thread für Schwan08 - VIRUS ALERT!

#0
15.06.2008, 14:18
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#1 thread für Schwan08 - VIRUS ALERT!

Zitat

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50: VIRUS ALERT!, on 13.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
C:\VIRUSfighter\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
D:\Tobit ClipInc\Server\ClipInc-Server.exe
D:\Tobit ClipInc\Server\ClipInc-Server.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Scansoft\PaperPort\pptd40nt.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\VIRUSfighter\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\VIRUSfighter\Nvc\BIN\NIP.EXE
D:\Tobit ClipInc\Player\ClipIncTray.exe
C:\Programme\WinSweep\winjam.exe
C:\Programme\WinSweep\WSMonitor.exe
C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
C:\VIRUSfighter\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\svchost.exe
C:\VIRUSfighter\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\WinSweep\WSProxy.Exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Axel\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BC7I037F\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Programme\WinSweep\no-ads.pac
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {E915E62E-41DA-40D0-8106-3438B4D24394} - (no file)
O3 - Toolbar: (no name) - {109C6D5D-2E6B-48CA-9584-4691AEEA8FBF} - (no file)
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programme\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [RegTuner] "C:\Programme\DATA BECKER\BECKER Tools Registry Tuner\REGTUNER.EXE" /CHECK
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WINSWEEP] C:\Programme\WinSweep\WINSWEEP.Exe /AUTO
O4 - HKCU\..\Run: [ClipIncSrvTray] "D:\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [WINSWEEP Reklameblockierung] C:\Programme\WinSweep\winjam.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WinSweep.lnk = C:\Programme\WinSweep\WinSweep.Exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - D:\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 002 (ClipInc002) - Unknown owner - D:\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 003 (ClipInc003) - Unknown owner - D:\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\VIRUSfighter\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE

--
End of file - 7797 bytes

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.06.2008, 14:24
Ehrenmitglied
Themenstarter
Avatar Sabina

Beiträge: 29434
#2 Hallo Schwan08
ich habe den Thread umgesetzt, nun ist er an der richtigen Stelle ;)

««
wende cleaner an + lösche die temp-Dateien
http://www.ccleaner.de/?protecus.de

««
mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked. + starte den Rechner neu.

Zitat

O3 - Toolbar: (no name) - {E915E62E-41DA-40D0-8106-3438B4D24394} - (no file)
O3 - Toolbar: (no name) - {109C6D5D-2E6B-48CA-9584-4691AEEA8FBF} - (no file)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
PC neustarten

«
scannen + poste den report
http://virus-protect.org/artikel/tools/malwarebytes.html

«
wende combofix an , warnmeldung wegklicken + poste hier den report
http://virus-protect.org/artikel/tools/combofix.html

----------------------------------------------------------

wenn dann alles sauber ist, (nach dem log von Combofix werde ich noch ein script erstellen)
arbeite das ab:
http://board.protecus.de/t33739.htm
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.06.2008, 11:53
Ehrenmitglied
Themenstarter
Avatar Sabina

Beiträge: 29434
#3 neues log

Zitat

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50: VIRUS ALERT!, on 13.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
C:\VIRUSfighter\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
D:\Tobit ClipInc\Server\ClipInc-Server.exe
D:\Tobit ClipInc\Server\ClipInc-Server.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Scansoft\PaperPort\pptd40nt.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\VIRUSfighter\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\VIRUSfighter\Nvc\BIN\NIP.EXE
D:\Tobit ClipInc\Player\ClipIncTray.exe
C:\Programme\WinSweep\winjam.exe
C:\Programme\WinSweep\WSMonitor.exe
C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
C:\VIRUSfighter\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\svchost.exe
C:\VIRUSfighter\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\WinSweep\WSProxy.Exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Axel\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BC7I037F\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Programme\WinSweep\no-ads.pac
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {E915E62E-41DA-40D0-8106-3438B4D24394} - (no file)
O3 - Toolbar: (no name) - {109C6D5D-2E6B-48CA-9584-4691AEEA8FBF} - (no file)
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programme\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [RegTuner] "C:\Programme\DATA BECKER\BECKER Tools Registry Tuner\REGTUNER.EXE" /CHECK
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WINSWEEP] C:\Programme\WinSweep\WINSWEEP.Exe /AUTO
O4 - HKCU\..\Run: [ClipIncSrvTray] "D:\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [WINSWEEP Reklameblockierung] C:\Programme\WinSweep\winjam.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WinSweep.lnk = C:\Programme\WinSweep\WinSweep.Exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - D:\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 002 (ClipInc002) - Unknown owner - D:\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 003 (ClipInc003) - Unknown owner - D:\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\VIRUSfighter\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE

--
End of file - 7797 bytes

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
22.06.2008, 21:33
...neu hier

Beiträge: 1
#4 Hallo Sabina
versuche dies mal es richtig zu machen.
danke für die erneute Mail von euch.
Hier das Log von combofix

ComboFix 08-06-16.5 - Axel 2008-06-22 21:16:45.2 - [color=red]FAT32[/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.300 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Axel\Eigene Dateien\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((( Dateien erstellt von 2008-05-22 bis 2008-06-22 ))))))))))))))))))))))))))))))
.

2008-06-13 17:19 . 2008-06-13 17:19 <DIR> d--hs---- C:\FOUND.012
2008-06-12 20:34 . 2008-06-22 20:46 38,216 --a------ C:\Regopt.exe
2008-06-12 20:34 . 2008-06-22 20:46 23,520 --a------ C:\Rs_dos.exe
2008-06-12 20:34 . 2008-06-22 20:46 94 --a------ C:\Autoexec.-rs
2008-06-12 20:10 . 2008-06-12 20:10 <DIR> d-------- C:\RSBackUp
2008-06-12 17:43 . 1997-07-10 13:54 11,642,580 --a------ C:\WINDOWS\Full.dll
2008-06-12 17:43 . 1998-08-18 15:17 8,384 --a------ C:\WINDOWS\RRS.EXE
2008-06-12 17:43 . 1997-07-14 18:54 1,536 --a------ C:\WINDOWS\RSC.EXE
2008-06-11 00:08 . 2008-06-14 19:57 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 00:08 . 2008-06-14 19:57 273,024 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 02:39 . 2008-06-09 02:39 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Startmen
2008-06-09 02:30 . 2008-06-09 02:31 <DIR> d-------- C:\VIRUSfighter
2008-06-07 01:28 . 2008-06-07 01:28 <DIR> d-------- C:\Programme\Trend Micro
2008-06-07 00:06 . 2008-06-07 00:06 <DIR> d--hs---- C:\FOUND.011
2008-06-05 22:03 . 2008-06-05 22:03 <DIR> d-------- C:\Programme\Avira
2008-06-05 00:37 . 2008-06-05 00:37 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2008-06-02 22:30 . 2008-06-02 22:30 <DIR> d--hs---- C:\FOUND.010
2008-05-28 21:47 . 2008-05-28 21:47 <DIR> d-------- C:\kav
2008-05-28 21:34 . 2008-05-28 21:34 <DIR> d--hs---- C:\FOUND.009
2008-05-28 07:13 . 2008-05-28 07:13 <DIR> d--hs---- C:\FOUND.008
2008-05-27 20:35 . 2008-05-27 20:35 <DIR> d-a------ C:\Programme\Lavasoft
2008-05-27 20:35 . 2008-05-27 20:35 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-05-27 20:34 . 2008-05-27 20:34 <DIR> d-a------ C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-05-27 20:28 . 2008-05-27 20:28 <DIR> d-a------ C:\Programme\Gemeinsame Dateien\FestplattenReiniger

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-15 19:49 17,584 ----a-w C:\Programme\WinSweephosts.bak
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 19:02 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-05-07 19:01 --------- d---a-w C:\Programme\Spyware Doctor
2008-05-07 05:14 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:14 1,293,312 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-28 13:16 1,541,896 ----a-w C:\WINDOWS\CISUnins.exe
2008-04-28 13:16 1,541,896 ----a-w C:\WINDOWS\CICUnins.exe
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-13 17:43 155,995 ----a-w C:\WINDOWS\java\Packages\AQKTFHRD.ZIP
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 187,168 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 187,168 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-18_21.21.21.91 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-18 19:19:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-22 19:21:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-14 15:51:00 273,024 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-14 17:57:40 273,024 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2008-06-11 07:17:52 593,920 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-06-18 19:58:02 593,920 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-06-11 07:17:52 12,288 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-18 19:58:02 12,288 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-06-11 07:17:52 86,016 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-06-18 19:58:02 86,016 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-06-11 07:17:52 135,168 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-18 19:58:02 135,168 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-06-11 07:17:52 11,264 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-18 19:58:02 11,264 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-06-11 07:17:52 27,136 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-18 19:58:02 27,136 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-06-11 07:17:52 4,096 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-18 19:58:02 4,096 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-06-11 07:17:52 794,624 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-06-18 19:58:02 794,624 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-06-11 07:17:52 249,856 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-06-18 19:58:02 249,856 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-06-11 07:17:52 61,440 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-06-18 19:58:02 61,440 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-06-11 07:17:52 23,040 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-06-18 19:58:02 23,040 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-06-11 07:17:52 286,720 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-06-18 19:58:02 286,720 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-06-11 07:17:52 409,600 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-06-18 19:58:02 409,600 ----a-r C:\WINDOWS\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\xlicons.exe
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Seitenanfang Seitenende
23.06.2008, 10:51
Ehrenmitglied
Themenstarter
Avatar Sabina

Beiträge: 29434
#5 Hallo Schwan08

««
scannen + poste den report
http://virus-protect.org/artikel/tools/malwarebytes.html

-------------------------------------------------------------------------

das Log von Combofix ist nicht komplett, du kannst dennoch schon mal folgendes machen:

««
http://virus-protect.org/artikel/tools/otmoveIt.html
öffne: OTMoveIt.exe

OTMoveIt Kopiere rein: im linken Fenster ,wo steht: Paste List of Files/Folders to Move

Zitat

C:\Programme\Gemeinsame Dateien\FestplattenReiniger
Klicke auf den Roten MoveIt!

««
dann wende combofix noch mal an + poste den KOMPLETTEN Report ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende