sind das vieren???

suja

hallo,
bin neu hier und kenn mich leider auch mit vieren, trojanern... noch wenig aus. ändert sich aber gerade
antivier hatte bei mir vieren gefunden. nach kurzer recherche hier im forum habe ich mal einen escan gemacht:


File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP105\A0009511.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP105\A0009512.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010239.dll infected by "not-a-virus:AdWare.ToolBar.DashBar.b" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010240.exe infected by "not-a-virus:AdWare.ToolBar.DashBar.d" Virus. Action Taken: No Action Taken.


File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010241.exe infected by "not-a-virus:AdWare.ToolBar.DashBar.d" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010589.exe infected by "not-a-virus:AdWare.ToolBar.DashBar.d" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010590.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010591.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010592.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010593.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010594.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010595.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010596.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010597.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010598.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010600.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010601.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010602.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010633.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010634.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010635.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010636.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010637.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010638.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010639.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010641.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0012976.exe infected by "not-a-virus:AdWare.Gator.6040" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0012979.exe infected by "not-a-virus:AdWare.Gator.6040" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0013430.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0013434.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0014431.exe infected by "Trojan.Win16.Bearded" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0014436.exe tagged as not-a-virus:Simulator.Win16.Click. No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0017631.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0017732.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.






dann habe ich alles mögliche gelöscht (inklusive papierkorb) und einen zweiten scan gemacht:




File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP105\A0009511.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP105\A0009512.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010239.dll infected by "not-a-virus:AdWare.ToolBar.DashBar.b" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010240.exe infected by "not-a-virus:AdWare.ToolBar.DashBar.d" Virus. Action Taken: No Action Taken.


File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010241.exe infected by "not-a-virus:AdWare.ToolBar.DashBar.d" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010589.exe infected by "not-a-virus:AdWare.ToolBar.DashBar.d" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010590.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010591.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010592.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010593.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010594.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010595.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010596.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010597.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010598.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010600.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010601.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010602.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010633.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010634.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010635.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010636.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010637.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010638.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010639.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010641.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0012976.exe infected by "not-a-virus:AdWare.Gator.6040" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0012979.exe infected by "not-a-virus:AdWare.Gator.6040" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0013430.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0013434.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0014431.exe infected by "Trojan.Win16.Bearded" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0014436.exe tagged as not-a-virus:Simulator.Win16.Click. No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0017631.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0017732.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.


ja und das ist mein logfile von hijachThis:

Logfile of HijackThis v1.99.1
Scan saved at 21:28:52, on 14.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.msn.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - Global Startup: Microsoft Office Shortcut-Leiste.lnk = C:\Programme\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.de/
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/23ea10ff...dxIE601_de.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

kann mir jemand sagen wie stark mein system befallen ist? und was ich gegen die vieren tun kann.
wäre für jede hilfe dankbar.
gruss hagen