Command
Service

Command Service , timessquare.exe , unstall.exe , drsmartload.dat

HijackThis HijackThis

O4 - HKLM\..\RunServicesOnce: [capscanuninstall] "C:\WINDOWS\command.com" /c del "C:\DOKUME~1\User\LOKALE~1\Temp\uninstal.exe"

Combofix Combofix anwenden

datfinbat datfinbat

Verzeichnis von C:\WINDOWS 
05.12.2005 16:15 41.216 timessquare.exe
05.12.2005 12:25 32.768 unstall.exe
05.12.2005 12:25 188 iaPXSWOD.ini
05.12.2005 12:24 2 tempf.txt
04.12.2005 19:53 33.376 DIIUnin.dat
04.12.2005 19:48 38 drsmartload.dat
04.12.2005 19:46 0 timessquare1.dat
04.12.2005 19:12 2.829 DIIUnin.pif
04.12.2005 19:12 102.400 DIIUnin.exe

Verzeichnis von C:\WINDOWS\system32
05.12.2005 14:10 133.913 ntlc42.exe.vir
05.12.2005 14:08 154 log.~
05.12.2005 12:25 82 key.~
05.12.2005 12:25 2.118 data.~
05.12.2005 12:24 557.108 awtsr.dll
04.12.2005 19:49 687.592 atmtd.dll
04.12.2005 19:49 687.592 atmtd.dll._
04.12.2005 19:36 236.032 wincntrl.exe.vir
04.12.2005 19:33 71 i
04.12.2005 19:17 90.624 uwhjjgm.exe
04.12.2005 19:15 147.225 tjpwqfuh.exe
04.12.2005 19:14 52.505 scvhost.exe.vir
04.12.2005 19:14 147.225 evjarn.exe
04.12.2005 19:14 90.624 dhyyo.exe
04.12.2005 18:57 0 TFTP3764
04.12.2005 18:52 25.941 NULL
04.12.2005 18:52 16.832 amcompat.tlb
04.12.2005 18:52 23.392 nscompat.tlb
02.11.2005 00:44 127.574 tsuninst.exe

Verzeichnis von C:\
05.12.2005 14:39 16.384 index1.exe
05.12.2005 14:10 446 a.bmp

HijackThis HijackThis

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\czRtM3Q\command.exe
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe
C:\WINDOWS\czRtM3Q\command.exe

L2mfix --> arbeite Option 2 ab L2mfix


Avenger Avenger (Beispiel) 

Registry keys to delete: 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Files to delete: 
%windir%\system32\guard.tmp
%windir%\system32\kqdtat.dll
%windir%\system32\t8r8li9u18.dll
%windir%\system32\lv4o09h3e.dll
%windir%\system32\fpjm0311e.dll
%windir%\system32\nqrsda.dll
%windir%\system32\enj4l11q1.dll
%windir%\system32\hr0205doe.dll
%windir%\system32\l20ulcd91f0.dll
%windir%\system32\dn6m01j1e.dll
%windir%\iun6002.exe
%windir%\winsysupd1.dat
%windir%\enewsletterpro1.dat
%windir%\winsysban.exe
%windir%\winsysupd.exe
%windir%\timessquare1.dat
%windir%\banmanpro.exe
%windir%\enewsletterpro.exe
%windir%\uninstall_nmon.vbs
%windir%\tool2.exe
%windir%\kl.exe
%windir%\uniq
%windir%\datanrzzzqwuwzu.log
%windir%\drsmartloadb1.dat
%windir%\bytespersecond.dat
%windir%\adtech2006.exe
%windir%\msresearch1.dat
%windir%\adtech2005.exe
%windir%\rfk5.bin
%windir%\pcup23467.dat
%windir%\setuperr.log
%windir%\sp2update00.exe
%windir%\drsmartload.dat
%windir%\teller2.chk
%windir%\msresearch.exe

Folders to delete: 
%windir%\czRtM3Q


HijackThis HijackThis

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\nqrsda.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWFudWVs\command.exe


HijackThis CCleaner anwenden + die temporären Dateien löschen

HijackThis datfindbat 
Verzeichnis von C:\WINDOWS\system32

01/18/2006 11:25 PM 234,621 guard.tmp
01/18/2006 11:22 PM 234,621 kqdtat.dll
01/18/2006 11:19 PM 234,272 t8r8li9u18.dll
01/18/2006 01:32 PM 234,621 lv4o09h3e.dll
01/16/2006 03:46 PM 234,272 fpjm0311e.dll
01/16/2006 03:38 PM 234,272 nqrsda.dll
01/16/2006 03:38 PM 235,683 enj4l11q1.dll
01/16/2006 12:54 AM 235,604 hr0205doe.dll
01/15/2006 11:46 PM 234,272 l20ulcd91f0.dll
12/28/2005 08:20 PM 248 systemdrv32.aso
10/20/2005 11:40 PM 235,263 dn6m01j1e.dll

Verzeichnis von C:\WINDOWS

01/15/2006 12:42 PM 0 winsysupd1.dat
01/14/2006 10:45 PM 0 enewsletterpro1.dat
01/14/2006 10:45 PM 69,888 winsysban.exe
01/14/2006 10:45 PM 45,312 winsysupd.exe
01/06/2006 12:42 AM 0 timessquare1.dat
01/06/2006 12:42 AM 69,888 banmanpro.exe
01/06/2006 12:42 AM 41,216 enewsletterpro.exe
01/03/2006 05:45 PM 1,989 uninstall_nmon.vbs
01/02/2006 08:02 PM 32,256 tool2.exe
01/02/2006 08:02 PM 72,809 kl.exe
01/02/2006 08:02 PM 0 uniq
01/02/2006 02:20 PM 19 powerplayer.ini
12/31/2005 12:04 PM 4 datanrzzzqwuwzu.log
12/24/2005 09:33 AM 0 drsmartloadb1.dat
12/19/2005 09:17 PM 183,296 NDNuninstall7_14.exe
12/17/2005 10:57 PM 4 bytespersecond.dat
12/01/2005 10:04 PM 69,888 adtech2006.exe
11/26/2005 12:11 AM 4,096 d3dx.dat
11/20/2005 01:32 PM 0 msresearch1.dat
11/20/2005 01:32 PM 69,888 adtech2005.exe
11/01/2005 12:30 PM 182,272 NDNuninstall6_98.exe
10/26/2005 01:59 PM 4 rfk5.bin
10/26/2005 01:59 PM 4 pcup23467.dat
10/20/2005 09:31 AM 22,368 sp2update00.exe
10/20/2005 09:30 AM 38 drsmartload.dat
10/20/2005 09:30 AM 40 teller2.chk
10/20/2005 09:29 AM 40,176 msresearch.exe

Spysweeper Spysweeper

L2mfix L2mfix -->Option 2

HostsXpert HostsXpert

Link: Command





Counter-Box.de


virus-protect.org
startseite Valid HTML 4.01 Ranking-Hits antispam