Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bitte um Hilfe!!! (https://www.trojaner-board.de/16593-bitte-um-hilfe.html)

Killer007 13.04.2005 11:47
Bitte um Hilfe!!!
 
Habe mir letztens richtig einen eingefangen, habe schon einiges entfernen können. Bitte aber um Unterstützung, was noch alles weg muss. Im vorraus schon mal Danke

Logfile of HijackThis v1.99.1
Scan saved at 12:45:05, on 13.04.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender8\vsserv.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Programme\Softwin\BitDefender8\bdoesrv.exe
C:\Programme\Softwin\BitDefender8\bdswitch.exe
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\r?gedit.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
G:\I-download\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3095
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3095
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchcentral.cc/index.php?v=4&aff=3095
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14064F2B-C582-8C72-922C-8FC3BCC494AE} - C:\WINDOWS\System32\song.dll
O2 - BHO: (no name) - {572B7F2B-E8B3-BA40-BF1C-CDEE8E81B99C} - C:\WINDOWS\System32\song.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: (no name) - {688FCA6E-4942-4D31-B278-F7BF74AD085C} - C:\WINDOWS\System32\ipae.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] c:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\RunOnce: [tlc] C:\WINDOWS\update13.js
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ocjnonxl] C:\WINDOWS\System32\r?gedit.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Microsoft AntiSpyware helper - {279C8B84-4351-47E9-8F1F-B106D0E24AB1} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {279C8B84-4351-47E9-8F1F-B106D0E24AB1} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {D01250BC-5E91-4C13-A9D8-C76E1BB14978} - C:\WINDOWS\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D01250BC-5E91-4C13-A9D8-C76E1BB14978} - C:\WINDOWS\wldr.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {279C8B84-4351-47E9-8F1F-B106D0E24AB1} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {279C8B84-4351-47E9-8F1F-B106D0E24AB1} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D01250BC-5E91-4C13-A9D8-C76E1BB14978} - C:\WINDOWS\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D01250BC-5E91-4C13-A9D8-C76E1BB14978} - C:\WINDOWS\wldr.dll (file missing) (HKCU)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBCC40F0-565F-4BDF-B662-2470DBDBBD4D}: NameServer = 192.168.1.1
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - d:\haufereader\HRInstmon.dll
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O18 - Filter: text/plain - {83394F32-2FA2-4FBE-8E0C-015577A4E84D} - C:\WINDOWS\System32\ipae.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender8\vsserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe

Sagamore 13.04.2005 20:29
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe

Dabei handelt es sich höchstwahrscheinlich um ein Backdoor:

http://www.sophos.de/virusinfo/analyses/w32danshb.html
http://www.f-secure.de/v-desk/sdbot_md.shtml

Sinnvoll wäre dann dies hier:
http://www.trojaner-board.de/showthread.php?t=12154

Und du solltest dein System unbedingt auf den aktuellen Stand (service Pack2)bringen.

Haui45 13.04.2005 20:33
Zitat:
Zitat von Sagamore
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe

Dabei handelt es sich höchstwahrscheinlich um ein Backdoor:
Schaut mehr nach Adware aus.


@Killer007
Scanne dein System bitte mit eScan im abgesicherten Modus (Anleitung genau befolgen!) und poste was gefunden wird. Am einfachsten machst du das so:
Direkt nach dem Scan, den Inhalt des Fensters "Virus Log Information" kopieren (Strg+A alles markieren; Strg+C kopieren) und in einer Textdatei speichern (z.B. mit Wordpad o.ä.). Dazu den Inhalt mit Strg+V in das Textverarbeitungsprogramm einfügen und das Dokument dann abspeichern. Nach dem Neustart kannst du die Infos aus der Datei einfach ins Forum kopieren.


Poste außerdem folgendes aus der mwav.log (steht ganz am Ende):
Zitat:
Total Number of Files Scanned:
Total Number of Virus(es) Found:
Total Number of Disinfected Files:
Total Number of Files Renamed:
Total Number of Deleted Files:
Total Number of Errors:
Time Elapsed:

Killer007 14.04.2005 00:25
Danke für die Tipps, wenn ich Zeit habe werde ich es sofort mal testen und Meldung machen

DANKE

Killer007 14.04.2005 13:33
So hier die Werte vom EScan. sieht richtig böse aus:

Thu Apr 14 14:12:58 2005 => ***** Scanning complete. *****
Thu Apr 14 14:12:58 2005 => Total Objects Scanned: 64159
Thu Apr 14 14:12:58 2005 => Total Virus(es) Found: 136
Thu Apr 14 14:12:58 2005 => Total Disinfected Files: 0
Thu Apr 14 14:12:58 2005 => Total Files Renamed: 0
Thu Apr 14 14:12:58 2005 => Total Deleted Objects: 0
Thu Apr 14 14:12:58 2005 => Total Errors: 19
Thu Apr 14 14:12:58 2005 => Time Elapsed: 01:46:13
Thu Apr 14 14:12:58 2005 => Virus Database Date: 2005/04/13
Thu Apr 14 14:12:58 2005 => Virus Database Count: 125667


File C:\WINDOWS\System32\song.dll infected by "not-a-virus:AdWare.PurityScan.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\isrvs\sysupd.dll infected by "Trojan-Downloader.Win32.Ieser.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\isrvs\desktop.exe infected by "not-a-virus:AdWare.ToolBar.ISearch.d" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\update13.js infected by "Trojan.JS.StartPage.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\drivers\delprot.sys infected by "Trojan.Win32.Delprot.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\zeta.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File System Found infected by "DyFuCA Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "DyFuCA Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "DyFuCA Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "BlazeFind Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Zango Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "DyFuCA Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ameopt Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "kapabout Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Internet Optimizer Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "avenue media Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "saap Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "exactutil Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "WebSiteViewer Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "text/html Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "WindUpdate Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ceres.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\installer_SIAC.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\shop1004.exe infected by "not-a-virus:AdWare.Sahat.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ucmoreiex.exe infected by "not-a-virus:AdWare.ToolBar.Ucmore.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\angelex.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exul.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File C:\WINDOWS\System32\intfsdffdsronsad.exe infected by "Trojan-Clicker.Win32.Delf.bz" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\intronsad.exe infected by "not-a-virus:AdWare.ToolBar.ISearch.d" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\izxczxcr.exe infected by "Trojan.Win32.LowZones.y" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\izxxzdsafsafczxcr.exe infected by "Trojan-Downloader.Win32.Small.aqt" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\javexulm.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\netut80ex.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\oiai.exe infected by "not-a-virus:AdWare.PurityScan.w" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\tksrv99.exe infected by "Trojan-Dropper.Win32.Agent.ik" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\xplugin.dll infected by "Trojan-Downloader.Win32.Esepor.ac" Virus. Action Taken: No Action Taken.
File C:\Program Files\Media Pass\MediaPassC.dll infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\Programme\AOL 8.0\aol90\setup.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Programme\Norton SystemWorks\Norton CleanSweep\Sicherungskopie\AdMa6101.BUD infected by "not-a-virus:AdWare.WinAD.k" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton CleanSweep\Sicherungskopie\Medi2437.BUD infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP193\A0003371.exe infected by "not-a-virus:AdWare.WinAD.k" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP195\A0003419.dll infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP195\A0003420.exe infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP195\A0003421.exe infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005641.exe infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005642.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005643.exe infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005644.exe infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005650.exe infected by "not-a-virus:AdWare.Wintol.ab" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005651.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005652.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005653.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005660.exe infected by "not-a-virus:AdWare.Wintol.aa" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005667.exe infected by "Trojan-Downloader.Win32.Wintool.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005668.dll infected by "not-a-virus:AdWare.Wintol.y" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005676.dll infected by "not-a-virus:AdWare.ToolBar.Ucmore.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005677.dll infected by "not-a-virus:AdWare.Toolbar.Ucmore" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005682.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005683.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005685.dll infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005687.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005691.exe infected by "not-a-virus:AdWare.Wintol.aa" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005699.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005700.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005707.dll infected by "not-a-virus:AdWare.WebSearch.aa" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005725.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005726.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005732.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005733.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005734.dll infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005743.exe tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005744.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005745.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005746.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005747.exe infected by "Trojan-Downloader.Win32.Dyfuca.dk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005748.EXE infected by "Trojan-Dropper.Win32.SurfSide.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005749.exe infected by "Trojan-Downloader.Win32.Delf.cb" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005750.dll infected by "Trojan.Win32.StartPage.ix" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005751.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005752.exe infected by "Trojan.Win32.Agent.ay" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005753.exe infected by "Trojan-Downloader.Win32.Esepor.ab" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005754.exe infected by "Trojan-Downloader.Win32.Small.aqw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005755.exe infected by "Trojan-Downloader.Win32.Small.aom" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005756.dll infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005757.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005758.dll infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0005759.exe infected by "Trojan-Downloader.Win32.Delf.cb" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0006724.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0006725.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0006748.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0006749.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0006761.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0006762.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0006763.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0006764.dll infected by "not-a-virus:AdWare.WinAD.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0006765.dll infected by "not-a-virus:AdWare.Relevance.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0006805.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{6AFBD0B2-4385-48D7-873A-480B85750549}\RP210\A0006806.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ceres.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\clientax.dll infected by "not-a-virus:AdWare.180Solutions.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\server.exe.1 infected by "Trojan-Downloader.Win32.Agent.dk" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\installer_SIAC.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\isrvs\edmond.exe infected by "Trojan.Win32.Delprot.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\isrvs\isearch.xpi infected by "not-a-virus:AdWare.ToolBar.ISearch.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\isrvs\mfiltis.dll infected by "not-a-virus:AdWare.ToolBar.ISearch.d" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\shop1004.exe infected by "not-a-virus:AdWare.Sahat.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\angelex.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\exul.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File C:\WINDOWS\system32\intfsdffdsronsad.exe infected by "Trojan-Clicker.Win32.Delf.bz" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\intronsad.exe infected by "not-a-virus:AdWare.ToolBar.ISearch.d" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\izxczxcr.exe infected by "Trojan.Win32.LowZones.y" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\izxxzdsafsafczxcr.exe infected by "Trojan-Downloader.Win32.Small.aqt" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\javexulm.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\netut80ex.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\oiai.exe infected by "not-a-virus:AdWare.PurityScan.w" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\tksrv99.exe infected by "Trojan-Dropper.Win32.Agent.ik" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\xplugin.dll infected by "Trojan-Downloader.Win32.Esepor.ac" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ucmoreiex.exe infected by "not-a-virus:AdWare.ToolBar.Ucmore.a" Virus. Action Taken: No Action Taken.
File E:\Hearts of Iron II\Hoi2Lib_Setup.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Cidre 14.04.2005 19:26
@ Killer007

An deiner Stelle würde ich, bei dieser hochgradigen Durchseuchung, auf Nummer sicher gehen und ein Neuaufsetzen deines Systems bevorzugen. Eine Anleitung hierzu findest du in meiner Signatur.

Killer007 14.04.2005 22:32
Wird sowieso mal wieder Zeit für ein neues BS. Hat ja schon lange duchgehalten.

Na denn, danke trotzdem für die schnellen Antworten


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:54 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131