Hallo, nachdem die Suche mit HijackThis bei mir nichts ergeben hat,
hat man mir freundlicherweise den Tip gegeben, das System mit eScan
zu untersuchen.

Beigefügt das Log, es sind sehr viele Dateien infiziert. Kann man hier noch
etwas retten, und wenn ja wie oder hilft hier nur eine Formatierung und Systemneuinstallation ?


File C:\WINDOWS\addxg.dll infected by "Trojan-Downloader.Win32.Agent.an" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\CMEII\CMESys.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\crwg32.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\netds.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\yyzzfq.dat infected by "Trojan-Downloader.Win32.Agent.an" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\uzqmvz.dat infected by "Trojan-Downloader.Win32.Agent.an" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\yrebqt.dat infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\cuqvoa.dat infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\uviaik.txt infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wllext.dat infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ntqg32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\CD_CLINT.DLL infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Roland\LOKALE~1\Temp\__unin__.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Roland\LOKALE~1\Temp\remove.exe infected by "TrojanDownloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Roland\LOKALE~1\Temp\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Roland\LOKALE~1\Temp\C.tmp infected by "Trojan-Downloader.Win32.IstBar.gv" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\CD_CLINT.DLL infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm4.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm25.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\admdata.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\admdloader.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\admfdi.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\admprog.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\dmfiles.cab infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\mysearch.cab infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\pmfiles.cab infected by "not-a-virus:AdWare.BrilliantDigital.1007" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\Setup.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\yyzzfq.dat infected by "Trojan-Downloader.Win32.Agent.an" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\uzqmvz.dat infected by "Trojan-Downloader.Win32.Agent.an" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\yrebqt.dat infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\cuqvoa.dat infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\uviaik.txt infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wllext.dat infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ntqg32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\browserxtras\pn\remove.exe infected by "TrojanDownloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Roland\Eigene Dateien\Dateien\DivXPro503GAINBundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Dokumente und Einstellungen\Roland\Lokale Einstellungen\Temp\__unin__.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Roland\Lokale Einstellungen\Temp\remove.exe infected by "TrojanDownloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Roland\Lokale Einstellungen\Temp\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Roland\Lokale Einstellungen\Temp\C.tmp infected by "Trojan-Downloader.Win32.IstBar.gv" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\GMT.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\gtrawbm.fil infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GController.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\AVPersonal\INFECTED\updmgr.VIR infected by "TrojanDownloader.Win32.Keenval" Virus. Action Taken: No Action Taken.
File C:\Programme\AVPersonal\INFECTED\OQELNDSNB.EXE.VIR infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File C:\Programme\NewDotNet(2)\newdotnet3_88(2).dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\Programme\PerfectNav\BHO\PerfectNav150C.dll infected by "not-a-virus:AdWare.Perfnav.a" Virus. Action Taken: No Action Taken.
File C:\Programme\PerfectNav\BHO\PerfectNav150.dll infected by "not-a-virus:AdWare.Perfnav.c" Virus. Action Taken: No Action Taken.
File C:\Programme\themexp\Themexp.org File\TBEZA127Q.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\Programme\themexp\Themexp.org File\NNEZTA388.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\Programme\QuickSearch\QuickSearchBar1_27.dll infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP322\A0129902.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP322\A0129903.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.

Log Teil 2:


File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP324\A0130039.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP325\A0130157.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP325\A0130159.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP326\A0130272.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP326\A0130274.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP327\A0130385.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP327\A0130387.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\Programme\themexp\Themexp.org File\TBEZA127Q.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\Programme\themexp\Themexp.org File\NNEZTA388.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\Programme\QuickSearch\QuickSearchBar1_27.dll infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP322\A0129902.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP322\A0129903.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP324\A0130039.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP325\A0130157.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP325\A0130159.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP326\A0130272.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP326\A0130274.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP327\A0130385.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP327\A0130387.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.

Hallo,

da du neben einigen weniger schlimmen Adwaresachen auch einen handfesten Backdoor auf dem Rechner hast, solltest du in der Tat dein System neu aufsetzen:


http://board.protecus.de/showtopic.p...me=1097944155&


Für die Zukunft:

http://www.mathematik.uni-marburg.de...ompromise.html

http://www.forum-3dcenter.org/vbulle...d.php?t=163074