Virus oder Hardwaredefekt?

D-P-K · 15.05.2009, 22:38

Hallo,

bin neu hier und muss gleich dazusagen ich versteh hier fast nur Bahnhof....

Also bitte wenn jemand ne Antwort hat , so schreiben das klein blödi das auch versteht.

Mein Pc hat seit ca 14 tagen die Angewohnheit langsamer zu werden dann hängt er sich öfters auf.
Ausserdem war die tage mein zeichen von der echtzeitwarnung(was auch immer das ist) weg und mein symbol von norten...
Norten ist wieder da.
Auf dem Rechner ist ein Display dort stand im Betriebsmodus im die lautstärkenanzeige aber nun steht nur noch Power On....
Eben als der Rechner aus war stand auf dem Display das Datum 1.1.0000
alles sehr komisch.

Meine versuche es in griff zu bekommen.
1 im Abgesicherten Modus neustarten.
2 mein Router aus und angeschaltet.
3 system versucht zurückzusetzen (sagt er es geht net)??
4 Viren programm laufen lassen ( antivir)

So mehr kann ich leider nicht sagen....
Hat jemand ne idee?

Gruß Daniel

4RobSen8 · 16.05.2009, 00:00

Hallo...und

Bevor man eine Aussage über dein System tätigen kann brauchen wir Informationen.
Diese Informationen liefern die folgenden Programme.
Führe bitte folgende Programme gemäß der Anleitung aus:

1.) Antivir
- http://www.trojaner-board.de/54192-a...tellungen.html

3.) Führe folgende Programme aus:
- Ccleaner
- Malewarebytes
- Superantispyware

4.) Erstelle mit HijackThis eine Liste der installierten Programme

Hijackthis starten --> klicke "Open the Misc Tool Section" -->
klicke "Misc Tools" --> klicke "Open uninstall Manager" --> klicke "Save List"

D-P-K · 16.05.2009, 14:59

Also Antivir hab ich gemacht und der Bericht sieht so aus...
leider ist alles auf English und die hälfte versteh ich net...

Avira AntiVir Personal
Report file date: Samstag, 16. Mai 2009 06:53

Scanning for 1396119 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : COMPUTER1

Version information:
BUILD.DAT : 9.0.0.394 17962 Bytes 17.04.2009 11:20:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 17.04.2009 07:57:30
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.02.2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.02.2009 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 11:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11.02.2009 19:33:26
ANTIVIR2.VDF : 7.1.3.185 2010112 Bytes 12.05.2009 04:45:31
ANTIVIR3.VDF : 7.1.3.215 120832 Bytes 15.05.2009 04:45:34
Engineversion : 8.2.0.168
AEVDF.DLL : 8.1.1.1 106868 Bytes 16.05.2009 04:46:07
AESCRIPT.DLL : 8.1.2.0 389497 Bytes 16.05.2009 04:46:05
AESCN.DLL : 8.1.2.3 127347 Bytes 16.05.2009 04:46:02
AERDL.DLL : 8.1.1.3 438645 Bytes 29.10.2008 17:24:41
AEPACK.DLL : 8.1.3.16 397686 Bytes 16.05.2009 04:46:01
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26.02.2009 19:01:56
AEHEUR.DLL : 8.1.0.129 1761655 Bytes 16.05.2009 04:45:56
AEHELP.DLL : 8.1.2.2 119158 Bytes 26.02.2009 19:01:56
AEGEN.DLL : 8.1.1.44 348532 Bytes 16.05.2009 04:45:40
AEEMU.DLL : 8.1.0.9 393588 Bytes 09.10.2008 13:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 16.05.2009 04:45:36
AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05.12.2008 09:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20.01.2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 09:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09.02.2009 10:45:45
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17.04.2009 09:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Programme\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Samstag, 16. Mai 2009 06:53

Starting search for hidden objects.
'69753' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'symlcsvc.exe' - '1' Module(s) have been scanned
Scan process 'MInfraIS.exe' - '1' Module(s) have been scanned
Scan process 'Notifier.exe' - '1' Module(s) have been scanned
Scan process 'PROFIL~1.EXE' - '1' Module(s) have been scanned
Scan process 'sc_watch.exe' - '1' Module(s) have been scanned
Scan process 'kernel.exe' - '1' Module(s) have been scanned
Scan process 'WkCalRem.exe' - '1' Module(s) have been scanned
Scan process 'stickies.exe' - '1' Module(s) have been scanned
Scan process 'MWLaMaS.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'SEPCSuite.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ToWLaAcF.exe' - '1' Module(s) have been scanned
Scan process 'AlfaClock.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'CCSVCHST.EXE' - '1' Module(s) have been scanned
Scan process 'defender.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PAStiSvc.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MZCCntrl.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'InoTask.exe' - '1' Module(s) have been scanned
Scan process 'InoRT.exe' - '1' Module(s) have been scanned
Scan process 'InoRpc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'DFInject.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'CCSVCHST.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
60 processes with 60 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '59' files ).

Starting the file scan:

Begin scan in 'C:\' <BOOT>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcrst.dll
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{20EA187A-C68E-49AC-A1E6-FEF621E0E4FC}\RP655\A0144354.exe
[0] Archive type: CAB SFX (self extracting)
--> Readme\frnrme.txt
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'D:\' <BACKUP>
D:\Programme\Azureus\WinRar 3.51.zip
[0] Archive type: ZIP
--> WinRar 3.51/Crack/crack.exe
[DETECTION] Is the TR/Crypt.FSPM.Gen Trojan
D:\Programme\Azureus\WinRar 3.51\WinRar 3.51\Crack\crack.exe
[DETECTION] Is the TR/Crypt.FSPM.Gen Trojan
D:\System Volume Information\_restore{C3C85003-487D-490A-860B-EE2A316BFDC5}\RP10\A0001234.exe
[0] Archive type: RSRC
--> Object
[1] Archive type: CAB (Microsoft)
--> inoweb.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\TOOLS\eTrust AV\German\eTrustAntivirus7.1_90GERMAN.exe
[0] Archive type: CAB SFX (self extracting)
--> \eTrustAntivirusOEM\Bin\eAV_S.Win\webpkg.exe
[1] Archive type: RSRC
--> Object
[2] Archive type: CAB (Microsoft)
--> inoweb.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'E:\' <RECOVER>

Beginning disinfection:
D:\Programme\Azureus\WinRar 3.51.zip
[NOTE] The file was moved to '4a7cc747.qua'!
D:\Programme\Azureus\WinRar 3.51\WinRar 3.51\Crack\crack.exe
[DETECTION] Is the TR/Crypt.FSPM.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.

End of the scan: Samstag, 16. Mai 2009 16:02
Used time: 1:53:32 Hour(s)

The scan has been canceled!

9393 Scanned directories
683816 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
683811 Files not concerned
9958 Archives were scanned
9 Warnings
4 Notes
69753 Objects were scanned with rootkit scan
0 Hidden objects were found

4RobSen8 · 16.05.2009, 16:35

Zitat:

WinRar 3.51/Crack/crack.exe

D-P-K · 17.05.2009, 15:18

Was soll dieses zitat bedeuten?

Hab nun die anderen programme laut reihenfolge durchlaufenlassen ausser das Malewarebytes, des hängt sich dauernd gegen ende auf???

Nun was ist mit der HijackThis liste darf ich die nun kopieren und hier rein stellen?

Bis jetzt hat sich noch net wirklich was verändert...
Denke da muss bestimmt noch irgendwas entfernt werden oder so.
Danke erst mal und ich hoffe die tage bekomm ich weitere Instruktionen

Gruß Daniel

derDon · 17.05.2009, 15:27

Zitat:

Zitat von D-P-K

Was soll dieses zitat bedeuten?
Gruß Daniel

Was Rob dir mit dem Zitat sagen will ist das wenn man Crack´s nutzt um Software zu stehlen, eine dicke Infektion mit Schädlingen nie lange auf sich warten lässt und somit fahrlässig selbstverschuldet wurde.
In 99% solcher Fälle wird hier im Board dazu geraten das System platt zu machen und das ganze nochmal Neuaufsetzen, da man dem System sonst nicht mehr 100%ig vertrauen kann.

Gruß,
Christian

Ali1610 · 17.05.2009, 15:28

Dies soll eine Anspielung darauf sein, dass man sich beim illegalen Herunterladen einiges an Viren etc. einfangen kann ^^

nochdigger · 17.05.2009, 15:31

Moin

Zitat:

bin neu hier und muss gleich dazusagen ich versteh hier fast nur Bahnhof....

Also bitte wenn jemand ne Antwort hat , so schreiben das klein blödi das auch versteht.

machen wir immer

Zitat:

D:\Programme\Azureus\WinRar 3.51.zip
[0] Archive type: ZIP
--> WinRar 3.51/Crack/crack.exe
[DETECTION] Is the TR/Crypt.FSPM.Gen Trojan

Zitat:

Was soll dieses zitat bedeuten?

das soll bedeuten, dass wohl genug Ahnung hast illegale Software aus dem Netz zu ziehen und wenn es schief geht hilfe suchst.
Folge diesem Link
http://www.trojaner-board.de/51262-a...sicherung.html

MFG

Virus oder Hardwaredefekt?

Plagegeister aller Art und deren Bekämpfung: Virus oder Hardwaredefekt?