Bitte Hilfe - Trojaner...

bilear · 25.12.2004, 02:26

habe keine ahnung was ich tun soll---

home search startseite, only the best pop ups und diverse programe in systemsteuerung software die ich nicht deinstallieren kann

Logfile of HijackThis v1.99.0
Scan saved at 02:16:30, on 25.12.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\ieqd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\Programme\ISTsvc\istsvc.exe
C:\WINDOWS\appwp.exe
C:\temp\salm.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\Program Files\Admilli Service\AdmilliKeep.exe
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\Daniel\Eigene Dateien\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zylnn.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zylnn.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zylnn.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zylnn.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zylnn.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zylnn.dll/sp.html#10001
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4CC69C86-A66C-150A-8AF4-0FE86BFA7342} - C:\WINDOWS\system32\msmd32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [appwp.exe] C:\WINDOWS\appwp.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [11.tmp] C:\DOKUME~1\Daniel\LOKALE~1\Temp\11.tmp.exe 2 10001
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CD.../bridge-c7.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InCD Helper - AHEAD Software - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\system32\ieqd.exe

bin absolut überfordert und würde mich sehr über ausführliche hilfestellung freuen...

frohe weihnachten und schon mal danke

Shadowdance · 25.12.2004, 03:11

Hallo bilear,

Deinem System geht es nicht gut. Lade erstmal den eScan runter, erstelle dafür einen neuen Ordner (=Verzeichnis) c:\bases (wichtig!), update den eScan online und führe ihn offline im abgesicherten Modus aus. Beachte, dass der eScan ab Version 4.5.1 die gefundene Malware nicht löscht, das wird manuell gemacht (Anleitung beachten).

Lass uns das Ergebnis des eScan wissen: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen." (Zitat Cidre)

SD

bilear · 25.12.2004, 10:58

also...

wenn ich den link nach escan benutzen will sagt mir home search, dass er die seite nicht anzeigen kann... habe aber gestern noch nen escan nach c:\ "eigene dateien" heruntergeladen...
den mal über "msconfig" im abgesicherten modus laufen lassen hier erstmal die meldung... wenn ich es noch schaffe auf die escan seite zu kommen, dann poste ich auch die files...

File C:\DOKUME~1\sc\LOKALE~1\Temp\2.tmp infected by "Trojan.Win32.HideProc.a" Virus. Action Taken: No Action Taken.
File C:\Programme\ISTsvc\istsvc.exe infected by "Trojan-Downloader.Win32.IstBar.gm" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\appwp.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ieqd.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\appjy.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\Programme\ISTsvc\istsvc.exe infected by "Trojan-Downloader.Win32.IstBar.gm" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\appwp.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ieqd.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\apikz32.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\appwp.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\crvr32.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\d3vm.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\imkeo.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\qtiv.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\qtiv.exe.bak infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\yvosf.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\addsz32.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\appcz32.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\appjy.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\atlbq.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\ieqd.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\pxpuc.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Daniel\LOKALE~1\Temp\10.tmp infected by "Trojan.Win32.HideProc.a" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Daniel\LOKALE~1\Temp\11.tmp infected by "Trojan-Downloader.Win32.Small.aef" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Daniel\LOKALE~1\Temp\12.tmp infected by "TrojanDownloader.Win32.Small.vq" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Daniel\LOKALE~1\Temp\iinstall.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\10.tmp infected by "Trojan.Win32.HideProc.a" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\11.tmp infected by "Trojan-Downloader.Win32.Small.aef" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\12.tmp infected by "TrojanDownloader.Win32.Small.vq" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temp\iinstall.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\sc\Lokale Einstellungen\Temp\2.tmp infected by "Trojan.Win32.HideProc.a" Virus. Action Taken: No Action Taken.
File C:\Programme\ISTsvc\istsvc.exe infected by "Trojan-Downloader.Win32.IstBar.gm" Virus. Action Taken: No Action Taken.
File C:\Programme\Red Storm Entertainment\Rogue Spear\MPLAYNOW\MPLAYER\setup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Programme\YourSiteBar\ysb.dll infected by "not-a-virus:AdWare.ToolBar.YourSiteBar.b" Virus. Action Taken: No Action Taken.
File C:\temp\salm.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\temp\salmhook.dll infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\apikz32.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\appwp.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\crvr32.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\d3vm.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\YSBactivex.dll infected by "Trojan-Downloader.Win32.IstBar.gp" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\imkeo.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\qtiv.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\qtiv.exe.bak infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\addsz32.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\appcz32.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\appjy.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\atlbq.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ieqd.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\msmd32.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\pxpuc.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\yvosf.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.

chaosman · 25.12.2004, 14:52

@bilear
lade dir clearprog hier
programm starten und alle häkchen bei windows und IE setzen, dann löschen.
lese bitte den escan anleitung
und führe es genauso durch.
alle adware einträge kannst du in den abgesicherten modus löschen
chaosman

bilear · 26.12.2004, 16:02

also mein spy subtract hat einige sachen entfernt, aber die escan sache ist mir suspect ich habe im abgesicherten modus gescannt, im log wie beschrieben gesucht und über den explorer gelöscht. meine frage: ist das richtig so? muss ich den papierkorb leeren? die home serch sache geht nicht weg... kommt immer wieder der neueste escan im abgesicherten modus sagt folgendes:

File C:\WINDOWS\system32\ntvo32.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\sdkck.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\atlrj.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\byult.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\ntvo32.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\sc\Lokale Einstellungen\Temp\1.tmp infected by "Trojan.Win32.HideProc.a" Virus. Action Taken: No Action Taken.
File C:\Programme\Red Storm Entertainment\Rogue Spear\MPLAYNOW\MPLAYER\setup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc1.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc10.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc11.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc12.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc13.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc14.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc15.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc16.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc17.tmp infected by "Trojan.Win32.HideProc.a" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc18.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc19.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc2.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc20.bak infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc21.tmp infected by "Trojan.Win32.HideProc.a" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc3.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc4.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc5.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc6.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc7.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc8.bak infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-2164431108-225644477-2691576976-500\Dc9.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7F21308D-C951-4200-8D09-9F59849132BE}\RP1\A0000015.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7F21308D-C951-4200-8D09-9F59849132BE}\RP1\A0000035.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7F21308D-C951-4200-8D09-9F59849132BE}\RP1\A0000042.exe infected by "Trojan-Downloader.Win32.IstBar.gm" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7F21308D-C951-4200-8D09-9F59849132BE}\RP1\A0000052.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7F21308D-C951-4200-8D09-9F59849132BE}\RP1\A0000067.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7F21308D-C951-4200-8D09-9F59849132BE}\RP1\A0000068.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7F21308D-C951-4200-8D09-9F59849132BE}\RP1\A0000069.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7F21308D-C951-4200-8D09-9F59849132BE}\RP1\A0000070.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7F21308D-C951-4200-8D09-9F59849132BE}\RP1\A0000071.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7F21308D-C951-4200-8D09-9F59849132BE}\RP1\A0000072.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7F21308D-C951-4200-8D09-9F59849132BE}\RP1\A0000073.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7F21308D-C951-4200-8D09-9F59849132BE}\RP1\A0000074.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7F21308D-C951-4200-8D09-9F59849132BE}\RP1\A0000094.dll infected by "not-a-virus:AdWare.ToolBar.YourSiteBar.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7F21308D-C951-4200-8D09-9F59849132BE}\RP1\A0000101.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7F21308D-C951-4200-8D09-9F59849132BE}\RP1\A0000510.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\YSBactivex.dll infected by "Trojan-Downloader.Win32.IstBar.gp" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\sdkck.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\atlrj.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\byult.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ntvo32.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.

ich versteh hiervon irgendwie gar nix.

27.12.2004, 00:16

Deaktiviere die Systemwiederherstellung -> Neustart -> aktiviere die Systemwiederherstellung wieder.

Scanne nochmals mit eScan im abg. Modus ... die jetztigen Funde lösche manuell im abg. Mouds.

Danach poste ein neues HijackThis-Log.

27.12.2004, 00:16	#6
Christian Gast	Bitte Hilfe - Trojaner... Deaktiviere die Systemwiederherstellung -> Neustart -> aktiviere die Systemwiederherstellung wieder. Scanne nochmals mit eScan im abg. Modus ... die jetztigen Funde lösche manuell im abg. Mouds. Danach poste ein neues HijackThis-Log.

Bitte Hilfe - Trojaner...

Log-Analyse und Auswertung: Bitte Hilfe - Trojaner...