Online-Scanner       Virenscanner       Gästebuch       Kontakt       Protecus.de Forum       Virus Weltkarte       Impressum       Datenschutz







rdriv.sys - MSmedia.exe - seppgs.dll - pis.exe - seppgm.sys - qz.sys



datfindbat

Verzeichnis von C:\WINDOWS\system32

17.06.2006 19:56 7.168 rdriv.sys
17.06.2006 19:45 100 ps.a3d
17.06.2006 19:45 70 i

Verzeichnis von C:\WINDOWS
17.06.2006 19:44 54.512 MSmedia.exe

Verzeichnis von C:\

17.06.2006 19:45 58.725 pis.exe


C:\WINDOWS\system32\rdriv.sys
C:\WINDOWS\system32\ps.a3d
C:\WINDOWS\system32\i
C:\WINDOWS\SYSTEM32\seppgs.dll
C:\WINDOWS\MSmedia.exe
C:\pis.exe


HijackThis

O20 - Winlogon Notify: seppgs - C:\WINDOWS\SYSTEM32\seppgs.dll
O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe


Start -> Ausführen --> schreib rein: notepad -- klicke OK. oder , falls das Kommando nicht stimmt, öffne den Editor.... Dann kopiere folgenden Text rein:

sc stop MicroSoft Media Tools
sc delete MicroSoft Media Tools
del delete.bat


Auf dem Desktop abspeichern [Gebe bei Dateityp 'Alle Dateien' an.] als delete.bat --> Doppeltklicken


F-Secure BlackLight

06/18/06 16:10:29 [Info]: Hidden process: \??\C:\WINDOWS\system32\winlogon.exe
06/18/06 16:10:29 [Info]: Hidden process: C:\WINDOWS\Explorer.EXE
06/18/06 16:10:29 [Info]: Hidden process: C:\WINDOWS\MSmedia.exe
06/18/06 16:10:33 [Info]: Hidden file: c:\WINDOWS\system32\83ghh.ini
06/18/06 16:10:33 [Info]: Hidden file: c:\WINDOWS\system32\aaaxcfdwq.dat
06/18/06 16:10:39 [Info]: Hidden file: c:\WINDOWS\system32\qz.dll
06/18/06 16:10:44 [Info]: Hidden file: c:\WINDOWS\system32\qz.sys
06/18/06 16:10:44 [Info]: Hidden file: c:\WINDOWS\system32\seppgm.sys
06/18/06 16:10:44 [Info]: Hidden file: c:\WINDOWS\system32\seppgs.dll


F-Secure Online Scanner Next Generation Beta
F-Secure Online Scanner

1. Klicke den Link: "F-Secure Online Scanner Next Generation Beta".
2. Du wirst aufgefordert werden, ein ActiveX-Control zu installieren
3. Installiere diese ActiveX-Komponente
4. Lies die Anleitung und klicke: "Accept"
5. Klicke "Full System Scan"
6. klicke "Show report"


Result: 13 malware found
Alexa (spyware)
* System (Disinfected)

Backdoor.Win32.Agobot.afk (virus)
* C:\WINDOWS\MSMEDIA.EXE (Renamed & Submitted)

Backdoor.Win32.Rbot.aeu (virus)
* C:\WINDOWS\SYSTEM32\WINSYSTEMS.EXE (Renamed & Submitted)

Rootkit.Win32.Agent.p (virus)
* C:\WINDOWS\SYSTEM32\RDRIV.SYS

Stealth_file (hidden item)
* C:\WINDOWS\SYSTEM32\83GHH.INI (Submitted)
* C:\WINDOWS\SYSTEM32\QZ.DLL (Submitted)
* C:\WINDOWS\SYSTEM32\QZ.SYS (Submitted)
* C:\WINDOWS\SYSTEM32\SEPPGM.SYS
* C:\WINDOWS\SYSTEM32\SEPPGS.DLL

Stealth_process (hidden item)
* C:\WINDOWS\EXPLORER.EXE (Submitted)
* \??\C:\WINDOWS\SYSTEM32\WINLOGON.EXE

Trojan-Downloader.BAT.Ftp.ab (virus)
* C:\WINDOWS\SYSTEM32\I (Renamed & Submitted)


2.Log HijackThis

O4 - HKLM\..\Run: [uuwwkjge] C:\nmgpdusc.bat
O4 - HKLM\..\Run: [winsystems25] winsystems.exe
O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe
O20 - Winlogon Notify: seppgs - C:\WINDOWS\SYSTEM32\seppgs.dll
O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe


Verzeichnis von C:\

18.06.2006 16:06 0 zia01636
18.06.2006 16:05 1.080 nmgpdusc.bat
18.06.2006 16:05 126.976 zip.exe
17.06.2006 19:45 58.725 pis.exe

Verzeichnis von C:\WINDOWS

17.06.2006 19:44 54.512 MSMEDIA.0XE


Avenger

registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MicroSoft Media Tools
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MicroSoft Media Tools
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MicroSoft Media Tools

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\seppgm.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\seppgm.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SEPPGM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SEPPGM\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seppgm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seppgs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\seppgm.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\seppgm.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SEPPGM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SEPPGM\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\seppgm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\seppgm.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\seppgm.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SEPPGM
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SEPPGM\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seppgm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seppgs

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdriv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv

Files to delete:
C:\WINDOWS\MSMEDIA.0XE
C:\WINDOWS\system32\i
C:\WINDOWS\MSmedia.exe
C:\WINDOWS\SYSTEM32\WINSYSTEMS.EXE
c:\WINDOWS\system32\83ghh.ini
c:\WINDOWS\system32\aaaxcfdwq.dat
c:\WINDOWS\system32\qz.dll
c:\WINDOWS\system32\qz.sys
c:\WINDOWS\system32\seppgm.sys
c:\WINDOWS\system32\seppgs.dll
c:\WINDOWS\system32\rdriv.sys
C:\nmgpdusc.bat
C:\zip.exe
C:\pis.exe
C:\zia01636


scanne mit kaspersky
http://virus-protect.org/onlinescan.html







startseite


©virus-protect.org      
startseite Valid HTML 4.01 Ranking-Hits antispam