Hallo,

mein WinXP-System scheint seit Anfang Mai arg mit Viren befallen zu sein. Ich habe das System mit dem Microworld Antivirus und Spyware Toolkit Utility gecheckt und dabei wurden mind. 59 Viren gefunden!. Anbei die Virus Log Information. Was kann ich tun???? Ich habe keine Erfahrung. EIn nicht schliessbares Sophosfenster eird ständig angezeigt mit der Meldung: Troj/Dloader-HW gefunden in c:windows\system32\elitenif32.exe. DIese Datei ist aber nicht auf dem Rechner zu finden.
Vielen Dank

File C:\WINDOWS\ELITET~1\ELITET~1.DLL infected by "not-a-virus:AdWare.ToolBar.EliteBar.ae" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ELITES~1\ELITES~1.DLL infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ELITET~1\ELITET~1.DLL infected by "not-a-virus:AdWare.ToolBar.EliteBar.ae" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ELITES~1\ELITES~1.DLL infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File System Found infected by "ElitebarBHO Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ElitebarBHO Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Favoriteman Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "NetPal Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "NetPal Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "istbar Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "kazaa Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "xhrmy Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "EliteBar Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "EliteBar Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "EliteBar Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "DMO Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "farmmext Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "farmmext Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "farmmext Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\localNRD.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\preInsln.exe infected by "not-a-virus:AdWare.BiSpy.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ATPartners.dll infected by "not-a-virus:AdWare.F1Organizer.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\a_i_037.dll infected by "Trojan-Downloader.Win32.IstBar.iu" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\a_i_037.exe infected by "Trojan-Downloader.Win32.IstBar.iu" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\elitedoolsav.dat infected by "not-a-virus:AdWare.ToolBar.EliteBar.ae" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\in10b6s.dll infected by "Trojan-Dropper.Win32.Small.tz" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\lmf32v.dll infected by "not-a-virus:AdWare.Suggestor.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\MB.dll infected by "Trojan-Dropper.Win32.Small.so" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\saie321.dll infected by "Trojan-Dropper.Win32.Small.nj" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\shawn_1.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.ac" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Admin\LOKALE~1\Temp\Del34.tmp infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Admin\LOKALE~1\Temp\suicidetb.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.ac" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Admin\LOKALE~1\Temp\THI53D6.tmp\localNRD.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Admin\LOKALE~1\Temp\THI53D6.tmp\preInsln.exe infected by "not-a-virus:AdWare.BiSpy.o" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Admin\LOKALE~1\TEMPOR~1\Content.IE5\05UVC1Y3\sideb[1].exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Admin\Desktop\divx\mp3codec.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\Del34.tmp infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\suicidetb.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.ac" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\THI53D6.tmp\localNRD.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\THI53D6.tmp\preInsln.exe infected by "not-a-virus:AdWare.BiSpy.o" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\05UVC1Y3\sideb[1].exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\Programme\MBKWBar\IEToolBar.dll infected by "not-a-virus:AdWare.ToolBar.MBKWBar.a" Virus. Action Taken: No Action Taken.
File C:\Programme\MBKWBar\MBKWBar.exe infected by "not-a-virus:AdWare.ToolBar.MBKWBar.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0ED0884A-2F4F-4710-AC9E-42C40FBCE139}\RP61\A0035619.EXE infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0ED0884A-2F4F-4710-AC9E-42C40FBCE139}\RP61\A0036165.exe infected by "not-a-virus:AdWare.Suggestor.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\localNRD.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\preInsln.exe infected by "not-a-virus:AdWare.BiSpy.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ATPartners.dll infected by "not-a-virus:AdWare.F1Organizer.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\aux\server\pskill.exe tagged as not-a-virus:NetTool.PsKill. No Action Taken.
File C:\WINDOWS\system32\a_i_037.dll infected by "Trojan-Downloader.Win32.IstBar.iu" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\a_i_037.exe infected by "Trojan-Downloader.Win32.IstBar.iu" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\elitedoolsav.dat infected by "not-a-virus:AdWare.ToolBar.EliteBar.ae" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\in10b6s.dll infected by "Trojan-Dropper.Win32.Small.tz" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\lmf32v.dll infected by "not-a-virus:AdWare.Suggestor.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\MB.dll infected by "Trojan-Dropper.Win32.Small.so" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\saie321.dll infected by "Trojan-Dropper.Win32.Small.nj" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\shawn_1.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.ac" Virus. Action Taken: No Action Taken.

@heintje34

Zitat:

Troj/Dloader-HW gefunden in c:windows\system32\elitenif32.exe. DIese Datei ist aber nicht auf dem Rechner zu finden.

Bitte Dateien richtig suchen . Systemwiederherstellung abschalten . In abgesicherten Modus wechseln. Dieses Bereinigungsprogramm hilft dir, den ganzen Müll aus den Temp-Ordner und Papierkorb zu entfernen

Zitat:

C:\WINDOWS\ELITET~1\ELITET~1.DLL
C:\Programme\MBKWBar\MBKWBar.exe

Fett markierte Ordner samt Inhalte löschen.

Zitat:

C:\WINDOWS\localNRD.dll
C:\WINDOWS\preInsln.exe
C:\WINDOWS\system32\ATPartners.dll
C:\WINDOWS\system32\a_i_037.dll
C:\WINDOWS\system32\a_i_037.exe
C:\WINDOWS\system32\elitedoolsav.dat
C:\WINDOWS\system32\in10b6s.dll
C:\WINDOWS\system32\lmf32v.dll
C:\WINDOWS\system32\MB.dll
C:\WINDOWS\system32\saie321.dll
C:\WINDOWS\system32\shawn_1.dll
C:\WINDOWS\system32\aux\server\pskill.exe

Dateien löschen.
HJT und eScan wiederholen.

@rene-gad

vielen Dank erstmal für deine Hilfe. Ich bin dadurch schon etwas weiter gekommen.
Nach Veränderung der Searcheinstelllungen konnte ich alle von Dir angegebenen Dateien und Ordner entfernen bis auf C:\WINDOWS\ELITET~1\ELITET~1.DLL und C:\WINDOWS\system32\elitedoolsav.dat. Ausserdem ist auch die Datei c:windows\system32\elitenif32.exe immer noch nicht zu sehen. Woran kann das liegen?
Spyhunter findet unter anderem die Elitetoolbar, kann das Problem aber nicht beseitigen, da keine Vollversion
Microworld Antivirus und Spyware Toolkit Utility findet jetzt nur noch 18 Viren:

File C:\WINDOWS\ELITET~1\ELITET~1.DLL infected by "not-a-virus:AdWare.ToolBar.EliteBar.ae" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ELITES~1\ELITES~1.DLL infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\windows\system32\elitenif32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File System Found infected by "ElitebarBHO Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ElitebarBHO Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Favoriteman Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "NetPal Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "NetPal Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "istbar Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "kazaa Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "xhrmy Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "EliteBar Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "EliteBar Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "DMO Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "farmmext Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "farmmext Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "farmmext Spyware/Adware" Virus. Action Taken: No Action Taken.



Was ist HJT?

Gehe nach dieser Anleitung vor:
http://www.trojaner-board.de/showthread.php?t=17493