Trojaner-Board - Trojaner?!?

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Trojaner?!? (https://www.trojaner-board.de/11603-trojaner.html)

Mein Kumpel hat ein Problem mit seinen Pc.Es installieren sich immer Searchbars etc. Hier nun das HiJackLog und eScanLog:

Hijack:
Logfile of HijackThis v1.99.0
Scan saved at 17:19:58, on 03.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programme\Panda Software\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Panda Software\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\mcafeee.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Panda Software\SRVLOAD.EXE
C:\Programme\Panda Software\PaSSrv.exe
C:\Programme\Panda Software\Firewall\PavFires.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Panda Software\PavFnSvr.exe
C:\Programme\Panda Software\Pavkre.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\Programme\Panda Software\pavsrv51.exe
C:\Programme\Panda Software\AVENGINE.EXE
C:\Programme\Panda Software\prevsrv.exe
C:\Programme\Panda Software\PsImSvc.exe
C:\Programme\Panda Software\WebProxy.exe
C:\WINDOWS\ISW\ewetel.dsl\signup\Tray.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ewetel.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.ewetel.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.ewetel.de
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy1.ewetel.de:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe
O4 - HKLM\..\Run: [Windows Media Player] mcafeee.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvfyz32.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programme\Panda Software\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [Windows Media Player] mcafeee.exe
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Programme\Panda Software\PasSrv.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Media Player] mcafeee.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1104751846254
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29828165-B50B-493B-9901-B3F9418F734C}: NameServer = 212.6.108.140 212.6.108.141
O23 - Service: Panda Antispam Server Service - Unknown - C:\Programme\Panda Software\PaSSrv.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Programme\Panda Software\Firewall\PavFires.exe
O23 - Service: Panda Function Service - Unknown - C:\Programme\Panda Software\PavFnSvr.exe
O23 - Service: Panda Pavkre - Unknown - C:\Programme\Panda Software\Pavkre.exe
O23 - Service: Panda PavProt - Unknown - C:\Programme\Panda Software\PavProt.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Programme\Panda Software\pavsrv51.exe
O23 - Service: Panda Preventium+ Service - Unknown - C:\Programme\Panda Software\prevsrv.exe
O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Programme\Panda Software\PsImSvc.exe

Hoffe um Hilfe, damit mein Kumpel den Pc wieder nutzen kann... :lach:

Hier die eScanlogfile:
eScan (infected):
File C:\WINDOWS\ELITES~1\ELITES~1.DLL infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mcafeee.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mcafeee.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mcafeee.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dalins.exe infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\toolj.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\toolk.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\configure.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\mcafeee.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken
File C:\WINDOWS\System32\msconfig23.exe infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\01234567\powerscan[1].exe infected by "Trojan-Downloader.Win32.IstBar.gt" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\O7G3IR8D\istbar_mainstream[1].dll infected by "Trojan-Downloader.Win32.IstBar.gj" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\O7G3IR8D\istrecover[1].exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0000129.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0000130.exe infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0000131.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0001114.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0001115.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0001116.exe infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0001120.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0001126.dll infected by "Trojan-Downloader.Win32.IstBar.gj" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0001131.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0001132.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0001133.exe infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0001135.bat infected by "Trojan-Downloader.BAT.Ftp.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0002147.exe infected by "Trojan-Downloader.Win32.IstBar.gt" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0002151.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0002152.srg infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0002153.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0002154.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP3\A0002156.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP4\A0002177.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP4\A0002178.exe infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP5\A0002185.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP5\A0002186.exe infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C544813B-88A8-4145-ADA6-EEB275506F04}\RP5\A0002206.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dalins.exe infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken
File C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C5M74XQN\gamas[1].exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\QBI7UDSN\loud[1].exe infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\configure.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mcafeee.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\msconfig23.exe infected by "not-a-virus:AdWare.WinAD.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\toolj.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\toolk.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.

Muss ich alle Dateien löschen?Oder welche?

Zitat:

File C:\WINDOWS\system32\mcafeee.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mcafeee.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mcafeee.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.

Auch hier gilt folgendes (kann man auch in unzähligen Posts nachlesen):

Bei einer derartigen Verseuchung ist die einzige Möglichkeit, um wieder einen vertrauenswürdigen Zustand herzustellen die, dein System neu aufzusetzen -> http://www.trojaner-board.de/showpos...8&postcount=2]
Lutz über Datensicherung (auf ausführbare Dateien solltest du jedoch ganz verzichten)
Pflichtlektüre
Über die Entfernung von Schädlingen
Bitte beim formatieren an die verlinkte Anleitung halten.