Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   BDS/Iroffer.14b2 HILFE! (https://www.trojaner-board.de/18230-bds-iroffer-14b2-hilfe.html)

chris_ef 24.05.2005 21:14
BDS/Iroffer.14b2 HILFE!
 
Hallo,
hoffe einer kann mir bitte helfen!
AntiVir erkennt es,kann es aber nicht löschen.Scheint es auf meine Gerätetreiber abgesehen zu haben,kann mein DVD-Laufwerk nicht mehr ansprechen!XP zeigt mir an,dass die Gerätetreiber fehlerhaft oder nicht vorhanden sind.Hab schon neue Treiber geladen,hilft aber nicht!
:kloppen:

Haui45 24.05.2005 21:15
Hallo,

welche Datei wird von AntiVir als infiziert gemeldet? Überprüfe diese Datei bitte online bei http://virusscan.jotti.org/de und poste das Ergebnis.

chris_ef 24.05.2005 21:24
Hallo,

AntiVir gibt mir den Ordner C:\System Volume Information\_restore

Habs versucht,der Ordner lässt sich nicht hochladen,finde ihn auch nirgend auf dem rechner.Was kann ich noch versuchen?
Danke

Haui45 24.05.2005 21:27
Auf diesen Ordner hat man von Windows aus leider keinen Zugriff. Scanne dein System darum mit eScan und poste das Ergebnis.

chris_ef 24.05.2005 21:37
bin grad dabei,musste mir das programm erst holen.Kann es aber passieren,dass ein Trojaner mein Laufwerk lahm legt??

chris_ef 24.05.2005 21:47
File C:\WINDOWS\System32\filesmgr.dll infected by "Trojan-Clicker.Win32.Agent.dl" Virus! Action Taken: No Action Taken.
Object "MyBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MyBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "myway Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "my way speedbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "altnet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "l.exe Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\zylomloader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\unvise32qt.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Adobe\Fonts\Reqrd\Base\AdobeFnt.lst". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\MSXML3A.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\iccsigs.dat". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\mfcuia32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\MFCANS32.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\LTIH21TB.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\unvise32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Real\GToolbar\BarControl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\zylomloader.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{025107A0-E054-4B25-B733-F810545835F2}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{03300E83-E513-4D4E-B202-A1C8D0399CA2}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1ADD57B8-A7A9-4518-B9B5-862590FF9EB4}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B62A3D1-9C04-4BD5-84B5-D2607302501F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1F9E7DA6-47E2-4B03-8F43-858ADD16FB7D}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2A0DDF16-99AD-45F5-A5E2-01287DF186E9}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2DD6DC04-9124-4AEE-A265-9BF307140F24}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2F9BEF8A-7A7D-4284-9835-93437E53807B}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{33AF5286-DC7B-40B3-AF6B-D5E15E9E72B7}" refers to invalid object "C:\PROGRA~1\ArcSoft\CAMERA~1\VIDEOI~1\MPEGCO~1.AX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{33AF5287-DC7B-40B3-AF6B-D5E15E9E72B7}" refers to invalid object "C:\PROGRA~1\ArcSoft\CAMERA~1\VIDEOI~1\MPEGCO~1.AX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{36773DF3-37FC-47B6-9F8F-CC4699917938}" refers to invalid object "E:\Acer\tools\LaunchRS.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{40AF8200-4E6E-11D4-878D-00C0F6B0D1A7}" refers to invalid object "C:\Programme\ArcSoft\Camera Suite\PhotoImpression\Modules\Browser\ezrgb24.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{40AF8201-4E6E-11D4-878D-00C0F6B0D1A7}" refers to invalid object "C:\Programme\ArcSoft\Camera Suite\PhotoImpression\Modules\Browser\ezrgb24.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{671D8E6B-CAEC-48F2-8F5F-8D8B67D45F2A}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{687A161E-906F-409A-BAC4-23B3076613B9}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78766964-0000-0010-8000-00AA00389B71}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8265160A-0E9F-4E53-9302-2AF923902809}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83E66439-05D5-488C-A236-AA20E543D384}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8C709BEF-8D1B-4641-9399-63E5716133B8}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{90914AA1-0A85-407B-AA90-AD5BE725D805}" refers to invalid object "E:\Acer\tools\LaunchRS.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{932AA9D0-A844-4BD4-BB0A-8F7534BB684F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{932BF86C-2BAB-11D2-8EA2-0080C82D82A9}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9869EFB4-18E9-11D3-A837-00104B9E30B5}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9D863EB1-2524-4597-A5FE-8835948F5543}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AB1ED1E0-373D-4C97-9E3D-F3DE31B6640E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0B57E3D-870F-44CC-92D3-1CBB8471EF6D}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B617B991-A767-4F05-99BA-AC6FCABB102E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BB498349-DCC0-4A15-9CAB-08377B5E19F8}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1C8EED8-0D51-4479-BD76-EB6367F67B52}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CBD25681-3F43-4B95-87A2-9BBFA63EBBE4}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CDA3A485-FD9B-4113-B33A-B5E9643BE655}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D153ABDF-FCE1-4939-9747-205E5430006D}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EEE2C47D-FD0A-437D-8DF5-6171E92B24B7}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\AcroIEHelper.AcroIEHlprObj" refers to invalid object "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}". Action Taken: No Action Taken.
Entry "HKCR\AcroIEHelper.AcroIEHlprObj.1" refers to invalid object "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}". Action Taken: No Action Taken.
Entry "HKCR\CorelDRAW.StateChartObject" refers to invalid object "{88B40185-1463-11d4-B6C3-009027912773}". Action Taken: No Action Taken.
Entry "HKCR\CorelDRAW.StateChartObject.10" refers to invalid object "{88B40185-1463-11d4-B6C3-009027912773}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
File C:\WINDOWS\System32\filesmgr.dll infected by "Trojan-Clicker.Win32.Agent.dl" Virus! Action Taken: No Action Taken.

Haui45 24.05.2005 21:52
Geh' bitte streng nach Anleitung vor (abgesicherter Modus, Find.bat usw)!
Poste erst dann das Ergebnis.

chris_ef 24.05.2005 23:40
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tue May 24 23:44:02 2005 => File C:\WINDOWS\System32\filesmgr.dll infected by "Trojan-Clicker.Win32.Agent.dl" Virus! Action Taken: No Action Taken.
Tue May 24 23:44:24 2005 => System found infected with MyBar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken.
Tue May 24 23:44:24 2005 => System found infected with MyBar Spyware/Adware ({0494d0d9-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Tue May 24 23:44:26 2005 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken.
Tue May 24 23:44:26 2005 => System found infected with l.exe Spyware/Adware (C:\WINDOWS\System32\uninstall.exe)! Action taken: No Action Taken.
Tue May 24 23:45:44 2005 => File C:\WINDOWS\System32\filesmgr.dll infected by "Trojan-Clicker.Win32.Agent.dl" Virus! Action Taken: No Action Taken.
Tue May 24 23:57:27 2005 => File C:\WINDOWS\system32\filesmgr.dll infected by "Trojan-Clicker.Win32.Agent.dl" Virus! Action Taken: No Action Taken.
Wed May 25 00:06:05 2005 => File C:\Dokumente und Einstellungen\chris\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\file\Counter.class-1209b91d-1d10b80d.class infected by "Trojan.Java.ClassLoader.ab" Virus! Action Taken: No Action Taken.
Wed May 25 00:07:49 2005 => File C:\Programme\Windows Media Player\wmplayer.exe.tmp infected by "Trojan-Downloader.Win32.Agent.hi" Virus! Action Taken: No Action Taken.
Wed May 25 00:14:09 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Wed May 25 00:18:43 2005 => File C:\Recycled\Q330995.exe infected by "Trojan-Downloader.Win32.Small.amb" Virus! Action Taken: No Action Taken.
Wed May 25 00:20:54 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed May 25 00:03:02 2005 => File C:\WINDOWS\Downloaded Program Files\dscert_209.exe.tcf tagged as "not-a-virus:AdWare.EnergyPlugin.f". Action Taken: No Action Taken.
Wed May 25 00:17:26 2005 => File C:\Programme\MyWay\myBar\1.bin\MY2NS.EXE tagged as "not-a-virus:AdWare.Toolbar.MyWay.b". Action Taken: No Action Taken.
Wed May 25 00:17:26 2005 => File C:\Programme\MyWay\myBar\1.bin\NPMYWAY.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWay.f". Action Taken: No Action Taken.
Wed May 25 00:17:26 2005 => File C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL.tcf tagged as "not-a-virus:AdWare.ToolBar.MyWay.g". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed May 25 00:20:54 2005 => Total Virus(es) Found: 16
Wed May 25 00:20:54 2005 => Total Errors: 110
Wed May 25 00:20:54 2005 => Time Elapsed: 00:36:57
Wed May 25 00:20:54 2005 => Total Objects Scanned: 50144
Tue May 24 23:43:30 2005 => Virus Database Date: 2005/05/24
Wed May 25 00:20:54 2005 => Virus Database Date: 2005/05/24
Wed May 25 00:24:20 2005 => Virus Database Date: 2005/05/24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:13 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131