Problem mit dc.exe Trojaner

#1 Hallo

hab mir heute nen Trojaner eingefangen ( dc.exe ) der immer ins INet will .... weis aber nicht wie man den runterbekommt

kann mir da jemand helfen?

danke m voraus


Logfile of HijackThis v1.99.1
Scan saved at 13:41:40, on 22.05.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\T-Online\DSL-Manager\TODslMgr.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\Norton Personal Firewall\IAMAPP.EXE
C:\Programme\Winamp\Winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\DOKUME~1\STREET~1.XXX\LOKALE~1\Temp\dc.exe
C:\Programme\Norton Utilities\SYSDOC32.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Norton Personal Firewall\NISUM.EXE
C:\Programme\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\Speed Disk\nopdb.exe
C:\Programme\Norton Personal Firewall\SymProxySvc.exe
C:\Programme\Norton Personal Firewall\NISSERV.EXE
C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
E:\Alle_Downloads\Downloads\Troja_programm\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freenet.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [Hotplug] C:\Programme\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [T-Online DSL-Manager] "C:\Programme\T-Online\DSL-Manager\TODslMgr.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iamapp] C:\Programme\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BD] "C:\DOKUME~1\STREET~1.XXX\LOKALE~1\Temp\dc.exe"
O4 - Global Startup: Norton System Doctor.lnk = C:\Programme\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {3856CBEC-D717-404A-B24D-0192ACA904B2} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {3856CBEC-D717-404A-B24D-0192ACA904B2} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O10 - Broken Internet access because of LSP provider 'spacklsp.dll' missing
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138495109625
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://god.t-online.de/download/ExentCtl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:\Programme\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Programme\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Programme\Speed Disk\nopdb.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:\Programme\Norton Personal Firewall\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe

#2 Karl_71

1.
KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot --> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf auf "yes"
reinkopieren: ....

Zitat

C:\DOKUME~1\STREET~1.XXX\LOKALE~1\Temp\dc.exe

PC neustarten

2.
stelle den CleanUp genauso ein, wie hier angegeben: (dann den PC neustarten)
http://virus-protect.org/cleanup.html

3.
Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 jo hab ich gemacht und hier ist das ergebnis


1. Log

Verzeichnis von C:\WINDOWS\system32

22.05.2006 15:10 50.257 nvapps.xml
21.05.2006 00:29 43.520 CmdLineExt03.dll
11.05.2006 19:57 2.184 wpa.dbl
13.04.2006 12:33 98.304 CmdLineExt.dll
01.04.2006 12:06 100 LuResult.txt
31.03.2006 16:52 25.065 wmpscheme.xml
30.03.2006 23:45 380.350 perfh009.dat
30.03.2006 23:45 52.764 perfc009.dat
30.03.2006 23:45 391.000 perfh007.dat
30.03.2006 23:45 63.580 perfc007.dat
26.03.2006 04:53 723.744 PerfStringBackup.INI
09.03.2006 17:59 180.224 NVUNINST.EXE
09.03.2006 15:29 35.840 nvcodins.dll
09.03.2006 15:29 147.456 nvcolor.exe
09.03.2006 15:29 7.561.216 nvcpl.dll
09.03.2006 15:29 16.960 nvdisp.nvu
09.03.2006 15:29 1.339.392 nvdspsch.exe
09.03.2006 15:29 442.368 nvappbar.exe
09.03.2006 15:29 573.440 nvhwvid.dll
09.03.2006 15:29 1.466.368 nview.dll
09.03.2006 15:29 229.376 nvmccs.dll
09.03.2006 15:29 45.056 nvmccsrs.dll
09.03.2006 15:29 86.016 nvmctray.dll
09.03.2006 15:29 286.720 nvnt4cpl.dll
09.03.2006 15:29 5.419.008 nvoglnt.dll
09.03.2006 15:29 327.680 nvrsar.dll
09.03.2006 15:29 98.304 nvapi.dll
09.03.2006 15:29 245.760 nvrscs.dll
09.03.2006 15:29 249.856 nvrsda.dll
09.03.2006 15:29 1.519.616 nwiz.exe
09.03.2006 15:29 274.432 nvrsde.dll
09.03.2006 15:29 278.528 nvrsel.dll


2.Log


Verzeichnis von C:\DOKUME~1\STREET~1.XXX\LOKALE~1\Temp

22.05.2006 15:11 16.384 Perflib_Perfdata_1dc.dat
22.05.2006 14:55 105.267 backdoor.log
22.05.2006 14:50 16.384 ~DFE47B.tmp
22.05.2006 13:40 16.384 ~DF187E.tmp
21.05.2006 22:27 154.399 22.exe
21.05.2006 22:27 283.942 1-Datei.exe
21.05.2006 00:29 4.592 SIntfIcn.ani
21.05.2006 00:29 24.744 SIntfNT.dll
21.05.2006 00:29 12.305 SIntf16.dll
21.05.2006 00:29 20.016 SIntf32.dll
20.05.2006 19:28 138 wecerr.txt
20.05.2006 13:37 16.384 Perflib_Perfdata_788.dat
20.05.2006 01:21 0 flaA9.tmp
20.05.2006 01:20 0 flaA8.tmp
20.05.2006 01:20 0 flaA7.tmp
20.05.2006 01:18 0 flaA6.tmp
20.05.2006 01:18 0 flaA5.tmp
20.05.2006 01:17 0 flaA4.tmp
20.05.2006 01:16 0 flaA3.tmp
20.05.2006 01:16 0 flaA2.tmp
20.05.2006 01:16 0 fla8E.tmp
20.05.2006 01:15 0 fla8D.tmp
20.05.2006 01:15 0 fla8C.tmp
20.05.2006 01:14 0 fla8B.tmp
20.05.2006 01:13 0 fla8A.tmp
20.05.2006 01:13 0 fla89.tmp
20.05.2006 01:12 0 fla88.tmp
20.05.2006 01:11 0 fla87.tmp
19.05.2006 23:18 4 PMShared
19.05.2006 10:42 11.224 CFG73.tmp
19.05.2006 10:39 11.224 CFG70.tmp
18.05.2006 01:47 0 flaA1.tmp
18.05.2006 01:47 0 flaA0.tmp
18.05.2006 01:46 0 fla9F.tmp
18.05.2006 01:44 0 fla9E.tmp
18.05.2006 01:41 0 fla9D.tmp
18.05.2006 01:41 0 fla9C.tmp
18.05.2006 01:40 0 fla9B.tmp
18.05.2006 01:40 0 fla9A.tmp
18.05.2006 01:39 0 fla99.tmp
18.05.2006 01:39 0 fla98.tmp
18.05.2006 01:38 0 fla97.tmp
18.05.2006 01:38 0 fla96.tmp
18.05.2006 01:38 0 fla95.tmp
18.05.2006 01:38 0 fla94.tmp
18.05.2006 01:36 0 fla93.tmp
18.05.2006 01:36 0 fla92.tmp
18.05.2006 01:36 0 fla91.tmp
18.05.2006 01:36 0 fla90.tmp
18.05.2006 01:36 0 fla8F.tmp
18.05.2006 01:23 0 fla86.tmp
18.05.2006 01:23 0 fla85.tmp
18.05.2006 01:16 0 fla82.tmp
18.05.2006 01:15 0 fla81.tmp
18.05.2006 01:14 0 fla80.tmp
18.05.2006 01:12 0 fla7F.tmp
18.05.2006 01:08 0 fla7E.tmp
18.05.2006 01:07 0 fla7D.tmp
18.05.2006 01:05 0 fla7C.tmp
14.05.2006 18:17 0 NBR5F.tmp
14.05.2006 17:08 0 NBR5A.tmp
14.05.2006 05:04 0 fla59.tmp
13.05.2006 20:08 16.384 Perflib_Perfdata_c0.dat
13.05.2006 11:44 16.384 Perflib_Perfdata_75c.dat
11.05.2006 22:43 11.224 CFG32.tmp
11.05.2006 22:41 11.224 CFG2F.tmp
03.05.2006 22:02 695 TWAIN.LOG
03.05.2006 22:02 3 Twain001.Mtx
03.05.2006 22:02 156 Twunk001.MTX
30.04.2006 23:01 878 dslmupdate.ini
28.04.2006 22:35 16.384 Perflib_Perfdata_1ec.dat
25.04.2006 17:15 0 NBR1.tmp
20.04.2006 17:00 49.152 ~DF7A2B.tmp
13.04.2006 19:17 49.152 ~DF3E0F.tmp
13.04.2006 14:54 16.384 Perflib_Perfdata_724.dat
05.04.2006 17:21 0 CacheInfo.dnl
05.04.2006 16:35 0 NBR9.tmp
01.04.2006 19:15 68.229 SYMEVENT.LOG
01.04.2006 19:15 2.303 SNDSetup55.log
01.04.2006 19:15 11.429 IDSinst.LOG
01.04.2006 19:15 488.118 SNDUpdater55I.log
01.04.2006 19:15 22.428 SNDunin.log
01.04.2006 18:51 16.384 ~DFED52.tmp
01.04.2006 13:56 1.844 SNDSetup544.log
01.04.2006 13:56 288.886 SNDUpdater544I.log
01.04.2006 12:22 12.868.282 Norton Personal Firewall 4-1-2006 12h19m51s.log
01.04.2006 12:22 2.563 LSInstall.log
01.04.2006 12:13 2.625.426 Norton Personal Firewall 4-1-2006 12h12m29s.log
01.04.2006 12:08 7.819.052 Norton Internet Security 2006 4-1-2006 12h5m32s.log
01.04.2006 12:06 8.634 CLTDIST.log
01.04.2006 12:05 172 AVRES_OPTRF_LiveUpdate.dat
30.03.2006 23:44 2.326 dotNetFx.log
30.03.2006 23:44 7.228 ASPNETSetup.log
30.03.2006 23:03 65.536 ~DFBA98.tmp
29.03.2006 22:52 0 ImageReadyTemp.tmp
27.03.2006 16:56 0 NBR7.tmp
21.03.2006 11:08 16.384 ~DFF063.tmp
21.03.2006 11:08 16.384 ~DF941D.tmp
21.03.2006 02:17 17.006 pf2348617881.tmp
20.03.2006 12:16 65.536 ~DF4895.tmp
11.03.2006 22:59 7.348 SNDSetup60.log
11.03.2006 22:59 245.194 SND_MSI_U_6.0.0.99.log
11.03.2006 22:59 332.632 SND_MSI_I_6.0.2.211.log
11.03.2006 22:54 9.477.208 Norton Internet Security 2006 3-11-2006 21h51m32s.log
11.03.2006 22:51 327 PreScan.log
11.03.2006 22:47 7.156.288 Norton Internet Security 2006 3-11-2006 21h43m57s.log
11.03.2006 22:41 300 MSI2810.LOG
11.03.2006 22:41 300 MSIfca02.LOG
11.03.2006 22:39 300 MSIe6998.LOG
11.03.2006 22:39 300 MSIe6997.LOG
11.03.2006 20:56 7.810.248 Norton Internet Security 2006 3-11-2006 19h53m40s.log


3.Log

Verzeichnis von C:\WINDOWS

22.05.2006 15:13 1.212 win.ini
22.05.2006 15:12 0 0.log
22.05.2006 15:10 2.048 bootstat.dat
22.05.2006 15:10 32.586 SchedLgU.Txt
22.05.2006 13:05 1.065 winamp.ini
22.05.2006 12:33 50 wiaservc.log
22.05.2006 12:33 214 wiadebug.log
20.05.2006 17:36 116 NeroDigital.ini
27.04.2006 23:30 54.156 QTFont.qfn
21.04.2006 14:26 1.409 QTFont.for
13.04.2006 12:29 188.621 DirectX.log
13.04.2006 12:28 824.633 setupapi.log
01.04.2006 12:34 5.669 Norton Utilities.log
01.04.2006 12:32 1.743 SYMINST.LOG
31.03.2006 23:25 755.447 WindowsUpdate.log
31.03.2006 16:52 2.200 OEWABLog.txt
31.03.2006 15:39 65.536 DUMP76f5.tmp
31.03.2006 01:27 1.450 COM+.log
21.03.2006 12:20 171 Adobereg.db
20.03.2006 12:27 3.303 GPlrLanc.dat
20.03.2006 00:03 146.955 setupact.log
21.02.2006 22:15 625 eReg.dat


4.Log

Verzeichnis von C:\

22.05.2006 15:23 0 sys.txt
22.05.2006 15:23 7.042 system.txt
22.05.2006 15:23 9.131 systemtemp.txt
22.05.2006 15:23 95.437 system32.txt
22.05.2006 15:10 1.610.612.736 pagefile.sys
13.05.2006 11:43 1.124 wsinst.log
01.04.2006 12:08 100 LuResult.txt
26.02.2006 20:15 36.361 debug.log
28.01.2006 13:04 378 TO_InstallLog.txt
27.01.2006 23:26 194 boot.ini
23.01.2006 15:36 429 datFind.bat
11.01.2006 19:11 20.495 fl-server-errors.log
21.12.2005 15:51 0 IO.SYS
21.12.2005 15:51 0 MSDOS.SYS
21.12.2005 15:51 0 CONFIG.SYS
21.12.2005 15:51 0 AUTOEXEC.BAT
18.08.2001 14:00 4.952 bootfont.bin
18.08.2001 14:00 45.124 NTDETECT.COM
18.08.2001 14:00 224.032 ntldr

#4 Karl_71

1.
loesche mit der Killbox
C:\DOKUME~1\STREET~1.XXX\LOKALE~1\Temp\1-Datei.exe
C:\DOKUME~1\STREET~1.XXX\LOKALE~1\Temp\22.exe

PC neustarten

------------------------
2.
schliesse alle Anwendungen

Start > Programme > Zubehör > Systemprogramme >
Datenträgerbereinigung
#Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k.
#Click:Temporäre Dateien, o.k

--------------------
3.
poste das Log
RootkitRevealer
http://www.sysinternals.com/Utilities/RootkitRevealer.html
__________
MfG Sabina

rund um die PC-Sicherheit

#5 ok hab ich gemacht

HKLM\SOFTWARE\Classes\CLSID\{0A2C6EC6-E1BC-9BF5-B3F7D282645EFB0F}\{C08E0694-C5E1-48EE-3ACF6A24AC2BF796}\{A9549B8D-B7EF-15E1-4BD44DC35FFCD192}* 28.01.2006 12:42 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{406CE662-49A5-A824-9AD16CDB8C980A83}\{51810E7B-CC7B-50CD-91DC82E76A5CA55B}\{3C9B1055-B264-EADB-6986DE03867D1DB4}* 28.01.2006 12:42 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{5FE33608-D84A-4853-0DC49CB45BA83A21}\{2DF15E09-2D8E-263A-CC028FD0118C14A8}\{3FB2B7AB-9135-F57A-39603C4B0F4DA6E9}* 28.01.2006 12:42 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{99B3C19D-1110-E642-964288AEAF2709C8}\{40C615DA-7F31-9B5B-0DDF6E89F316E212}\{17EBF9A6-E64A-9733-B8ACE6C016E89E7C}* 28.01.2006 12:46 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{EA0A4278-51A3-7709-84DDEF02950ADF94}\{11936336-4B9A-79DD-A94F2AD208D83E94}\{0A7B61F5-80AE-3EB6-867F93DE000E0517}* 28.01.2006 12:46 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{EA20B5D7-213B-BF6A-A687F1F5E27AC26F}\{EEE35091-0AEA-CF92-BEFE1061EF739928}\{47B248DC-A6E0-641B-BA973614FEEFC865}* 28.01.2006 12:46 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\webcal\URL Protocol 28.01.2006 23:33 13 bytes Data mismatch between Windows API and raw hive data.
C:\RECYCLER\NPROTECT\00243305 15.05.2006 14:39 1.81 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\00245331 22.05.2006 16:45 6.26 MB Hidden from Windows API.

#6 scanne mit Kaspersky und poste den scanreport
http://virus-protect.org/onlinescan.html
+
poste noch mal das 2. Log von datfindbat
Verzeichnis von C:\DOKUME~1\STREET~1.XXX\LOKALE~1\Temp
__________
MfG Sabina

rund um die PC-Sicherheit

#7 keine ahnung ob die log jetzt stimmt aber ich denke schon

--------------------------------- Anti-Spyware session started ---------------------------------
Machine=XXX-V1VI5M3TR6H
Time=Mon May 22 20:29:09 2006
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Professional (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
IE Plugins: Found '{327C2873-E90D-4c37-AA9D-10AC9BABA46C}' in 'SOFTWARE\Microsoft\Internet Explorer\Toolbar'
IE Plugins: Found '{855F3B16-6D32-4fe6-8A56-BBB695989046}' in 'SOFTWARE\Microsoft\Internet Explorer\Toolbar'
IE Plugins: Found '{855F3B16-6D32-4fe6-8A56-BBB695989046}' in 'Software\Microsoft\Internet Explorer\URLSearchHooks'
Web Browser Security Settings: Found 'Start Page' in 'SOFTWARE\Microsoft\Internet Explorer\Main'
Web Browser Security Settings: Found 'Default_Page_URL' in 'SOFTWARE\Microsoft\Internet Explorer\Main'
Web Browser Security Settings: Found 'Search Page' in 'SOFTWARE\Microsoft\Internet Explorer\Main'
Web Browser Security Settings: Found 'Default_Search_URL' in 'SOFTWARE\Microsoft\Internet Explorer\Main'
Web Browser Security Settings: Found 'Search Bar' in 'SOFTWARE\Microsoft\Internet Explorer\Main'
Web Browser Security Settings: Found 'START_PAGE_URL' in 'C:\WINDOWS\inf\iereset.inf'
Web Browser Security Settings: Found 'DisableCachingOfSSLPages' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings'
Web Browser Security Settings: Found 'EnableNegotiate' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings'
Web Browser Security Settings: Found 'WarnOnZoneCrossing' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings'
Web Browser Security Settings: Found '*' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fritz.box'
Web Browser Security Settings: Found 'ICQ Toolbar Search' in 'Software\Microsoft\Internet Explorer\MenuExt\&ICQ Toolbar Search'
Web Browser Security Settings: Found 'Easy-WebPrint - Drucken' in 'Software\Microsoft\Internet Explorer\MenuExt\Easy-WebPrint - Drucken'
Web Browser Security Settings: Found 'Easy-WebPrint - Schnelldruck' in 'Software\Microsoft\Internet Explorer\MenuExt\Easy-WebPrint - Schnelldruck'
Web Browser Security Settings: Found 'Easy-WebPrint - Vorschau' in 'Software\Microsoft\Internet Explorer\MenuExt\Easy-WebPrint - Vorschau'
Web Browser Security Settings: Found 'Easy-WebPrint - Zu Druckliste hinzufügen' in 'Software\Microsoft\Internet Explorer\MenuExt\Easy-WebPrint - Zu Druckliste hinzufügen'
Web Browser Security Settings: Found 'Nach Microsoft Excel exportieren' in 'Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren'
IE Downloaded Program Files: Found 'ExentInf Class' in 'C:\WINDOWS\Downloaded Program Files\ExentCtl.ocx'
Layered Service Providers (LSP's): Found 'SpeedPackLSP under [MSAFD Tcpip [TCP/IP]]' in 'C:\WINDOWS\System32\spacklsp.dll'
Layered Service Providers (LSP's): Found 'SpeedPackLSP under [MSAFD Tcpip [UDP/IP]]' in 'C:\WINDOWS\System32\spacklsp.dll'
Layered Service Providers (LSP's): Found 'SpeedPackLSP under [MSAFD Tcpip [RAW/IP]]' in 'C:\WINDOWS\System32\spacklsp.dll'
Layered Service Providers (LSP's): Found 'SpeedPackLSP under [RSVP UDP Service Provider]' in 'C:\WINDOWS\System32\spacklsp.dll'
Layered Service Providers (LSP's): Found 'SpeedPackLSP under [RSVP TCP Service Provider]' in 'C:\WINDOWS\System32\spacklsp.dll'
Layered Service Providers (LSP's): Found 'SpeedPackLSP' in 'C:\WINDOWS\System32\spacklsp.dll'
Windows Policy Settings: Found 'restrictanonymous' in 'SYSTEM\CurrentControlSet\Control\Lsa'
Windows Policy Settings: Found 'forceunlocklogon' in 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon'
Windows Policy Settings: Found 'AUOptions' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update'
Windows Policy Settings: Found 'wuauserv' in ''
Services: Found 'AVM IGD CTRL Service' in ''
Services: Found 'AVM FRITZ!web Routing Service' in ''
Windows Shell Settings: Found 'AddToPlaylistVLC' in 'SOFTWARE\Classes\Folder\shell\AddToPlaylistVLC'
Windows Shell Settings: Found 'PlayWithVLC' in 'SOFTWARE\Classes\Folder\shell\PlayWithVLC'
Windows Shell Settings: Found 'InCDMenu' in 'SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\InCDMenu'
Windows Shell Settings: Found 'Norton Shell Extensions' in 'SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Norton Shell Extensions'
Windows Shell Settings: Found 'WS_FTP' in 'SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WS_FTP'
Windows Shell Settings: Found '{950FF917-7A57-46BC-8017-59D9BF474000}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Windows Shell Settings: Found '{73B24247-042E-4EF5-ADC2-42F62E6FD654}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Windows Shell Settings: Found '{A70C977A-BF00-412C-90B7-034C51DA2439}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Windows Shell Settings: Found '{FFB699E0-306A-11d3-8BD1-00104B6F7516}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Windows Shell Settings: Found '{1E9B04FB-F9E5-4718-997B-B8DA88302A48}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Windows Shell Settings: Found 'AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Favorites' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'NetHood' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Personal' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'PrintHood' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Start Menu' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Templates' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Programs' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Startup' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Local Settings' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Local AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'My Pictures' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'My Music' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'CD Burning' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'My Video' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Favorites' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'NetHood' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Personal' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'PrintHood' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Programs' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Start Menu' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Startup' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Templates' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'My Pictures' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Local Settings' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Local AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Programs' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Documents' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Start Menu' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'CommonPictures' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'CommonMusic' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Favorites' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Startup' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Administrative Tools' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Templates' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Personal' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Start Menu' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Programs' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Startup' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Templates' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Favorites' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Documents' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Program Startup Areas: Found 'Hotplug' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'Easy-PrintToolBox' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'T-Online DSL-Manager' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'AOLDialer' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'CloneCDTray' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'nwiz' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'WinampAgent' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'BD' in 'S-1-5-21-1177238915-725345543-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Started Scanning
Internet Cookies
Internet Cookies: Found 'adtech.de' in 'Internet Explorer Cache'
Internet Cookies: Found 'as1.falkag.de' in 'Internet Explorer Cache'
Internet Cookies: Found 'atwola.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'com.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'doubleclick.net' in 'Internet Explorer Cache'
Internet Cookies: Found 'tradedoubler.com' in 'Internet Explorer Cache'
CoolWebSearch Variants (CWShredder)
Programs in Memory
Windows Registry
Windows Registry: Found '' in 'SOFTWARE\Classes\ed2k'
Windows Registry: Found '' in 'SOFTWARE\Classes\ed2k\DefaultIcon'
Windows Registry: Found '' in 'SOFTWARE\Classes\ed2k\shell\open\command'
Windows Registry: Found '' in 'S-1-5-21-1177238915-725345543-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Windows Registry: Found '' in 'S-1-5-21-1177238915-725345543-839522115-1003\Software\Mirabilis'
Internet URL Shortcuts
Files and Directories
Files and Directories: Found 'winmx331.exe' in 'D:\Downloads'
Files and Directories: Found 'winmx331.exe' in 'D:\Programme'
Finished Scanning



2.Log


Verzeichnis von C:\DOKUME~1\STREET~1.XXX\LOKALE~1\Temp

22.05.2006 20:29 16.384 Perflib_Perfdata_910.dat
22.05.2006 20:29 0 xx16
22.05.2006 20:29 0 xx15
22.05.2006 20:29 0 xx14
22.05.2006 20:29 0 xx12
22.05.2006 20:29 0 xx13
22.05.2006 18:22 4.592 SIntfIcn.ani
22.05.2006 18:22 20.016 SIntf32.dll
22.05.2006 18:22 24.744 SIntfNT.dll
22.05.2006 18:22 12.305 SIntf16.dll
22.05.2006 18:18 66 Install.log
22.05.2006 16:36 16.384 Perflib_Perfdata_780.dat
22.05.2006 16:35 16.384 ~DF2FC5.tmp
22.05.2006 16:30 16.384 ~DFC18F.tmp
22.05.2006 14:55 105.267 backdoor.log
22.05.2006 14:50 16.384 ~DFE47B.tmp
22.05.2006 13:40 16.384 ~DF187E.tmp
20.05.2006 19:28 138 wecerr.txt
20.05.2006 13:37 16.384 Perflib_Perfdata_788.dat
20.05.2006 01:21 0 flaA9.tmp
20.05.2006 01:20 0 flaA8.tmp
20.05.2006 01:20 0 flaA7.tmp
20.05.2006 01:18 0 flaA6.tmp
20.05.2006 01:18 0 flaA5.tmp
20.05.2006 01:17 0 flaA4.tmp
20.05.2006 01:16 0 flaA3.tmp
20.05.2006 01:16 0 flaA2.tmp
20.05.2006 01:16 0 fla8E.tmp
20.05.2006 01:15 0 fla8D.tmp
20.05.2006 01:15 0 fla8C.tmp
20.05.2006 01:14 0 fla8B.tmp
20.05.2006 01:13 0 fla8A.tmp
20.05.2006 01:13 0 fla89.tmp
20.05.2006 01:12 0 fla88.tmp
20.05.2006 01:11 0 fla87.tmp
19.05.2006 23:18 4 PMShared
19.05.2006 10:42 11.224 CFG73.tmp
19.05.2006 10:39 11.224 CFG70.tmp
18.05.2006 01:47 0 flaA1.tmp
18.05.2006 01:47 0 flaA0.tmp
18.05.2006 01:46 0 fla9F.tmp
18.05.2006 01:44 0 fla9E.tmp
18.05.2006 01:41 0 fla9D.tmp
18.05.2006 01:41 0 fla9C.tmp
18.05.2006 01:40 0 fla9B.tmp
18.05.2006 01:40 0 fla9A.tmp
18.05.2006 01:39 0 fla99.tmp
18.05.2006 01:39 0 fla98.tmp
18.05.2006 01:38 0 fla97.tmp
18.05.2006 01:38 0 fla96.tmp
18.05.2006 01:38 0 fla95.tmp
18.05.2006 01:38 0 fla94.tmp
18.05.2006 01:36 0 fla93.tmp
18.05.2006 01:36 0 fla92.tmp
18.05.2006 01:36 0 fla91.tmp
18.05.2006 01:36 0 fla90.tmp
18.05.2006 01:36 0 fla8F.tmp
18.05.2006 01:23 0 fla86.tmp
18.05.2006 01:23 0 fla85.tmp
18.05.2006 01:16 0 fla82.tmp
18.05.2006 01:15 0 fla81.tmp
18.05.2006 01:14 0 fla80.tmp
18.05.2006 01:12 0 fla7F.tmp
18.05.2006 01:08 0 fla7E.tmp
18.05.2006 01:07 0 fla7D.tmp
18.05.2006 01:05 0 fla7C.tmp
13.05.2006 20:08 16.384 Perflib_Perfdata_c0.dat
28.04.2006 22:35 16.384 Perflib_Perfdata_1ec.dat
20.04.2006 17:00 49.152 ~DF7A2B.tmp
13.04.2006 19:17 49.152 ~DF3E0F.tmp
13.04.2006 14:54 16.384 Perflib_Perfdata_724.dat
01.04.2006 18:51 16.384 ~DFED52.tmp
30.03.2006 23:03 65.536 ~DFBA98.tmp
21.03.2006 11:08 16.384 ~DFF063.tmp
21.03.2006 11:08 16.384 ~DF941D.tmp
20.03.2006 12:16 65.536 ~DF4895.tmp

#8 1.
virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten
http://www.virustotal.com/flash/index_en.html

D:\Programme\winmx331.exe
D:\Downloads\winmx331.exe

poste den report

--------------------------------------------------------------------
2.
loesche mit der Killbox

C:\DOKUME~1\STREET~1.XXX\LOKALE~1\Temp\xx16
C:\DOKUME~1\STREET~1.XXX\LOKALE~1\Temp\xx15
C:\DOKUME~1\STREET~1.XXX\LOKALE~1\Temp\xx14
C:\DOKUME~1\STREET~1.XXX\LOKALE~1\Temp\xx12
C:\DOKUME~1\STREET~1.XXX\LOKALE~1\Temp\xx13

3.
wende Cleanup an, dann PC neustarten
http://virus-protect.org/cleanup.html

4.
Counterspy
http://virus-protect.org/counterspy.html
* nach dem Scan muss man sich entscheiden für:

*Ignore
*Remove --> Status: Deleted
*Quarantaine

wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab
__________
MfG Sabina

rund um die PC-Sicherheit

#9 ok..


STATUS: FINISHEDComplete scanning result of "winmx331.exe", received in VirusTotal at 05.23.2006, 01:23:49 (CET).

Antivirus Version Update Result
AntiVir 6.34.1.27 05.22.2006 no virus found
Authentium 4.93.8 05.22.2006 no virus found
Avast 4.6.695.0 05.22.2006 no virus found
AVG 386 05.22.2006 no virus found
BitDefender 7.2 05.22.2006 no virus found
CAT-QuickHeal 8.00 05.21.2006 no virus found
ClamAV devel-20060426 05.22.2006 no virus found
DrWeb 4.33 05.22.2006 no virus found
eTrust-InoculateIT 23.72.15 05.23.2006 no virus found
eTrust-Vet 12.4.2221 05.22.2006 no virus found
Ewido 3.5 05.22.2006 no virus found
Fortinet 2.77.0.0 05.23.2006 no virus found
F-Prot 3.16c 05.22.2006 no virus found
Ikarus 0.2.65.0 05.22.2006 no virus found
Kaspersky 4.0.2.24 05.23.2006 no virus found
McAfee 4767 05.22.2006 no virus found
Microsoft 1.1440 05.22.2006 no virus found
NOD32v2 1.1553 05.22.2006 no virus found
Norman 5.90.17 05.22.2006 no virus found
Panda 9.0.0.4 05.22.2006 no virus found
Sophos 4.05.0 05.23.2006 no virus found
Symantec 8.0 05.22.2006 no virus found
TheHacker 5.9.8.146 05.22.2006 no virus found
UNA 1.83 05.22.2006 no virus found
VBA32 3.11.0 05.22.2006 no virus found


Aditional Information
File size: 770048 bytes
MD5: cbabb00ab5753a7fa542c642283a61de
SHA1: d6e0ace298daa0c6fe15a393bbb68ccb77aaf3d2



2.

STATUS: FINISHEDComplete scanning result of "winmx331.exe", received in VirusTotal at 05.23.2006, 01:26:43 (CET).

Antivirus Version Update Result
AntiVir 6.34.1.27 05.22.2006 no virus found
Authentium 4.93.8 05.22.2006 no virus found
Avast 4.6.695.0 05.22.2006 no virus found
AVG 386 05.22.2006 no virus found
BitDefender 7.2 05.22.2006 no virus found
CAT-QuickHeal 8.00 05.21.2006 no virus found
ClamAV devel-20060426 05.22.2006 no virus found
DrWeb 4.33 05.22.2006 no virus found
eTrust-InoculateIT 23.72.15 05.23.2006 no virus found
eTrust-Vet 12.4.2221 05.22.2006 no virus found
Ewido 3.5 05.22.2006 no virus found
Fortinet 2.77.0.0 05.23.2006 no virus found
F-Prot 3.16c 05.22.2006 no virus found
Ikarus 0.2.65.0 05.22.2006 no virus found
Kaspersky 4.0.2.24 05.23.2006 no virus found
McAfee 4767 05.22.2006 no virus found
Microsoft 1.1440 05.22.2006 no virus found
NOD32v2 1.1553 05.22.2006 no virus found
Norman 5.90.17 05.22.2006 no virus found
Panda 9.0.0.4 05.22.2006 no virus found
Sophos 4.05.0 05.23.2006 no virus found
Symantec 8.0 05.22.2006 no virus found
TheHacker 5.9.8.146 05.22.2006 no virus found
UNA 1.83 05.22.2006 no virus found
VBA32 3.11.0 05.22.2006 no virus found


Aditional Information
File size: 770048 bytes
MD5: cbabb00ab5753a7fa542c642283a61de
SHA1: d6e0ace298daa0c6fe15a393bbb68ccb77aaf3d2



2. konnte ich nicht löschen da die dateien nicht vorhanden waren bzw. ich hab sie gesehen und wollte sie killboxen aber dann kann immer

File error This file does not exist

hatte dann weiter gemacht und nach dem Scan sah der Ordner so aus bzw. der report.

report:


Verzeichnis von C:\DOKUME~1\STREET~1.XXX\LOKALE~1\Temp

23.05.2006 11:37 1.212.416 ~DF3975.tmp
23.05.2006 11:37 32.768 ~DFA626.tmp
23.05.2006 11:37 16.384 ~DF5BF1.tmp
23.05.2006 11:35 32.768 ~DF6860.tmp
23.05.2006 11:34 16.384 ~DF60DA.tmp
23.05.2006 11:34 49.152 ~DF4224.tmp
23.05.2006 11:34 16.384 Perflib_Perfdata_778.dat
23.05.2006 02:37 1.212.416 ~DF2A65.tmp
23.05.2006 02:37 32.768 ~DF7ACF.tmp
23.05.2006 02:37 16.384 ~DF4DDF.tmp
23.05.2006 02:32 32.768 ~DF6A82.tmp
23.05.2006 02:31 49.152 ~DF41BA.tmp
23.05.2006 02:31 16.384 ~DF617A.tmp
23.05.2006 02:28 1.212.416 ~DF9A60.tmp
23.05.2006 01:52 1.212.416 ~DF3E8F.tmp
23.05.2006 01:50 1.015.808 ~DF8BB2.tmp
23.05.2006 01:50 49.152 ~DFDEA3.tmp
23.05.2006 01:50 32.768 ~DFD158.tmp
23.05.2006 01:50 16.384 ~DFAE60.tmp
19 Datei(en) 6.275.072 Bytes





3. Ok



4.

Spyware Scan Details
Start Date: 23.05.2006 11:37:49
End Date: 23.05.2006 12:14:01
Total Time: 36 mins 12 secs

Detected spyware

ViewPoint Low Risk Adware more information...
Details: ViewPoint Toolbar is an advertising supported toolbar that provides thumbnail images of search result pages. The toolbar also functions as a pop-up blocker.
Status: Deleted

Infected files detected
c:\programme\viewpoint\viewpoint experience technology\axmetastream.dll
c:\programme\viewpoint\viewpoint experience technology\classids.ini
c:\programme\viewpoint\viewpoint experience technology\componentmgr.dll
c:\programme\viewpoint\viewpoint experience technology\components\aolart.dll
c:\programme\viewpoint\viewpoint experience technology\components\aolshell.dll
c:\programme\viewpoint\viewpoint experience technology\components\aolusershell.dll
c:\programme\viewpoint\viewpoint experience technology\components\cursors.dll
c:\programme\viewpoint\viewpoint experience technology\components\datatracking.dll
c:\programme\viewpoint\viewpoint experience technology\components\gifreader.dll
c:\programme\viewpoint\viewpoint experience technology\components\jpegreader.dll
c:\programme\viewpoint\viewpoint experience technology\components\lensflares.dll
c:\programme\viewpoint\viewpoint experience technology\components\mts3reader.dll
c:\programme\viewpoint\viewpoint experience technology\components\objectmovie.dll
c:\programme\viewpoint\viewpoint experience technology\components\scenecomponent.dll
c:\programme\viewpoint\viewpoint experience technology\components\servicecomponent.dll
c:\programme\viewpoint\viewpoint experience technology\components\sreedmmx.dll
c:\programme\viewpoint\viewpoint experience technology\components\swfview.dll
c:\programme\viewpoint\viewpoint experience technology\components\vectorview.dll
c:\programme\viewpoint\viewpoint experience technology\components\vmpaudio.dll
c:\programme\viewpoint\viewpoint experience technology\components\vmpextras.dll
c:\programme\viewpoint\viewpoint experience technology\components\vmpspeech.dll
c:\programme\viewpoint\viewpoint experience technology\components\vmpvideo.dll
c:\programme\viewpoint\viewpoint experience technology\components\waveletreader.dll
c:\programme\viewpoint\viewpoint experience technology\components\zoomview.dll
c:\programme\viewpoint\viewpoint experience technology\metastreamid.ini
c:\programme\viewpoint\viewpoint experience technology\mtsaxinstaller.exe
c:\programme\viewpoint\viewpoint experience technology\npviewpoint.dll
c:\programme\viewpoint\viewpoint experience technology\npviewpoint.xpt

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\Control
HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\Implemented Categories
HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\InprocServer32 C:\Programme\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\Insertable
HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ProgID AxMetaStream.MetaStreamCtl.1
HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\Programmable
HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ToolboxBitmap32 C:\Programme\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll, 101
HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\VersionIndependentProgID AxMetaStream.MetaStreamCtl
HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} MetaStreamCtl Class
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Viewpoint Media Player
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} ComponentID Viewpoint
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Locale EN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Version 3,2,2,26
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} IsInstalled
HKEY_LOCAL_MACHINE\SOFTWARE\Viewpoint
HKEY_LOCAL_MACHINE\SOFTWARE\Viewpoint Application Path C:\Programme\Viewpoint
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer DisplayName Viewpoint Media Player
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer UninstallString C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl.1
HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl.1\CLSID {03F998B2-0E00-11D3-A498-00104B6EB52E}
HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl.1\Insertable
HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl.1 MetaStreamCtl Class
HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl
HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl\CLSID {03F998B2-0E00-11D3-A498-00104B6EB52E}
HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl\CurVer AxMetaStream.MetaStreamCtl.1
HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl MetaStreamCtl Class


RealVNC Commercial Remote Control Tool more information...
Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet.
Status: Deleted

Infected files detected
D:\Programme\RealVNC\WinVNC\othread2.dll
D:\Programme\RealVNC\WinVNC\vnchooks.dll
D:\Programme\RealVNC\WinVNC\winvnc.exe

#10 **
öffne das Notepad (Texteditor) und kopiere folgendes rein:

Zitat

del c:\*.tmp
del %temp%\*.tmp /f
del %windir%\prefetch\*.*
del %windir%\temp\*.* /f
del c:\dokumente und einstellungen\*\lokale einstellungen\temp\*.* /f

Speichere es ab als clean.bat. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.
Doppelklick auf das Icon und mit "Y" oder "J" bestaetigen , wenn gefragt wird, was zu tun sei.

**
versuche noch einen scan mit panda und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#11 ok hier der report



Incident Status Location

Virus:Bck/Gerzidan.A Disinfected C:\!KillBox\1-Datei.exe[2.exe]
Virus:Trj/KillAV.DW Disinfected C:\!KillBox\1-Datei.exe[win.exe]
Spyware:Cookie/Atwola Not disinfected C:\Dokumente und Einstellungen\Streetfighter\Cookies\streetfighter@atwola[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Dokumente und Einstellungen\Streetfighter\Cookies\streetfighter@com[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Dokumente und Einstellungen\Streetfighter\Cookies\streetfighter@microsofteup.112.2o7[1].txt

#12 nun muesste wieder alles in Ordnung sein, oder findet dein Virenscanner noch etwas ?

**
Families Cleaned by the Malicious Software Removal Tool von MS
http://virus-protect.org/antivirenfree.html
scanne mit diesem Tool und berichte
__________
MfG Sabina

rund um die PC-Sicherheit

#13 nein mein Virenscanner findet nichts mehr.. Gott sei dank ...

bedanke mich vielmals für die sehr kompetente Hilfe , hätte es wahrscheinlich nie alleine geschafft ohne den PC neu zu machen.

ach nochwas am rande!

was für ein Virenscanner würdest du empfehlen ?

hab im moment Norton und bin nicht so richtig begeistert da es soviel Ressourcen braucht und mein System ganz schön ausbremst.

gibt es gute alternativen?


PS: ist die PayPal E-Mail richtig?