hallo wollte nur mal von erfahrenen usern wissen obs viruse sind oder adwaremüll

Sun Jan 02 16:32:40 2005 => ***** Scanning complete. *****

Sun Jan 02 16:32:40 2005 => Total Files Scanned: 66901
Sun Jan 02 16:32:40 2005 => Total Virus(es) Found: 26
Sun Jan 02 16:32:40 2005 => Total Disinfected Files: 0
Sun Jan 02 16:32:40 2005 => Total Files Renamed: 0
Sun Jan 02 16:32:40 2005 => Total Deleted Files: 0
Sun Jan 02 16:32:40 2005 => Total Errors: 75
Sun Jan 02 16:32:40 2005 => Time Elapsed: 02:15:27
Sun Jan 02 16:32:40 2005 => Virus Database Date: 2005/01/02
Sun Jan 02 16:32:40 2005 => Virus Database Count: 114573

Sun Jan 02 16:32:40 2005 => Scan Completed.



log file info:

File C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL infected by "not-a-virus:AdWare.Relevance.b" Virus. Action Taken: No Action Taken.
File C:\PROGRA~2\ADMILL~1\ADMILL~2.EXE infected by "not-a-virus:AdWare.WinAD.k" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\mserv32.exe infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\zkr.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\SahAgent.exe infected by "not-a-virus:AdWare.ShopAtHome.b" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\lenzen\LOKALE~1\Temp\bundle.exe infected by "not-a-virus:AdWare.Sahat.h" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\lenzen\LOKALE~1\Temp\bunSetup.cab infected by "not-a-virus:AdWare.Sahat.f" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\lenzen\Lokale Einstellungen\Temp\bundle.exe infected by "not-a-virus:AdWare.Sahat.h" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\lenzen\Lokale Einstellungen\Temp\bunSetup.cab infected by "not-a-virus:AdWare.Sahat.f" Virus. Action Taken: No Action Taken.
File C:\Program Files\Admilli Service\AdmilliComm.dll infected by "not-a-virus:AdWare.WinAD.k" Virus. Action Taken: No Action Taken.
File C:\Program Files\Admilli Service\AdmilliKeep.exe infected by "not-a-virus:AdWare.WinAD.k" Virus. Action Taken: No Action Taken.
File C:\Program Files\Admilli Service\AdmilliServ.exe infected by "not-a-virus:AdWare.WinAD.k" Virus. Action Taken: No Action Taken.
File C:\Program Files\Windows AdControl\WinAdShift.dll infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\Programme\Kazza\My Shared Folder\Progs\sc4.zip tagged as not-a-virus:Cracker.Game.HotHook. No Action Taken.
File C:\Programme\SearchRelevancy\SearchRelevancy.dll infected by "not-a-virus:AdWare.Relevance.b" Virus. Action Taken: No Action Taken.
File C:\temp\NCasePackage.exe infected by "Trojan-Dropper.Win32.180Solutions.a" Virus. Action Taken: No Action Taken.
File C:\temp\sahagent.exe infected by "not-a-virus:AdWare.Sahat.h" Virus. Action Taken: No Action Taken.
File C:\temp\salm.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\temp\salmhook.dll infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\temp\SearchRelevancy.exe infected by "not-a-virus:AdWare.Relevance.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\bunSetup.cab infected by "not-a-virus:AdWare.Sahat.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\lsp_.dll infected by "not-a-virus:AdWare.Sahat.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\SAHAgent_.exe infected by "not-a-virus:AdWare.ShopAtHome.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\mserv32.exe infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\SahAgent.exe infected by "not-a-virus:AdWare.ShopAtHome.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\zkr.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.

@ lolek

diese Malware-Einträge bitte in dieser hier vorgegebenen Reihenfolge löschen.

--> "Windows Explorer -> "Extras/Ordneroptionen" -> "Ansicht" -> Haken entfernen bei "Geschützte Systemdateien ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen" aktivieren" (Cidre)

Lade Dir das ClearProg runter und leere damit den Inhalt u.a. dieser Ordner:

File C:\DOKUME~1\XXX\LOKALE~1\Temp
File C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Temp
File C:\temp

--> Boote dann in den abgesicherten Modus, deaktiviere die Systemwiederherstellung (Windows XP und ME), befallene Datei in die Windows Suche übertragen -> löschen!

File C:\PROGRA~2\ADMILL~1\ADMILL~2.EXE infected by "not-a-virus:AdWare.WinAD.k" Virus.
File C:\WINDOWS\mserv32.exe infected by "not-a-virus:AdWare.WinAD.b" Virus.
File C:\WINDOWS\zkr.exe infected by "not-a-virus:AdWare.180Solutions" Virus.
File C:\WINDOWS\system32\SahAgent.exe infected by "not-a-virus:AdWare.ShopAtHome.b" Virus.
File C:\WINDOWS\mserv32.exe infected by "not-a-virus:AdWare.WinAD.b" Virus.
File C:\WINDOWS\system32\SahAgent.exe infected by "not-a-virus:AdWare.ShopAtHome.b" Virus.
File C:\WINDOWS\zkr.exe infected by "not-a-virus:AdWare.180Solutions" Virus.
File C:\Program Files\Admilli Service\AdmilliKeep.exe infected by "not-a-virus:AdWare.WinAD.k" Virus.
File C:\Program Files\Admilli Service\AdmilliServ.exe infected by "not-a-virus:AdWare.WinAD.k" Virus.
File C:\WINDOWS\Downloaded Program Files\SAHAgent_.exe infected by "not-a-virus:AdWare.ShopAtHome.b" Virus.

File C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL infected by "not-a-virus:AdWare.Relevance.b" Virus.
File C:\Program Files\Admilli Service\AdmilliComm.dll infected by "not-a-virus:AdWare.WinAD.k" Virus.
File C:\Program Files\Windows AdControl\WinAdShift.dll infected by "not-a-virus:AdWare.WinAD.b" Virus.
File C:\Programme\Kazza\My Shared Folder\Progs\sc4.zip tagged as not-a-virus:Cracker.Game.HotHook.
File C:\Programme\SearchRelevancy\SearchRelevancy.dll infected by "not-a-virus:AdWare.Relevance.b" Virus.
File C:\WINDOWS\Downloaded Program Files\lsp_.dll infected by "not-a-virus:AdWare.Sahat.f" Virus.
File C:\WINDOWS\Downloaded Program Files\bunSetup.cab infected by "not-a-virus:AdWare.Sahat.f" Virus.

Nach dem löschen neu (in den normalen Modus) booten und die Systemwiederherstellung (Windows XP und ME) wieder aktivieren.

Es kann sein, dass sich ein Teil der Dateien nicht löschen lässt. Versuche es dann bitte mit den Entfernungstools von Spyware und Adware 'Ad-Aware 6 Personal' und 'Spybot-Search & Destroy 1.3'. Wenn das auch nicht funktionieren sollte, lass es uns bitte wissen.

Erstelle bitte ein Hijack This Logfile und poste es mittels copy&paste: http://www.trojaner-board.de/51130-a...ijackthis.html.

also mit adaware und spybot hab ich paar schädlinge gelöscht aber ich machs noch mit suchfunktion im abgesichertem modus. und hijacklog hier :

Logfile of HijackThis v1.99.0
Scan saved at 18:46:26, on 02.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Programme\Softwin\BitDefender8\bdoesrv.exe
C:\Programme\Softwin\BitDefender8\bdswitch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Azureus\Azureus.exe
C:\Programme\Java\j2re1.4.2_06\bin\javaw.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Dokumente und Einstellungen\lenzen\Desktop\progs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.de/
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Programme\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender8\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/support/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/support/ocis/SiSAutodetectNT.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102947880548
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom.lycos.de/activex/zylomloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{394B1E86-E78C-4716-92EC-CADE27D58883}: NameServer = 194.97.173.125 194.97.173.124
O17 - HKLM\System\CS1\Services\Tcpip\..\{394B1E86-E78C-4716-92EC-CADE27D58883}: NameServer = 194.97.173.125 194.97.173.124
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server - Unknown - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Virus Shield - Unknown - C:\Programme\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe

@ lolek

Zwischenfrage: in welchem Ordner befindet sich auf Deinem System die kavupd.exe und die mwav.ini ?

C bases
also so wie ihr es gesagt habt das mann eigene basesordner machen sollte oder :/

search search hab ich gefixt sieht ihr nocvh was böses da oder ist mein system bissel sauber :/


Logfile of HijackThis v1.99.0
Scan saved at 11:20:01, on 04.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Programme\Softwin\BitDefender8\bdoesrv.exe
C:\Programme\Softwin\BitDefender8\bdswitch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Dokumente und Einstellungen\lenzen\Desktop\progs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.de/
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Programme\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender8\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/support/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/support/ocis/SiSAutodetectNT.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102947880548
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom.lycos.de/activex/zylomloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{394B1E86-E78C-4716-92EC-CADE27D58883}: NameServer = 194.97.173.124 194.97.173.125
O17 - HKLM\System\CS1\Services\Tcpip\..\{394B1E86-E78C-4716-92EC-CADE27D58883}: NameServer = 194.97.173.124 194.97.173.125
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server - Unknown - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Virus Shield - Unknown - C:\Programme\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe