| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: NewDotNet und DR/OneStep.E.1 und weiteresWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.05.2008, 22:04
| #1 |
| |  NewDotNet und DR/OneStep.E.1 und weiteres Hi, 1) NewDotNet Ich bin ziemlich unerfahren mit Computerproblemen und auf meinem Windows XP zeigt Avira AntiVir den Trojaner NewDotNet an, den ich nicht löschen kann. Ich habe bei Google nachgeschaut und Newdotnet deinstalliert, allerdings nach dem Booten kommt immer noch die gleiche Meldung mit NewDotNet Dateien. Nun habe ich nicht mehr die Option der Deinstallation, da ich es unter Systemsteuerung nicht mehr sehe. 2) Luke Filewalker hat nun auch DR/OneStep.E.1 entdeckt. Ich weiss nicht wie ich meinen Computer desinfiziere. Für jede Hilfe bin ich dankbar. Erstmal folgendes Logfile, welches wohl nicht ausreichend ist ?! ============================ Avira AntiVir Personal Report file date: Freitag, 2. Mai 2008 21:50 Scanning for 1246006 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: Mihael Computer name: MDCOMPUTER Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09.04.2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 19.04.2008 15:32:47 AVSCAN.DLL : 8.1.1.0 53505 Bytes 19.04.2008 15:32:47 LUKE.DLL : 8.1.2.9 151809 Bytes 19.04.2008 15:32:47 LUKERES.DLL : 8.1.2.1 12033 Bytes 19.04.2008 15:32:47 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 21:25:11 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07.03.2008 18:12:43 ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 22.04.2008 20:16:21 ANTIVIR3.VDF : 7.0.3.236 249344 Bytes 01.05.2008 20:16:48 Engineversion : 8.1.0.37 AEVDF.DLL : 8.1.0.5 102772 Bytes 19.04.2008 15:32:48 AESCRIPT.DLL : 8.1.0.28 233851 Bytes 30.04.2008 20:14:18 AESCN.DLL : 8.1.0.15 119157 Bytes 30.04.2008 20:14:17 AERDL.DLL : 8.1.0.20 418165 Bytes 25.04.2008 20:14:30 AEPACK.DLL : 8.1.1.4 364918 Bytes 29.04.2008 20:14:07 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19.04.2008 15:32:48 AEHEUR.DLL : 8.1.0.21 1196407 Bytes 30.04.2008 20:14:16 AEHELP.DLL : 8.1.0.14 115063 Bytes 19.04.2008 15:32:47 AEGEN.DLL : 8.1.0.18 299381 Bytes 25.04.2008 20:14:23 AEEMU.DLL : 8.1.0.5 430450 Bytes 19.04.2008 15:32:47 AECORE.DLL : 8.1.0.27 168310 Bytes 19.04.2008 15:32:47 AVWINLL.DLL : 1.0.0.7 14593 Bytes 19.04.2008 15:32:47 AVPREF.DLL : 8.0.0.1 25857 Bytes 19.04.2008 15:32:47 AVREP.DLL : 7.0.0.1 155688 Bytes 20.04.2007 21:31:06 AVREG.DLL : 8.0.0.0 30977 Bytes 19.04.2008 15:32:47 AVARKT.DLL : 1.0.0.23 307457 Bytes 19.04.2008 15:32:47 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 19.04.2008 15:32:47 SQLITE3.DLL : 3.3.17.1 339968 Bytes 19.04.2008 15:32:47 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 19.04.2008 15:32:47 NETNT.DLL : 8.0.0.1 7937 Bytes 19.04.2008 15:32:47 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 19.04.2008 15:32:43 RCTEXT.DLL : 8.0.32.0 86273 Bytes 19.04.2008 15:32:43 Configuration settings for the scan: Jobname..........................: Local Hard Disks Configuration file...............: C:\Programme\AntiVir PersonalEdition Classic\alldiscs.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: Freitag, 2. Mai 2008 21:50 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '1' Module(s) have been scanned Scan process 'spywareblaster.exe' - '1' Module(s) have been scanned Scan process 'spywareblaster.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned Scan process 'NkbMonitor.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'googletalk.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'Corel Photo Downloader.exe' - '1' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'fpassist.exe' - '1' Module(s) have been scanned Scan process 'brctrcen.exe' - '1' Module(s) have been scanned Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned Scan process 'Realmon.exe' - '1' Module(s) have been scanned Scan process 'PCMService.exe' - '1' Module(s) have been scanned Scan process 'CNYHKey.exe' - '1' Module(s) have been scanned Scan process 'mHotkey.exe' - '1' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'nvraidservice.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'WkDStore.exe' - '1' Module(s) have been scanned Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned Scan process 'NkbMonitor.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'Corel Photo Downloader.exe' - '1' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'fpassist.exe' - '1' Module(s) have been scanned Scan process 'brctrcen.exe' - '1' Module(s) have been scanned Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned Scan process 'Realmon.exe' - '1' Module(s) have been scanned Scan process 'PCMService.exe' - '1' Module(s) have been scanned Scan process 'CNYHKey.exe' - '1' Module(s) have been scanned Scan process 'mHotkey.exe' - '1' Module(s) have been scanned Scan process 'carpserv.exe' - '1' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'nvraidservice.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'nnrun.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'PSIService.exe' - '1' Module(s) have been scanned Scan process 'TNSLSNR.EXE' - '1' Module(s) have been scanned Scan process 'oracle.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'nnrun.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'InoRT.exe' - '1' Module(s) have been scanned Scan process 'InoRpc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'CLMLService.exe' - '1' Module(s) have been scanned Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned Scan process 'CLSched.exe' - '1' Module(s) have been scanned Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'scardsvr.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 83 processes with 83 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! [WARNING] Das Gerät ist nicht bereit. Master boot sector HD2 [INFO] No virus was found! [WARNING] Das Gerät ist nicht bereit. Master boot sector HD3 [INFO] No virus was found! [WARNING] Das Gerät ist nicht bereit. Master boot sector HD4 [INFO] No virus was found! [WARNING] Das Gerät ist nicht bereit. Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '48' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\41EJSPQ3\upgrade[1].cab [0] Archive type: CAB (Microsoft) --> upgrade.exe [DETECTION] Contains detection pattern of the dropper DR/OneStep.C.137 [NOTE] The file was moved to '48827259.qua'! C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLQVGD23\upgrade[2].cab [0] Archive type: CAB (Microsoft) --> upgrade.exe [DETECTION] Contains detection pattern of the dropper DR/OneStep.E.1 [NOTE] The file was moved to '4882725d.qua'! End of the scan: Freitag, 2. Mai 2008 22:12 Used time: 21:57 min The scan has been canceled! 4846 Scanning directories 245001 Files were scanned 2 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 2 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 244999 Files not concerned 1166 Archives were scanned 6 Warnings 2 Notes |
| Themen zu NewDotNet und DR/OneStep.E.1 und weiteres |
| .dll, 0 bytes, antivir, avg, avgnt.exe, avira, booten, content.ie5, ctfmon.exe, einstellungen, firefox.exe, google, internet, logfile, logon.exe, lsass.exe, löschen, mdm.exe, microsoft, moved, msiexec.exe, nt.dll, programme, quara, rundll, services.exe, svchost.exe, trojaner, virus, windows, windows xp, winlogon.exe, wmp |
Baum-Darstellung