Virus im CC Cleaner??? Probleme!!!

#1 Bisher hatte ich mit meinem Rechner keine Probleme. Ad-aware, AVG und CC Cleaner sei dank. Seit einer Woche hängt sich mein Rechner nun regelmäßig auf und seit zwei Tagen funktioniert der CC Cleaner nicht mehr. Das Fenster schließt sofort und bei dem Versuch den Namen der Datei zu ändern stürzt der Rechner ab. Wenn ich im Internet nun Informationen zu dem CC Cleaner suche, schließt der Explorer automatisch alle Fenster.
Meine Virenscanner finden nix. Habe mir gestern auch McAfee besorgt, das aber auch nichts fand! Wer kann mir bitte helfen!
Vielen Dank im voraus,
Janni

#2 Hallo Janni

versuche bitte Combofix anzuwenden + poste hier den Report
http://www.virus-protect.org/artikel/tools/combofix.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#3 Das hat schon einmal geklappt.
Ich konnte posten.
Für mich ist das allerdings nur Chinesisch...

ComboFix 08-03-03.15 - Compaq_Proprietario 2008-03-03 21.11.07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.105 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Compaq_Proprietario\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2008-02-03 al 2008-03-03 )))))))))))))))))))))))))))))))))))
.

2008-03-03 17:59 . 2008-03-03 21:00 <DIR> d-------- C:\Programmi\TuneUp Utilities 2008
2008-03-03 17:59 . 2008-03-03 17:59 <DIR> d-------- C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\TuneUp Software
2008-03-03 17:59 . 2008-03-03 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TuneUp Software
2008-03-03 17:59 . 2008-03-03 17:59 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-03 17:59 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-03-03 07:34 . 2008-03-03 07:34 <DIR> d-------- C:\Programmi\Microsoft CAPICOM 2.1.0.2
2008-03-03 07:25 . 2008-03-03 07:38 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-03-02 23:03 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-02 23:03 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-02 23:02 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-02 23:02 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-02 23:02 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-02 23:02 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-02 22:48 . 2008-03-03 20:51 4,456 --a------ C:\WINDOWS\system32\Config.MPF
2008-03-02 20:20 . 2008-03-02 20:21 <DIR> d-------- C:\Programmi\SiteAdvisor
2008-03-02 20:20 . 2008-03-02 20:20 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\SiteAdvisor
2008-03-02 20:20 . 2008-03-02 23:02 <DIR> d-------- C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\SiteAdvisor
2008-03-02 20:20 . 2008-03-02 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SiteAdvisor
2008-03-02 20:19 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-03-02 20:18 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-03-02 20:18 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-03-02 20:18 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-03-02 20:18 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-03-02 20:18 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-03-02 20:18 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-03-02 20:17 . 2008-03-02 20:17 <DIR> d-------- C:\Programmi\McAfee.com
2008-03-02 20:17 . 2008-03-03 18:56 <DIR> d-------- C:\Programmi\McAfee
2008-03-02 20:17 . 2008-03-03 07:44 <DIR> d-------- C:\Programmi\File comuni\McAfee
2008-03-02 20:10 . 2008-03-02 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\McAfee
2008-03-02 18:29 . 2008-03-02 20:12 87,236,999 --a------ C:\Programmi\McAfee Total Protection 2008 (Retail)-HeartBug.zip
2008-03-01 21:05 . 2008-03-01 21:05 <DIR> d-------- C:\kav
2008-03-01 16:33 . 2008-03-01 16:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-01 16:33 . 2008-03-01 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-18 10:04 . 2008-03-03 20:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-18 10:04 . 2008-02-18 10:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-04 21:21 . 2007-12-07 03:04 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-04 21:21 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-04 21:21 . 2007-07-01 04:36 1,032,192 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-04 21:21 . 2007-12-07 03:04 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-04 21:21 . 2007-12-07 03:04 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-04 21:21 . 2007-12-07 03:04 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-04 21:21 . 2007-12-07 03:04 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-04 21:21 . 2007-12-07 03:04 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-04 21:21 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-03-03 19:53 --------- d-----w C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\Skype
2008-03-03 16:58 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-02-04 12:58 --------- d-----w C:\Programmi\File comuni\Adobe
2008-02-03 13:51 --------- d-----w C:\Programmi\BitComet
2008-01-16 20:04 --------- d-----w C:\Programmi\Claris Corp
2008-01-11 05:32 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 20:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-01-10 20:48 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-05 19:58 --------- d-----w C:\Programmi\Telecom Italia
2008-01-05 16:23 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-05 16:23 --------- d-----w C:\Programmi\ANI
2008-01-05 11:35 --------- d-----w C:\Programmi\D-Link
2007-12-19 22:50 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:04 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:03 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:40 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:40 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2006-12-29 19:11 36,808,256 ----a-w C:\Programmi\iTunesSetup.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{112AB43D-32C4-3B21-53BA-13A46743BC34}]
2002-04-16 13:38 48128 --a------ C:\WINDOWS\system32\mousegex.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7428F943-BC4F-4A39-3B43-AB433C523B34}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 05:00 15360]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2007-08-17 02:45 23120680]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\G oogleToolbarNotifier.exe" [2007-06-17 07:56 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"Octoshape Streaming Services"="C:\Programmi\Octoshape Streaming Services\Compaq_Proprietario\OctoshapeClient.exe" [2006-02-13 17:33 214648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_0 3\bin\jusched.exe" [2007-09-25 00:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 10:04 52736]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 09:30 7110656]
"nwiz"="nwiz.exe" [2005-08-02 09:30 1519616 C:\WINDOWS\system32\nwiz.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 15:14 237568]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 16:17 90112]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 19:23 663552]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPwuSchd2.exe" [2005-02-16 23:11 49152]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 08:20 372736]
"OpwareSE2"="C:\Programmi\ScanSoft\OmniPageSE2.0\O pwareSE2.exe" [2003-05-08 10:00 49152]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-05-12 20:49 185896]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 13:08 20480]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-07-10 09:33 675840]
"@"="" []
"skypeclient.exe"="C:\Programmi\Gigaset DECT\gigaset-m34-software\skypeclient.exe" [2004-12-10 13:30 610304]
"keymap.exe"="C:\Programmi\Gigaset DECT\gigaset-m34-software\keymap.exe" [2004-12-10 13:16 167936]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.e xe" [2007-11-15 13:11 267048]
"D-Link AirPlus G"="C:\Programmi\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04 1544192]
"ANIWZCS2Service"="C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19 49152]
"SiteAdvisor"="C:\Programmi\SiteAdvisor\6145\SiteA dv.exe" [2007-06-22 00:12 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]
"mcagent_exe"="C:\Programmi\McAfee.com\Agent\mcage nt.exe" [2007-08-03 22:33 582992]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-06 17:39 110592]
"dlrblckr.exe"="C:\Programmi\Gigaset DECT\gigaset-m34-usb\dlrblckr.exe" [2004-12-10 13:11 57460]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger="c:\windows\system32\tttjpvws.tmp"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"messengerservice.exe"="C:\Programmi\Gigaset DECT\gigaset-m34-software\messengerservice.exe"
"Soundlibs"=C:\WINDOWS\soundlib.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\StubInstaller.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Octoshape Streaming Services\\Compaq_Proprietario\\OctoshapeClient.exe "=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\kav\\kav7.0\\german\\setup.exe"=
"C:\\Programmi\\File comuni\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"7007:TCP"= 7007:TCP:BitComet 7007 TCP
"7007:UDP"= 7007:UDP:BitComet 7007 UDP

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-19 05:00]
R3 Atkcfg;Cordless Device Configuration;C:\WINDOWS\system32\Drivers\atkcfg.s ys [2004-12-10 13:07]
R3 Gig5gu;Cordless Internet Access;C:\WINDOWS\system32\Drivers\gig5gu.sys [2005-08-18 07:32]
R3 Gigsrf;Cordless Device Line Access;C:\WINDOWS\system32\Drivers\gigsrf.sys [2004-12-10 13:09]
R3 Gigtnc;Cordless PC Control;C:\WINDOWS\system32\Drivers\gigtnc.sys [2004-12-10 13:08]
R3 siellif;siellif;C:\WINDOWS\system32\Drivers\sielli f.sys [2005-03-01 10:33]
R3 Sieupapp;Cordless Device Update;C:\WINDOWS\system32\Drivers\Sieupapp.sys [2004-12-10 13:04]
R3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-08-04 07:30]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.ex e [2008-03-03 17:59]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-03 20:00:01 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programmi\TuneUp Utilities 2008\OneClickStarter.exe
"2008-03-03 18:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-03-02 19:17:57 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\programmi\mcafee\mqc\QcConsol.exe'
"2008-03-02 19:17:55 C:\WINDOWS\Tasks\McQcTask.job"
- c:\programmi\mcafee\mqc\QcConsol.exe
"2008-02-15 17:21:20 C:\WINDOWS\Tasks\Servizi Internet.job"
- C:\Programmi\Hewlett-Packard\SDP\HPSdpApp.exe^/remind /LaunchPoint reminder /App C:\Programmi\Hewlett-Packard\Internet Services\StartIS.aml
.
************************************************** ************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Programmi\WinRAR\rarext.dll
-> C:\WINDOWS\system32\mousegex.dll
.
Ora fine scansione: 2008-03-03 21.17.23
ComboFix-quarantined-files.txt 2008-03-03 20:16:25
.
2008-03-03 06:38:14 --- E O F ---

#4 Hallo,

auf dem Rechner ist ein Trojaner... du solltest alle deine Passworte ändern...
-----------------

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern

Zitat

KILLALL::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
"Debugger"=-
[-HKEY_CLASSES_ROOT\TypeLib\{8E98DE0A-6C2E-4CE8-BAF0-CD181DC0A3A3}]
[-HKEY_CLASSES_ROOT\MouseGestures.down]
[-HKEY_CLASSES_ROOT\Interface\{8343D20F-134A-C418-2B2D-1242E31B0E48}]
[-HKEY_CLASSES_ROOT\CLSID\{112AB43D-32C4-3B21-53BA-13A46743BC34}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{112AB43D-32C4-3B21-53BA-13A46743BC34}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7428F943-BC4F-4A39-3B43-AB433C523B34}]

File::
C:\WINDOWS\system32\mousegex.dll
c:\windows\system32\tttjpvws.tmp

Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.
cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen




danach: Combofix noch einmal anwenden

PC neustarten

««
poste das neue Log von Combofix

_________

lade sdfix
http://www.virus-protect.org/artikel/tools/sdfix.html
im Normalmodus - RunThis.bat doppelt klicken - wähle 3 : wird Sophos geladen
scanne + kopiere hier den scanreport
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#5 Lieber Pinguin,

vielen Dank für deinen Rat.
Allerdings hatte ich vorher von einem Freund noch einen weiteren Tipp bekommen und prevxcsi benutzt. Das Programm hat malware bei mir gefunden und zwar:
tttjpvws
mousegex.dll
swreg.exe
Nach dem entfernen dieser Dateien konnte ich den cc cleaner wieder benutzen. Das einzige Problem:
Die swreg-malware tauchte kurz danach wieder auf.
Was soll ich machen?
Gilt dein Hinweis oben noch?

Ich poste mal den neuen Log:
ComboFix 08-03-03.15 - Compaq_Proprietario 2008-03-05 17.53.56.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.79 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Compaq_Proprietario\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Creati Da 2008-02-05 al 2008-03-05 )))))))))))))))))))))))))))))))))))
.

2008-03-05 16:34 . 2008-03-05 16:34 <DIR> d-------- C:\Programmi\PrevxCSI
2008-03-05 16:34 . 2008-03-05 17:48 <DIR> d-------- C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\PrevxCSI
2008-03-05 16:34 . 2008-03-05 17:03 10,752 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-03-05 14:13 . 2008-03-05 15:51 3,284 --a------ C:\WINDOWS\system32\ANIWZCS{BF67C9D1-1183-439F-BEED-406220FAC5FD}
2008-03-05 14:06 . 2008-03-05 14:06 <DIR> d-------- C:\Documents and Settings\Compaq_Proprietario\DoctorWeb
2008-03-05 13:30 . 2008-03-05 13:30 <DIR> d-------- C:\Deckard
2008-03-04 22:57 . 2008-03-04 22:57 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\McAfee
2008-03-04 00:05 . 2008-03-04 00:05 <DIR> d-------- C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\McAfee
2008-03-03 17:59 . 2008-03-03 21:00 <DIR> d-------- C:\Programmi\TuneUp Utilities 2008
2008-03-03 17:59 . 2008-03-03 17:59 <DIR> d-------- C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\TuneUp Software
2008-03-03 17:59 . 2008-03-03 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TuneUp Software
2008-03-03 17:59 . 2008-03-03 17:59 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-03 17:59 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-03-03 07:34 . 2008-03-03 07:34 <DIR> d-------- C:\Programmi\Microsoft CAPICOM 2.1.0.2
2008-03-02 23:03 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-02 23:03 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-02 23:02 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-02 23:02 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-02 23:02 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-02 23:02 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-02 22:48 . 2008-03-05 17:39 6,482 --a------ C:\WINDOWS\system32\Config.MPF
2008-03-02 20:20 . 2008-03-02 20:21 <DIR> d-------- C:\Programmi\SiteAdvisor
2008-03-02 20:20 . 2008-03-02 20:20 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\SiteAdvisor
2008-03-02 20:20 . 2008-03-02 23:02 <DIR> d-------- C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\SiteAdvisor
2008-03-02 20:20 . 2008-03-02 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SiteAdvisor
2008-03-02 20:19 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-03-02 20:18 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-03-02 20:18 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-03-02 20:18 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-03-02 20:18 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-03-02 20:18 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-03-02 20:18 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-03-02 20:17 . 2008-03-02 20:17 <DIR> d-------- C:\Programmi\McAfee.com
2008-03-02 20:17 . 2008-03-03 18:56 <DIR> d-------- C:\Programmi\McAfee
2008-03-02 20:17 . 2008-03-03 07:44 <DIR> d-------- C:\Programmi\File comuni\McAfee
2008-03-02 20:10 . 2008-03-04 00:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\McAfee
2008-03-02 18:29 . 2008-03-02 20:12 87,236,999 --a------ C:\Programmi\McAfee Total Protection 2008 (Retail)-HeartBug.zip
2008-03-01 21:05 . 2008-03-01 21:05 <DIR> d-------- C:\kav
2008-03-01 16:33 . 2008-03-01 16:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-01 16:33 . 2008-03-01 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-18 10:04 . 2008-03-05 17:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-18 10:04 . 2008-02-18 10:04 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 16:50 --------- d-----w C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\Skype
2008-03-05 16:47 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-03-03 16:58 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-02-04 12:58 --------- d-----w C:\Programmi\File comuni\Adobe
2008-02-03 13:51 --------- d-----w C:\Programmi\BitComet
2008-01-16 20:04 --------- d-----w C:\Programmi\Claris Corp
2008-01-11 05:32 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 20:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-01-10 20:48 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-05 19:58 --------- d-----w C:\Programmi\Telecom Italia
2008-01-05 16:23 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-05 16:23 --------- d-----w C:\Programmi\ANI
2008-01-05 11:35 --------- d-----w C:\Programmi\D-Link
2007-12-19 22:50 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:04 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:03 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-12-29 19:11 36,808,256 ----a-w C:\Programmi\iTunesSetup.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{112AB43D-32C4-3B21-53BA-13A46743BC34}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7428F943-BC4F-4A39-3B43-AB433C523B34}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 05:00 15360]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2007-08-17 02:45 23120680]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 07:56 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"Octoshape Streaming Services"="C:\Programmi\Octoshape Streaming Services\Compaq_Proprietario\OctoshapeClient.exe" [2006-02-13 17:33 214648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 10:04 52736]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 09:30 7110656]
"nwiz"="nwiz.exe" [2005-08-02 09:30 1519616 C:\WINDOWS\system32\nwiz.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 15:14 237568]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 16:17 90112]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 19:23 663552]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPwuSchd2.exe" [2005-02-16 23:11 49152]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 08:20 372736]
"OpwareSE2"="C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00 49152]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-05-12 20:49 185896]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 13:08 20480]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-07-10 09:33 675840]
"skypeclient.exe"="C:\Programmi\Gigaset DECT\gigaset-m34-software\skypeclient.exe" [2004-12-10 13:30 610304]
"keymap.exe"="C:\Programmi\Gigaset DECT\gigaset-m34-software\keymap.exe" [2004-12-10 13:16 167936]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"D-Link AirPlus G"="C:\Programmi\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04 1544192]
"ANIWZCS2Service"="C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19 49152]
"SiteAdvisor"="C:\Programmi\SiteAdvisor\6145\SiteAdv.exe" [2007-06-22 00:12 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]
"mcagent_exe"="C:\Programmi\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-06 17:39 110592]
"dlrblckr.exe"="C:\Programmi\Gigaset DECT\gigaset-m34-usb\dlrblckr.exe" [2004-12-10 13:11 57460]
"MBkLogOnHook"="C:\Programmi\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]

C:\Documents and Settings\Compaq_Proprietario\Menu Avvio\Programmi\Esecuzione automatica\
PrevxCSI.lnk - C:\Programmi\PrevxCSI\prevxcsi.exe [2008-03-05 16:34:30 100352]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"messengerservice.exe"="C:\Programmi\Gigaset DECT\gigaset-m34-software\messengerservice.exe"
"Soundlibs"=C:\WINDOWS\soundlib.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\StubInstaller.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Octoshape Streaming Services\\Compaq_Proprietario\\OctoshapeClient.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\kav\\kav7.0\\german\\setup.exe"=
"C:\\Programmi\\File comuni\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7007:TCP"= 7007:TCP:BitComet 7007 TCP
"7007:UDP"= 7007:UDP:BitComet 7007 UDP

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-03-05 17:03]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-19 05:00]
R3 Atkcfg;Cordless Device Configuration;C:\WINDOWS\system32\Drivers\atkcfg.sys [2004-12-10 13:07]
R3 Gig5gu;Cordless Internet Access;C:\WINDOWS\system32\Drivers\gig5gu.sys [2005-08-18 07:32]
R3 Gigsrf;Cordless Device Line Access;C:\WINDOWS\system32\Drivers\gigsrf.sys [2004-12-10 13:09]
R3 Gigtnc;Cordless PC Control;C:\WINDOWS\system32\Drivers\gigtnc.sys [2004-12-10 13:08]
R3 siellif;siellif;C:\WINDOWS\system32\Drivers\siellif.sys [2005-03-01 10:33]
R3 Sieupapp;Cordless Device Update;C:\WINDOWS\system32\Drivers\Sieupapp.sys [2004-12-10 13:04]
R3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-08-04 07:30]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-03 17:59]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-05 16:03:07 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programmi\TuneUp Utilities 2008\OneClickStarter.exe
"2008-03-03 18:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-03-02 19:17:57 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\programmi\mcafee\mqc\QcConsol.exe'
"2008-03-02 19:17:55 C:\WINDOWS\Tasks\McQcTask.job"
- c:\programmi\mcafee\mqc\QcConsol.exe
"2008-02-15 17:21:20 C:\WINDOWS\Tasks\Servizi Internet.job"
- C:\Programmi\Hewlett-Packard\SDP\HPSdpApp.exe^/remind /LaunchPoint reminder /App C:\Programmi\Hewlett-Packard\Internet Services\StartIS.aml
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 17:57:01
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-03-05 17.59.20
ComboFix-quarantined-files.txt 2008-03-05 16:59:01
ComboFix2.txt 2008-03-05 16:43:43
ComboFix3.txt 2008-03-03 20:17:24
.
2008-03-03 06:38:14 --- E O F ---

#6 klar..mein script gilt immer noch...wende es bitte an + poste den report von combofix nach neustart
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#7 Lieber Pinguin,

meine Virenscanner haben mir gerade die Combofix-Datei als gefährliche Datei angezeigt. Entschuldige nun meine Skepsis, aber kannst du mir die Analyse unten erklären?
Virustotal hat folgendes gefunden:

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.3.4.0 2008.03.07 -
AntiVir 7.6.0.73 2008.03.07 APPL/Rmadmin.131072
Authentium 4.93.8 2008.03.07 -
Avast 4.7.1098.0 2008.03.07 -
AVG 7.5.0.516 2008.03.07 -
BitDefender 7.2 2008.03.07 -
CAT-QuickHeal 9.50 2008.03.07 -
ClamAV 0.92.1 2008.03.07 -
DrWeb 4.44.0.09170 2008.03.07 BATCH.Virus
eSafe 7.0.15.0 2008.03.06 suspicious Trojan/Worm
eTrust-Vet 31.3.5595 2008.03.07 -
Ewido 4.0 2008.03.07 -
FileAdvisor 1 2008.03.07 -
Fortinet 3.14.0.0 2008.03.07 -
F-Prot 4.4.2.54 2008.03.07 -
F-Secure 6.70.13260.0 2008.03.07 -
Ikarus T3.1.1.20 2008.03.07 -
Kaspersky 7.0.0.125 2008.03.07 -
McAfee 5247 2008.03.07 potentially unwanted program RemAdm-ProcLaunch!171
Microsoft 1.3301 2008.03.07 -
NOD32v2 2930 2008.03.07 -
Norman 5.80.02 2008.03.07 -
Panda 9.0.0.4 2008.03.06 Suspicious file
Prevx1 V2 2008.03.07 -
Rising 20.34.42.00 2008.03.07 -
Sophos 4.27.0 2008.03.07 NirCmd
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.07 -
TheHacker 6.2.92.236 2008.03.07 -
VBA32 3.12.6.2 2008.03.05 Trojan.Proxy.2804
VirusBuster 4.3.26:9 2008.03.07 -
Webwasher-Gateway 6.6.2 2008.03.07 Riskware.Rmadmin.131072

#8 Combofix ist natuerlich nicht gefaehrlich ...einige scanner koennen bei einer ausfuehrbaren Datei nicht unterscheiden, ob es Schadkode enthaelt oder nicht.

AntiVir ->> APPL - ist als Applikation gekennzeichnet, was es auch ist alles andere ist Quatsch
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/