41f1-bba0-f8240e4cc495}\InProcServer32]
@="E:\WINDOWS\system32\kvfvw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{cc824bb2-d4b3-41f1-bba0-f8240e4cc495}\InProcServer32]
@="E:\WINDOWS\system32\kvfvw.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

E:\WINDOWS\system32\kvfvw.dll -> Hoax.Win32.Renos.gen.o
E:\WINDOWS\system32\kvfvw.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

E:\DOKUME~1\DR55B0~1.SCH\STARTM~1\VirusProtectPro 3.7.lnk Deleted
E:\DOKUME~1\DR55B0~1.SCH\STARTM~1\PROGRA~1\VirusProtectPro Deleted
E:\DOKUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
E:\DOKUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
E:\DOKUME~1\DR55B0~1.SCH\Desktop\VirusProtectPro 3.7.lnk Deleted
E:\DOKUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
E:\DOKUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted
E:\DOKUME~1\DR55B0~1.SCH\FAVORI~1\Online Security Test.url Deleted
Problem while deleting E:\Programme\Video ActiveX Access\

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Rhine III Fast Ethernet Adapter - Paketplaner-Miniport
DNS Server Search Order: 192.168.2.1

Description: RT2500 USB Wireless LAN Card - Paketplaner-Miniport
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{85B6C984-74F3-4152-A3DA-3BB3A1CFCFC4}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{AD1B1833-97BB-46E5-B473-5932F01E8BD9}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AD1B1833-97BB-46E5-B473-5932F01E8BD9}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{85B6C984-74F3-4152-A3DA-3BB3A1CFCFC4}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{AD1B1833-97BB-46E5-B473-5932F01E8BD9}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning


»»»»»»»»»»»»»»»»»»»»»»»» Reboot

E:\Programme\Video ActiveX Access Deleted


»»»»»»»»»»»»»»»»»»»»»»»» End

BataAlexander 29.08.2007 10:15
Willkommen im TB LordOfStriker http://www.cheesebuerger.de/images/s...shalt/a042.gif

Führe Smitfraudfix mit der Option 2 im abgesicherten Modus aus.

Dann poste das neue Log und ein HiJackThis Log.

Bata


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:17 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131