...und Anti-Malware hat Fake.Beep.Sys in System32 gefunden.



Ich fühle mich leider noch nicht wirklich sicher.

Alle Dateien in der Quarantäne die Du nicht kennst, kannst Du löschen.
Aus der Quarantäne gelöschte Dateien sind gelöscht. In der Qurantäne kann man sie bei Bedarf immer wieder restaurieren.

In Deinem Fall solltest Du noch einen Systemscan machen, stelle Antivir wie hier beschrieben ein und scanne. Das Logfile poste dann bitte hier.

HJT und DSS kannst Du deinstallieren, dass werden wir nicht weiter brauchen.

Hallo!

...und wieder einmal herzlichen Dank, dass Du immer noch etwas schreibst!

Hier mal ein paar Logs


AntiVirXP

Code: Alles auswählenAufklappen

ATTFilter

Avira AntiVir Personal
Report file date: Wednesday, June 18, 2008  15:23

Scanning for 1340302 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 3)  [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    MeinPCName

Version information:
BUILD.DAT     : 8.1.00.295      16479 Bytes    4/9/2008 16:24:00
AVSCAN.EXE    : 8.1.2.12       311553 Bytes   4/14/2008 21:32:13
AVSCAN.DLL    : 8.1.1.0         53505 Bytes   4/14/2008 21:32:13
LUKE.DLL      : 8.1.2.9        151809 Bytes   4/14/2008 21:32:13
LUKERES.DLL   : 8.1.2.1         12033 Bytes   4/14/2008 21:32:13
ANTIVIR0.VDF  : 6.40.0.0     11030528 Bytes   7/18/2007 20:39:04
ANTIVIR1.VDF  : 7.0.3.2       5447168 Bytes    3/7/2008 12:36:23
ANTIVIR2.VDF  : 7.0.4.195     2546176 Bytes   6/14/2008 00:06:42
ANTIVIR3.VDF  : 7.0.4.210      116736 Bytes   6/17/2008 16:45:49
Engineversion : 8.1.0.55  
AEVDF.DLL     : 8.1.0.5        102772 Bytes   4/14/2008 21:32:13
AESCRIPT.DLL  : 8.1.0.40       266618 Bytes    6/8/2008 19:32:34
AESCN.DLL     : 8.1.0.21       119156 Bytes    6/8/2008 19:32:33
AERDL.DLL     : 8.1.0.20       418165 Bytes   4/25/2008 15:24:09
AEPACK.DLL    : 8.1.1.5        364918 Bytes   5/19/2008 15:23:33
AEOFFICE.DLL  : 8.1.0.18       192890 Bytes   4/19/2008 15:24:42
AEHEUR.DLL    : 8.1.0.30      1253750 Bytes    6/8/2008 19:32:33
AEHELP.DLL    : 8.1.0.15       115063 Bytes   5/29/2008 19:35:26
AEGEN.DLL     : 8.1.0.28       307572 Bytes    6/8/2008 19:32:31
AEEMU.DLL     : 8.1.0.6        430451 Bytes    5/9/2008 15:22:19
AECORE.DLL    : 8.1.0.31       168310 Bytes    6/8/2008 19:32:31
AVWINLL.DLL   : 1.0.0.7         14593 Bytes   4/14/2008 21:32:13
AVPREF.DLL    : 8.0.0.1         25857 Bytes   4/14/2008 21:32:13
AVREP.DLL     : 7.0.0.1        155688 Bytes   4/19/2007 20:23:53
AVREG.DLL     : 8.0.0.0         30977 Bytes   4/14/2008 21:32:13
AVARKT.DLL    : 1.0.0.23       307457 Bytes   4/14/2008 21:32:13
AVEVTLOG.DLL  : 8.0.0.11       114945 Bytes   4/14/2008 21:32:13
SQLITE3.DLL   : 3.3.17.1       339968 Bytes   4/14/2008 21:32:13
SMTPLIB.DLL   : 1.2.0.19        28929 Bytes   4/14/2008 21:32:13
NETNT.DLL     : 8.0.0.1          7937 Bytes   4/14/2008 21:32:13
RCIMAGE.DLL   : 8.0.0.35      2371841 Bytes   4/14/2008 21:32:09
RCTEXT.DLL    : 8.0.32.0        86273 Bytes   4/14/2008 21:32:09

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: off
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, 
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Wednesday, June 18, 2008  15:23

Starting search for hidden objects.
'103544' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'type32.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'UAService7.exe' - '1' Module(s) have been scanned
Scan process 'UAService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'CNAB4RPK.EXE' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned
Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'cvpnd.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'WinStylerThemeSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
      [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
      [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '32' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\System Volume Information\_restore{97773686-04FF-46B3-B6AD-E8F69D098FFD}\RP575\change.log
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Shellcode.Gen
      [NOTE]      The file was moved to '48ba1aac.qua'!


End of the scan: Wednesday, June 18, 2008  16:31
Used time:  1:08:17 min

The scan has been done completely.

  21314 Scanning directories
 376522 Files were scanned
      1 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 376521 Files not concerned
  18257 Archives were scanned
      1 Warnings
      1 Notes
 103544 Objects were scanned with rootkit scan
      0 Hidden objects were found
         

HJT Log

Code: Alles auswählenAufklappen

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:30, on 18.06.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168120904062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6676 bytes
         

Anti-Malware

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.17
Datenbank Version: 867

18:08:53 18.06.2008
mbam-log-6-18-2008 (18-08-53).txt

Scan Art: Komplett Scan (C:\|)
Objekte gescannt: 146737
Scan Dauer: 1 hour(s), 17 minute(s), 44 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschl¸ssel: 0
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschl¸ssel:
(Keine Malware Objekte gefunden)

Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Delete on reboot.
         

Klar schreib ich

Diese Datei

Zitat:

C:\WINDOWS\system32\dllcache\beep.sys

falls immernoch vorhanden bei VirusTotal - Free Online Virus and Malware Scan prüfen lassen und das Ergebnis posten, könnte eine Fehlmeldung sein.

Nope - Ordner ist nun leer.

Soll das heißen, ich kann wieder beruhigt sein? Kann ich noch was tun? Sonst arbeite ich wieder normal dran. :aplaus:

Soll es das wirklich schon gewesen sein?

Zitat:

Zitat von BataAlexander

Klar schreib ich

Diese Datei


falls immernoch vorhanden bei VirusTotal - Free Online Virus and Malware Scan prüfen lassen und das Ergebnis posten, könnte eine Fehlmeldung sein.

Meiner Meinung nach, kann ich da nichts mehr finden und Du kannst an dem Rechner wieder arbeiten.
Viel Spaß dabei und Ruhe vor neuenm Befall.

Vielen Dank! > Ich bin Dir was schuldig!

Zitat:

Zitat von BataAlexander

Meiner Meinung nach, kann ich da nichts mehr finden und Du kannst an dem Rechner wieder arbeiten.
Viel Spaß dabei und Ruhe vor neuenm Befall.