LOG-File bitte auswerten

kati309 · 06.02.2005, 14:34

hallo!

Seit kurzem erhalte ich vom AV Guard, Virenwächter, immerzu die Nachricht, dass der Code des Virus BDS/Agent.AY Dateinen befallen hat.

Ich lösche die befallenen Dateinen dann immer, und anschließend findet der Virenwächter dann nichts mehr, bis ich dann spätestens am nächsten Tag wieder eine neue Meldung erhalte....

Wie werde ich diesen Virus wieder los?

Die befallenen Dateien befinden sich immer im Ordner "Gemeinsame Dateinen" im Laufwerk C unter Programme.

Mittels HijackThis habe ich dieses Log-File erstellt:

Ich hoffe, ich finde hier Hilfe.

Gruß,

Kati

Logfile of HijackThis v1.99.0
Scan saved at 13:27:23, on 06.02.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\CMEII\CMESYS.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\GMT\GMT.EXE
C:\PROGRAMME\WEBDE\SMARTSURFER2.3\SMARTSURFER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMME\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAMME\AVPERSONAL\INETUPD.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.media-search.net/nph-s...=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.media-search.net/nph-s...k=stmpl1&find=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.media-search.net/nph-s...k=stmpl1&find=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.media-search.net/nph-s...=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.media-search.net/nph-s...k=stmpl1&find=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.media-search.net/nph-s...k=stmpl1&find=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.media-search.net/nph-s...k=stmpl1&find=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.media-search.net/nph-s...k=stmpl1&find=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hhttp://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\PROGRAMME\SE\V11\SE.DLL
F1 - win.ini: run=C:\WINDOWS\hpfsched.exe
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {A096A159-4E58-45A9-8EE6-B11466851181} - (no file)
O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - (no file)
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\SYSTEM\BHO001.DLL
O2 - BHO: UCmore toolbar - {ED8DB0FD-D8F4-4b2c-BB5B-9EF040FE104D} - (no file)
O2 - BHO: WebBho Class - {00041A26-7033-432C-94C7-6371DE343822} - C:\PROGRAMME\SE\V11\SE.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {53CBEE82-D747-11d3-9ED0-005004189684} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SearchEnhancement] "C:\PROGRAMME\SCBAR\V1\SCBAR.EXE" /U
O4 - HKLM\..\Run: [WindowEnhancer] "C:\PROGRAMME\WINEX\V2\WINEX.EXE" /U
O4 - HKLM\..\Run: [Media-Search] "C:\PROGRAMME\MSNET\V9\MSNET.EXE" /H
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAMME\GEMEINSAME DATEIEN\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [Search-Exe] "C:\PROGRAMME\SE\V11\SE.EXE" /H
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE.EXE -trayboot
O4 - Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comundo.lycos.de/?version=v401
O16 - DPF: {01E54593-BE14-4D6B-9310-37C0145EFE42} (AMI DicomDir TreeView Control 1.0) - FILE://F:\RADWORKS CD-VIEWER\CDVIEWER.CAB
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = kawo1.rwth-aachen.de
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 134.130.115.1,134.130.4.1,134.130.5.1

sunshine · 06.02.2005, 16:28

hi kati
fixe bitte im abgesicherten modus:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.media-search.net/nph-...k=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.media-search.net/nph-...ok=stmpl1&find=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.media-search.net/nph-...ok=stmpl1&find=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.media-search.net/nph-...k=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.media-search.net/nph-...ok=stmpl1&find=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.media-search.net/nph-...ok=stmpl1&find=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.media-search.net/nph-...ok=stmpl1&find=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.media-search.net/nph-...ok=stmpl1&find=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hhttp://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\PROGRAMME\SE\V11\SE.DLL
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: (no name) - {A096A159-4E58-45A9-8EE6-B11466851181} - (no file)
O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - (no file)
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\SYSTEM\BHO001.DLL
O2 - BHO: UCmore toolbar - {ED8DB0FD-D8F4-4b2c-BB5B-9EF040FE104D} - (no file)
O2 - BHO: WebBho Class - {00041A26-7033-432C-94C7-6371DE343822} - C:\PROGRAMME\SE\V11\SE.DLL
O3 - Toolbar: (no name) - {53CBEE82-D747-11d3-9ED0-005004189684} - (no file)
O3 - Toolbar: (no name) - {53CBEE82-D747-11d3-9ED0-005004189684} - (no file)
O4 - HKLM\..\Run: [WindowEnhancer] "C:\PROGRAMME\WINEX\V2\WINEX.EXE" /U
O4 - HKLM\..\Run: [Media-Search] "C:\PROGRAMME\MSNET\V9\MSNET.EXE" /H
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAMME\GEMEINSAME DATEIEN\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [Search-Exe] "C:\PROGRAMME\SE\V11\SE.EXE" /H
O4 - Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe

wenn du die einträge nicht kennst auch fixen:
O16 - DPF: {01E54593-BE14-4D6B-9310-37C0145EFE42} (AMI DicomDir TreeView Control 1.0) - FILE://F:\RADWORKS CD-VIEWER\CDVIEWER.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = kawo1.rwth-aachen.de
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 134.130.115.1,134.130.4.1,134.130.5.1
lade dir anschließend escan runter und gehe nach der anweisung hier:http://www.trojaner-board.de/42731-escan-anleitung.html vor
download: http://www.mwti.net/antivirus/free_utilities.asp
Teile uns dann das Ergebnis des eScan mit: welche Viren wurden auf Deinem Rechner gefunden: öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen.
sunshine

Chris14 · 06.02.2005, 16:32

@sunshine ein teil fehlt^^ nämlich das löschen der befallenen dateien. die einträge kommen ja wieder, wenn die dateien noch vorhanden sind

also im abgesicherten modus noch diese dateien löschen:
-den ordner C:\PROGRAMME\WINEX\
-den ordner C:\PROGRAMME\MSNET\
-den ordner C:\PROGRAMME\GEMEINSAME DATEIEN\CMEII\
-den ordner C:\PROGRAMME\SE\
-den ordner C:\Programme\Gemeinsame Dateien\GMT\
-leere den papierkorb
-die datei BHO001.DLL im ordner C:\WINDOWS\SYSTEM\

kati309 · 07.02.2005, 00:41

hallo!

nachdem ich im hijackthis.exe die angegebenen dateien gefixt habe, hat die suche mittels escan folgende ergebnisse geliefert:

C:\WINDOWS\RSP001~1.DAT infected by "not-a-virus:AdWare.IGetNet" Virus.
C:\WINDOWS\newdotnet3_36.dll infected by "not-a-virus:AdWare.NewDotNet" Virus.
C:\WINDOWS\SYSTEM\RSP001.DLL infected by "not-a-virus:AdWare.IGetNet" Virus.
C:\WINDOWS\SYSTEM\Install_All.DLL infected by "not-a-virus:AdWare.IGetNet.b" Virus.
File C:\WINDOWS\SYSTEM\Update_com.DLL infected by "not-a-virus:AdWare.IGetNet" Virus.
File C:\WINDOWS\SYSTEM\RSP001.DLL infected by "not-a-virus:AdWare.IGetNet" Virus.
File C:\WINDOWS\SYSTEM\Install_All.DLL infected by "not-a-virus:AdWare.IGetNet.b" Virus.
File C:\WINDOWS\SYSTEM\Update_com.DLL infected by "not-a-virus:AdWare.IGetNet" Virus.
C:\WINDOWS\Anwendungsdaten\Mozilla\Profiles\default\mg274aky.slt\Mail\mail.kawo1.rwh-aachen.de\Trash infected by "Exploit.HTML.FileDownload" Virus.
C:\WINDOWS\RSP001~1.DAT infected by "not-a-virus:AdWare.IGetNet" Virus.
C:\WINDOWS\newdotnet3_36.dll infected by "not-a-virus:AdWare.NewDotNet" Virus.
C:\WINDOWS\Coder\_233-TAT-1-0-.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus.
C:\Programme\Twister\TwisterInstall.exe infected by "not-a-virus:AdWare.SaveNow.e" Virus.
C:\Programme\DownloadWare\Downloads\151.dat infected by "not-a-virus:AdWare.WindowEnhancer" Virus.
C:\Programme\DownloadWare\Downloads\205.dat infected by "not-a-virus:AdWare.WindowEnhancer" Virus.
C:\Programme\DownloadWare\Downloads\217.dat infected by "not-a-virus:AdWare.WindowEnhancer" Virus.
C:\Programme\DownloadWare\Downloads\201.dat infected by "not-a-virus:AdWare.SmartPops" Virus.
C:\Programme\DownloadWare\Temp\we.exe infected by "not-a-virus:AdWare.WindowEnhancer" Virus.
C:\Programme\DownloadWare\Temp\msinst.exe infected by "not-a-virus:AdWare.WindowEnhancer" Virus.
C:\Programme\DownloadWare\Temp\seinst.exe infected by "not-a-virus:AdWare.WindowEnhancer" Virus.
C:\Programme\DownloadWare\Temp\rh.exe infected by "not-a-virus:AdWare.SmartPops" Virus.
C:\Programme\DelFin\PromulGate\PgSDK.DLL infected by "not-a-virus:AdWare.DelphinMediaViewer.d" Virus.
C:\Programme\UCmore\UCMIE.dll infected by "not-a-virus:AdWare.ToolBar.Ucmore.a" Virus.
C:\Programme\UCmore\IUCmore.dll infected by "not-a-virus:AdWare.Toolbar.Ucmore" Virus.
C:\Programme\Recommended Hotfix - 421701D\v15\RH.exe infected by "not-a-virus:AdWare.SmartPops" Virus.
C:\_RESTORE\TEMP\A0023851.CPY infected by "not-a-virus:AdWare.IGetNet" Virus.
C:\_RESTORE\TEMP\A0023852.CPY infected by "not-a-virus:AdWare.WindowEnhancer" Virus.
C:\_RESTORE\TEMP\A0023855.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus.
C:\_RESTORE\TEMP\A0023856.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus.
C:\_RESTORE\TEMP\A0023857.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus.
C:\_RESTORE\TEMP\A0023858.CPY infected by "not-a-virus:AdWare.Gator.5017" Virus.
C:\_RESTORE\TEMP\A0023859.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus.
C:\_RESTORE\TEMP\A0023860.CPY infected by "not-a-virus:AdWare.Gator.6034" Virus.
C:\_RESTORE\TEMP\A0023861.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus.
C:\_RESTORE\TEMP\A0023862.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus.
C:\_RESTORE\TEMP\A0023870.CPY infected by "not-a-virus:AdWare.WindowEnhancer" Virus.
C:\_RESTORE\TEMP\A0023871.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus.
Sun Feb 06 20:46:37 2005 => File C:\_RESTORE\TEMP\A0023872.CPY infected by "not-a-virus:AdWare.Gator.6034" Virus.
C:\_RESTORE\TEMP\A0023873.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus.
C:\_RESTORE\TEMP\A0023874.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus.
C:\_RESTORE\TEMP\A0023875.CPY infected by "not-a-virus:AdWare.Gator.3124" Virus.
C:\_RESTORE\TEMP\A0023876.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus.
C:\_RESTORE\TEMP\A0023877.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus.
C:\_RESTORE\TEMP\A0023878.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus.
C:\_RESTORE\TEMP\A0023879.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus.
C:\_RESTORE\TEMP\A0023880.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus.
C:\_RESTORE\TEMP\A0023881.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus.
C:\_RESTORE\TEMP\A0023882.CPY infected by "not-a-virus:AdWare.Gator.6041" Virus.
C:\_RESTORE\TEMP\A0023885.CPY infected by "not-a-virus:AdWare.WindowEnhancer" Virus.
C:\_RESTORE\TEMP\A0023886.CPY infected by "not-a-virus:AdWare.WindowEnhancer" Virus.
C:\_RESTORE\TEMP\A0023887.CPY infected by "not-a-virus:AdWare.WindowEnhancer" Virus.
C:\_RESTORE\TEMP\A0023888.CPY infected by "not-a-virus:AdWare.WindowEnhancer" Virus.
C:\_RESTORE\TEMP\A0016085.CPY infected by "not-a-virus:AdWare.DownloadWare" Virus.
C:\_RESTORE\TEMP\A0016089.CPY infected by "not-a-virus:PornWare.Dialer.Lagoon" Virus.
C:\_RESTORE\TEMP\A0017395.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0017397.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0017399.CPY infected by "not-a-virus:AdWare.BargainBuddy.a" Virus.
C:\_RESTORE\TEMP\A0017401.CPY infected by "not-a-virus:AdWare.TopMoxie.a" Virus.
C:\_RESTORE\TEMP\A0017418.CPY infected by "Trojan-Downloader.Win32.Small.fo" Virus.
Sun Feb 06 20:49:02 2005 => File C:\_RESTORE\TEMP\A0017914.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0017995.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0019176.CPY infected by "not-a-virus:AdWare.SmartPops" Virus.
C:\_RESTORE\TEMP\A0019185.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0019682.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0019686.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0019757.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0019772.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0019776.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0019780.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0019799.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0019803.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0019909.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0019913.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0019992.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
Sun Feb 06 20:49:31 2005 => File C:\_RESTORE\TEMP\A0019996.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0020009.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0020013.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0020067.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0020089.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0020117.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0020121.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0020151.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0020155.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0020462.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0020466.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0020525.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0020529.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0020613.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0020617.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0020629.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0020633.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0020756.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0020760.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0022740.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0022744.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0022748.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0022752.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0023751.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\TEMP\A0023755.CPY infected by "not-a-virus:AdWare.Gator.a" Virus.
C:\_RESTORE\ARCHIVE\FS1.CAB infected by "not-a-virus:AdWare.SaveNow.t" Virus.
C:\_RESTORE\ARCHIVE\FS77.CAB infected by "Trojan.Win32.Dialer.av" Virus.
C:\_RESTORE\ARCHIVE\FS78.CAB infected by "not-a-virus:AdWare.Cydoor" Virus.
C:\_RESTORE\ARCHIVE\FS106.CAB infected by "not-a-virus:AdWare.Gator.3202" Virus.
C:\_RESTORE\ARCHIVE\FS108.CAB infected by "not-a-virus:AdWare.Gator.3202" Virus.
C:\_RESTORE\ARCHIVE\FS157.CAB infected by "not-a-virus:AdWare.Gator.5115" Virus.
C:\Program Files\HijackThis\backups\backup-20050206-190034-357.dll infected by "not-a-virus:AdWare.IGetNet" Virus.
C:\Program Files\HijackThis\backups\backup-20050206-190034-555.dll infected by "not-a-virus:AdWare.WindowEnhancer" Virus.

....danke!
kati

chaosman · 07.02.2005, 09:41

@kati309
diese dateien auf diskette sichern zwecks beweismittel, sind dialer
C:\WINDOWS\Coder\_233-TAT-1-0-.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus.
C:\_RESTORE\TEMP\A0016089.CPY infected by "not-a-virus:PornWare.Dialer.Lagoon" Virus.

du hast ja einiges im system
deaktiviere die systemwiederherstellung.

lade LSP-Fix download
lade spybot download
update spybot
lade adaware download
update adaware
lade clearprog bei www.clearprog.de
deinstalliere über systemsteuerung, software, den eintrag NewDotNet, NewNet oder ähnliches

wechsle in den abgesicherten modus,
lasse spybot scannen, alles löschen was es vorschlägt.(DSO Exploit löscht es nicht, ist nicht tragisch)
lasse adaware scannen
alles löschen was es findet.
clearprog laufen lassen, alle häkchen bei windows und IE setzen, alles löschen

diese dateien manuell löschen
C:\Program Files\HijackThis\backups\backup-20050206-190034-357.dll infected by "not-a-virus:AdWare.IGetNet" Virus.
C:\Program Files\HijackThis\backups\backup-20050206-190034-555.dll infected by "not-a-virus:AdWare.WindowEnhancer" Virus.
C:\WINDOWS\RSP001~1.DAT infected by "not-a-virus:AdWare.IGetNet" Virus.
C:\WINDOWS\newdotnet3_36.dll infected by "not-a-virus:AdWare.NewDotNet" Virus.
C:\WINDOWS\SYSTEM\RSP001.DLL infected by "not-a-virus:AdWare.IGetNet" Virus.
C:\WINDOWS\SYSTEM\Install_All.DLL infected by "not-a-virus:AdWare.IGetNet.b" Virus.
File C:\WINDOWS\SYSTEM\Update_com.DLL infected by "not-a-virus:AdWare.IGetNet" Virus.
File C:\WINDOWS\SYSTEM\RSP001.DLL infected by "not-a-virus:AdWare.IGetNet" Virus.
File C:\WINDOWS\SYSTEM\Install_All.DLL infected by "not-a-virus:AdWare.IGetNet.b" Virus.
File C:\WINDOWS\SYSTEM\Update_com.DLL infected by "not-a-virus:AdWare.IGetNet" Virus.
C:\WINDOWS\Anwendungsdaten\Mozilla\Profiles\defaul t\mg274aky.slt\Mail\mail.kawo1.rwh-aachen.de\Trash infected by "Exploit.HTML.FileDownload" Virus.
C:\WINDOWS\RSP001~1.DAT infected by "not-a-virus:AdWare.IGetNet" Virus.
C:\WINDOWS\newdotnet3_36.dll infected by "not-a-virus:AdWare.NewDotNet" Virus.
C:\WINDOWS\Coder\_233-TAT-1-0-.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus.
C:\Programme\Twister\TwisterInstall.exe infected by "not-a-virus:AdWare.SaveNow.e" Virus.
C:\Programme\DownloadWare\Downloads\151.dat infected by "not-a-virus:AdWare.WindowEnhancer" Virus.
C:\Programme\DownloadWare\Downloads\205.dat infected by "not-a-virus:AdWare.WindowEnhancer" Virus.
C:\Programme\DownloadWare\Downloads\217.dat infected by "not-a-virus:AdWare.WindowEnhancer" Virus.
C:\Programme\DownloadWare\Downloads\201.dat infected by "not-a-virus:AdWare.SmartPops" Virus.
C:\WINDOWS\Coder\_233-TAT-1-0-.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus.
C:\_RESTORE\TEMP\A0016089.CPY infected by "not-a-virus:PornWare.Dialer.Lagoon" Virus.

neu booten, systemwiederherstellung aktivieren.
ich würde mich an deiner stell mal gedanken machen über dein surfverhaltenund deine systemsicherheit.

chaosman

LOG-File bitte auswerten

Log-Analyse und Auswertung: LOG-File bitte auswerten