Hallo!

Trotz ad-aware und sppybot kriege ich das lästige Problem mit den immer wieder auftauchenden Werbefenstern nicht gebacken. Kann mir freundlicherweise jemand eine Lösung geben?
Hier mein Hijack-Scan:

Logfile of HijackThis v1.99.0
Scan saved at 19:15:54, on 06.01.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msc32.exe
C:\WINDOWS\System32\sstray.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fcbayern.t-com.de/de/index.php
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplScan] msc32.exe
O4 - HKLM\..\Run: [sais] c:\programme\180solutions\sais.exe
O4 - HKLM\..\Run: [evmnqpmb] C:\WINDOWS\evmnqpmb.exe
O4 - HKLM\..\RunServices: [NvCplScan] msc32.exe
O4 - HKLM\..\RunOnce: [NvCplScan] msc32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvCplScan] msc32.exe
O4 - HKCU\..\RunOnce: [NvCplScan] msc32.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{298D1EC2-E408-4C06-B0BB-84A4370EAC48}: NameServer = 145.253.2.81 145.253.2.203
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sandra Data Service - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

Gruß,
Hoser

Scanne mal bitte folgende Datei bei http://virusscan.jotti.org/de

Zitat:

C:\WINDOWS\System32\msc32.exe

falls du die Datei nicht finden kannst, nimm folgende Einstellungen vor:
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren
+
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren

@Haui45

Danke für die schnelle Antwort!
Ich habe den Scan durchgeführt, was muss ich jetzt machen?
Hier das Ergebnis:

Service load: 0% 100%

File: msc32.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
Packers detected: PE_PATCH, MEWBUNDLE, MEW, PE-DIMINISHER

AntiVir No viruses found (0.14 seconds taken)
Avast No viruses found (1.51 seconds taken)
BitDefender No viruses found (0.94 seconds taken)
ClamAV No viruses found (0.42 seconds taken)
Dr.Web Win32.HLLW.ForBot (0.53 seconds taken)
F-Prot Antivirus No viruses found (0.06 seconds taken)
Kaspersky Anti-Virus Backdoor.Win32.Wootbot.am (0.72 seconds taken)
mks_vir Trojan.Wootbot.Am (0.20 seconds taken)
NOD32 probably unknown NewHeur_PE (probable variant) (1.60 seconds taken)
Norman Virus Control No viruses found (5.34 seconds taken)

Statistics
Last piece of malware found was HTML/Torvil.D in Eva_Padberg_Playboy_German_2004-05_Mai.exe, detected by:

Scanner Malware name Time taken
AntiVir Worm/Torvil.D 0.46 seconds
Avast X 3.21 seconds
BitDefender X 1.05 seconds
ClamAV X 0.83 seconds
Dr.Web X 0.50 seconds
F-Prot Antivirus X 0.06 seconds
Kaspersky Anti-Virus X 0.88 seconds
mks_vir X 0.36 seconds
NOD32 Win32/Torvil.A 0.73 seconds
Norman Virus Control HTML/Torvil.D 0.26 seconds

hm ein backdoor. ich glaube da gibt es keine andere lösung als das system neu aufzusetzen, da man nie weiß was über den backdoor verändert wurde am system. es ist nicht mehr vertrauenswürdig.
beachte auch http://www.trojaner-board.de/showpos...28&postcount=2

Ich habs mir gedacht. Bei einer Infektion des Systems mit einem Backdoortrojaner, ist die einzige Möglichkeit, um wieder einen vertrauenswürdigen Zustand herzustellen die, das System neu aufzusetzen -> http://www.trojaner-board.de/showpos...28&postcount=2
Lutz über Datensicherung (auf ausführbare Dateien solltest du jedoch ganz verzichten)
Pflichtlektüre
Über die Entfernung von Schädlingen
Bitte beim Formatieren an die verlinkte Anleitung halten.

Na das sind ja Nachrichten! Aber ich hab´s mir schon fast gedacht!
Also dann, format c:

Danke für Eure Hilfe!

Ich habe noch einen PC mit dem infizierten vernetzt, hoffentlich ist hier nichts drauf. Wäre nett wenn Ihr mir das Log-File auslesen könnt:

Logfile of HijackThis v1.99.0
Scan saved at 21:16:28, on 06.01.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
D:\Programme\Logitech\iTouch\iTouch.exe
H:\Programme\T-DSL SpeedManager\SpeedMgr.exe
D:\Programme\HP\HP Software Update\HPWuSchd2.exe
H:\Programme\HP\hpcoretech\hpcmpmgr.exe
H:\Programme\Java\jre1.5.0\bin\jusched.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Programme\ATI Technologies\ATI.ACE\cli.exe
H:\Programme\AVPersonal\AVSched32.EXE
H:\WINDOWS\System32\ctfmon.exe
H:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
H:\Programme\DeTeWe\TA 33 USB\Capictrl.exe
H:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe
H:\Programme\AVPersonal\AVGUARD.EXE
H:\Programme\AVPersonal\AVWUPSRV.EXE
D:\Programme\RVS\WCOM\SYSTEM\RVSINST.EXE
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\windows\system32\winos.exe
D:\Programme\RVS\WCOM\SYSTEM\RVSCC.EXE
D:\Programme\RVS\WCOM\SYSTEM\CCSRV.EXE
H:\Programme\T-DSL SpeedManager\tsmsvc.exe
H:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
H:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
H:\Programme\Internet Explorer\IEXPLORE.EXE
H:\Programme\Internet Explorer\IEXPLORE.EXE
H:\Programme\Internet Explorer\IEXPLORE.EXE
H:\Dokumente und Einstellungen\Redbaron\Lokale Einstellungen\Temp\Temporäres Verzeichnis 2 für hijackthis199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wallstreet-online.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [routcnf] H:\Programme\DeTeWe\TA 33 USB\routcnf.exe
O4 - HKLM\..\Run: [zBrowser Launcher] d:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "H:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [Configuration Loader] zonealarm.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] H:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\Programme\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "H:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Programme\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] H:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "H:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AVSCHED32] H:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Configuration Loader] zonealarm.exe
O4 - Startup: PC Atomic Sync.lnk = D:\Programme\BrigSoft\BSAtomic\BSAtomic.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = H:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: CAPIControl.lnk = ?
O4 - Global Startup: ZoneAlarm.lnk = H:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://H:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - H:\Programme\J River\Media Jukebox\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - H:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...my_car_pop.jsp
O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://www.pixaco.de/static/download/iedropupload.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.gedichte-bereich.de/I...sAssistent.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C519D4F-1F10-4E9F-9553-5B3FD84D4F9C}: NameServer = 217.237.151.97 217.237.150.33
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - H:\Programme\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - H:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - H:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RVS CommCenter - RVS Datentechnik GmbH, München - D:\Programme\RVS\WCOM\SYSTEM\RVSCC.EXE
O23 - Service: RvscomSv - RVS Datentechnik GmbH, München - D:\Programme\RVS\WCOM\SYSTEM\RVSCOMSV.EXE
O23 - Service: RVS Installer - RVS Datentechnik GmbH, München - D:\Programme\RVS\WCOM\SYSTEM\RVSINST.EXE
O23 - Service: SymWMI Service - Symantec Corporation - H:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - H:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - H:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: System Op CONTRL - Unknown - c:\windows\system32\winos.exe
O23 - Service: FireDaemon Service: zoneedit - Unknown - c:\Windows\system32\Microsoft\root\\FireDaemon.EXE

Schaut nicht gut aus.
Scanne dein System mit eScan im abgesicherten Modus und poste was gefunden wird (Anleitung genau befolgen!). Am einfachsten machst du das so:
Direkt nach dem Scan, den Inhalt des Fensters "Virus Log Information" kopieren (Strg+A alles markieren; Strg+C kopieren) und dann in einer Textdatei abspeichern (z.B. mit Wordpad o.ä.). Dazu den Inhalt mit Strg+V in das Textverarbeitungsprogramm einfügen und das Dokument dann abspeichern. Nach dem Neustart kannst du die Infos aus der Datei dann einfach ins Forum kopieren.

@Haui45

Hier die Virus Log Info mit Escan:

File H:\WINDOWS\autoheal.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.

Poste mal bite folgendes aus der mwav.log (im Ordner C:\bases)

Zitat:

Total Number of Files Scanned:
Total Number of Virus(es) Found:
Total Number of Disinfected Files:
Total Number of Files Renamed:
Total Number of Deleted Files:
Total Number of Errors:
Time Elapsed:
Virus Database Date: 2005/01/05

Thu Jan 06 22:22:08 2005 => Total Files Scanned: 3012
Thu Jan 06 22:22:08 2005 => Total Virus(es) Found: 1
Thu Jan 06 22:22:08 2005 => Total Disinfected Files: 0
Thu Jan 06 22:22:08 2005 => Total Files Renamed: 0
Thu Jan 06 22:22:08 2005 => Total Deleted Files: 0
Thu Jan 06 22:22:08 2005 => Total Errors: 2
Thu Jan 06 22:22:08 2005 => Time Elapsed: 00:03:01
Thu Jan 06 22:22:08 2005 => Virus Database Date: 2005/01/05
Thu Jan 06 22:22:08 2005 => Virus Database Count: 114704

Du hast eScan falsch durchgeführt. Scanne abermals im abgesicherten Modus, halte dich aber diesmal bitte an die Anleitung ("all local drives" muss aktiviert sein!).

Hier das Ergebnis des ausführlichen Scans, ich muss das Posting sogar wegen der Überlänge aufteilen - wahrscheinlich hilft hier wirklich nur noch format c:

mvav.log:

Thu Jan 06 23:49:07 2005 => Total Files Scanned: 107805
Thu Jan 06 23:49:07 2005 => Total Virus(es) Found: 86
Thu Jan 06 23:49:07 2005 => Total Disinfected Files: 0
Thu Jan 06 23:49:07 2005 => Total Files Renamed: 0
Thu Jan 06 23:49:07 2005 => Total Deleted Files: 0
Thu Jan 06 23:49:07 2005 => Total Errors: 83
Thu Jan 06 23:49:07 2005 => Time Elapsed: 01:04:45
Thu Jan 06 23:49:07 2005 => Virus Database Date: 2005/01/05
Thu Jan 06 23:49:07 2005 => Virus Database Count: 114704

Virus Log:

File H:\WINDOWS\autoheal.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP181\A0084196.exe tagged as not-a-virus:RiskWare.RemoteAdmin.RA.3826. No Action Taken.
File D:\PC\BRENNEN\setupmp3towav.exe infected by "not-a-virus:AdWare.BookedSpace.a" Virus. Action Taken: No Action Taken.
File D:\PC\DVD\GDiVX1.9.9.2.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File D:\PC\DVD\GDiVX1.9.9.5.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File D:\PC\PROGRAMME\cdr37c-e.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\Programme\MP3 to WAV Decoder\bs3-m3.exe infected by "not-a-virus:AdWare.BookedSpace.a" Virus. Action Taken: No Action Taken.
File D:\Programme\MP3 to WAV Decoder\SaveInstWm.exe infected by "not-a-virus:AdWare.SaveNow.e" Virus. Action Taken: No Action Taken.
File D:\RECYCLER\S-1-5-21-1644491937-839522115-1343024091-1003\Dd6.exe infected by "not-a-virus:AdWare.SaveNow.ar" Virus. Action Taken: No Action Taken.
File D:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP129\A0034364.exe infected by "not-a-virus:AdWare.EZula.p" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP113\A0029436.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP113\A0029437.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP113\A0029445.srg infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP113\A0029446.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP113\A0029451.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP115\A0029535.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP115\A0029536.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029880.dll infected by "not-a-virus:AdWare.BargainBuddy.a" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029881.EXE infected by "not-a-virus:AdWare.SaveNow.ah" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029882.exe infected by "not-a-virus:AdWare.BargainBuddy.p" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029883.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029884.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029885.EXE infected by "not-a-virus:AdWare.BargainBuddy.p" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029886.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029887.EXE infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029891.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029892.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029893.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029894.EXE infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029895.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029896.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029897.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029898.dll infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029899.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029903.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029904.VXD infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029905.ax infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029906.VXD infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029907.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029909.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029910.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029911.VXD infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029956.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029957.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029958.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029960.VXD infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.

Teil 2 Virus Log:

File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029962.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029973.exe infected by "not-a-virus:AdWare.SaveNow.ah" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029974.EXE infected by "not-a-virus:AdWare.SaveNow.m" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029975.exe infected by "not-a-virus:AdWare.SaveNow.f" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029976.exe infected by "not-a-virus:AdWare.SaveNow.ay" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029977.EXE infected by "not-a-virus:AdWare.SaveNow.g" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029978.exe infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029980.exe infected by "not-a-virus:AdWare.BargainBuddy.p" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029981.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029982.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029983.dll infected by "not-a-virus:AdWare.EZula.ae" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029984.dll infected by "not-a-virus:AdWare.BookedSpace.a" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029985.dll infected by "not-a-virus:AdWare.BargainBuddy.a" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029986.dll infected by "not-a-virus:AdWare.EZula.g" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029987.dll infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029988.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029989.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029990.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029992.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029994.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029997.dll infected by "not-a-virus:AdWare.EZula.x" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029998.exe infected by "not-a-virus:AdWare.BargainBuddy.p" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0029999.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0030000.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0030002.ax infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0030003.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0030004.srg infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0030005.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0030006.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0030007.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0030008.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0030012.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP120\A0030013.VXD infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP121\A0030164.exe tagged as not-a-virus:Porn-Dialer.Win32.Intexdial. No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP122\A0030169.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP130\A0035427.EXE tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP156\A0066295.exe infected by "TrojanDownloader.Win32.Small.mt" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP156\A0066296.exe infected by "TrojanDownloader.Win32.Small.mt" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{61D61D4E-3FC7-457A-B54B-06B278FCC1F5}\RP156\A0066297.exe infected by "TrojanDownloader.Win32.Small.mt" Virus. Action Taken: No Action Taken.
File H:\WINDOWS\autoheal.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.

Schaut schlimmer aus, als es ist:

Zitat:

File H:\System Volume Information\_restore

Die bekommst du so weg:
Deaktiviere die Systemwiederherstellung-> Neustart-> aktiviere die Systemwiederherstellung wieder
dann dürften sie weg sein.

Die restliche Malware im abgesicherten Modus löschen.

mfg Haui

PS: ich hoffe ich hab nichts übersehen.