BDS/Iroffer.14b2 HILFE!

chris_ef · 24.05.2005, 21:14

Hallo,
hoffe einer kann mir bitte helfen!
AntiVir erkennt es,kann es aber nicht löschen.Scheint es auf meine Gerätetreiber abgesehen zu haben,kann mein DVD-Laufwerk nicht mehr ansprechen!XP zeigt mir an,dass die Gerätetreiber fehlerhaft oder nicht vorhanden sind.Hab schon neue Treiber geladen,hilft aber nicht!

Haui45 · 24.05.2005, 21:15

Hallo,

welche Datei wird von AntiVir als infiziert gemeldet? Überprüfe diese Datei bitte online bei http://virusscan.jotti.org/de und poste das Ergebnis.

chris_ef · 24.05.2005, 21:24

Hallo,

AntiVir gibt mir den Ordner C:\System Volume Information\_restore

Habs versucht,der Ordner lässt sich nicht hochladen,finde ihn auch nirgend auf dem rechner.Was kann ich noch versuchen?
Danke

Haui45 · 24.05.2005, 21:27

Auf diesen Ordner hat man von Windows aus leider keinen Zugriff. Scanne dein System darum mit eScan und poste das Ergebnis.

chris_ef · 24.05.2005, 21:37

bin grad dabei,musste mir das programm erst holen.Kann es aber passieren,dass ein Trojaner mein Laufwerk lahm legt??

chris_ef · 24.05.2005, 21:47

File C:\WINDOWS\System32\filesmgr.dll infected by "Trojan-Clicker.Win32.Agent.dl" Virus! Action Taken: No Action Taken.
Object "MyBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MyBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "myway Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "my way speedbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "altnet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "l.exe Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\zylomloader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\unvise32qt.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Adobe\Fonts\Reqrd\Base\AdobeFnt.lst". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\MSXML3A.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\iccsigs.dat". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\mfcuia32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\MFCANS32.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\LTIH21TB.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\unvise32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Real\GToolbar\BarControl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\zylomloader.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{025107A0-E054-4B25-B733-F810545835F2}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{03300E83-E513-4D4E-B202-A1C8D0399CA2}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}" refers to invalid object "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1ADD57B8-A7A9-4518-B9B5-862590FF9EB4}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B62A3D1-9C04-4BD5-84B5-D2607302501F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1F9E7DA6-47E2-4B03-8F43-858ADD16FB7D}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2A0DDF16-99AD-45F5-A5E2-01287DF186E9}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2DD6DC04-9124-4AEE-A265-9BF307140F24}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2F9BEF8A-7A7D-4284-9835-93437E53807B}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{33AF5286-DC7B-40B3-AF6B-D5E15E9E72B7}" refers to invalid object "C:\PROGRA~1\ArcSoft\CAMERA~1\VIDEOI~1\MPEGCO~1.AX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{33AF5287-DC7B-40B3-AF6B-D5E15E9E72B7}" refers to invalid object "C:\PROGRA~1\ArcSoft\CAMERA~1\VIDEOI~1\MPEGCO~1.AX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{36773DF3-37FC-47B6-9F8F-CC4699917938}" refers to invalid object "E:\Acer\tools\LaunchRS.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{40AF8200-4E6E-11D4-878D-00C0F6B0D1A7}" refers to invalid object "C:\Programme\ArcSoft\Camera Suite\PhotoImpression\Modules\Browser\ezrgb24.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{40AF8201-4E6E-11D4-878D-00C0F6B0D1A7}" refers to invalid object "C:\Programme\ArcSoft\Camera Suite\PhotoImpression\Modules\Browser\ezrgb24.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{671D8E6B-CAEC-48F2-8F5F-8D8B67D45F2A}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{687A161E-906F-409A-BAC4-23B3076613B9}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78766964-0000-0010-8000-00AA00389B71}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8265160A-0E9F-4E53-9302-2AF923902809}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83E66439-05D5-488C-A236-AA20E543D384}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8C709BEF-8D1B-4641-9399-63E5716133B8}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{90914AA1-0A85-407B-AA90-AD5BE725D805}" refers to invalid object "E:\Acer\tools\LaunchRS.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{932AA9D0-A844-4BD4-BB0A-8F7534BB684F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{932BF86C-2BAB-11D2-8EA2-0080C82D82A9}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9869EFB4-18E9-11D3-A837-00104B9E30B5}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9D863EB1-2524-4597-A5FE-8835948F5543}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AB1ED1E0-373D-4C97-9E3D-F3DE31B6640E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0B57E3D-870F-44CC-92D3-1CBB8471EF6D}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B617B991-A767-4F05-99BA-AC6FCABB102E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BB498349-DCC0-4A15-9CAB-08377B5E19F8}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1C8EED8-0D51-4479-BD76-EB6367F67B52}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CBD25681-3F43-4B95-87A2-9BBFA63EBBE4}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CDA3A485-FD9B-4113-B33A-B5E9643BE655}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D153ABDF-FCE1-4939-9747-205E5430006D}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EEE2C47D-FD0A-437D-8DF5-6171E92B24B7}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\AcroIEHelper.AcroIEHlprObj" refers to invalid object "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}". Action Taken: No Action Taken.
Entry "HKCR\AcroIEHelper.AcroIEHlprObj.1" refers to invalid object "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}". Action Taken: No Action Taken.
Entry "HKCR\CorelDRAW.StateChartObject" refers to invalid object "{88B40185-1463-11d4-B6C3-009027912773}". Action Taken: No Action Taken.
Entry "HKCR\CorelDRAW.StateChartObject.10" refers to invalid object "{88B40185-1463-11d4-B6C3-009027912773}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
File C:\WINDOWS\System32\filesmgr.dll infected by "Trojan-Clicker.Win32.Agent.dl" Virus! Action Taken: No Action Taken.

Haui45 · 24.05.2005, 21:52

Geh' bitte streng nach Anleitung vor (abgesicherter Modus, Find.bat usw)!
Poste erst dann das Ergebnis.

chris_ef · 24.05.2005, 23:40

Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tue May 24 23:44:02 2005 => File C:\WINDOWS\System32\filesmgr.dll infected by "Trojan-Clicker.Win32.Agent.dl" Virus! Action Taken: No Action Taken.
Tue May 24 23:44:24 2005 => System found infected with MyBar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken.
Tue May 24 23:44:24 2005 => System found infected with MyBar Spyware/Adware ({0494d0d9-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Tue May 24 23:44:26 2005 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken.
Tue May 24 23:44:26 2005 => System found infected with l.exe Spyware/Adware (C:\WINDOWS\System32\uninstall.exe)! Action taken: No Action Taken.
Tue May 24 23:45:44 2005 => File C:\WINDOWS\System32\filesmgr.dll infected by "Trojan-Clicker.Win32.Agent.dl" Virus! Action Taken: No Action Taken.
Tue May 24 23:57:27 2005 => File C:\WINDOWS\system32\filesmgr.dll infected by "Trojan-Clicker.Win32.Agent.dl" Virus! Action Taken: No Action Taken.
Wed May 25 00:06:05 2005 => File C:\Dokumente und Einstellungen\chris\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\file\Counter.class-1209b91d-1d10b80d.class infected by "Trojan.Java.ClassLoader.ab" Virus! Action Taken: No Action Taken.
Wed May 25 00:07:49 2005 => File C:\Programme\Windows Media Player\wmplayer.exe.tmp infected by "Trojan-Downloader.Win32.Agent.hi" Virus! Action Taken: No Action Taken.
Wed May 25 00:14:09 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Wed May 25 00:18:43 2005 => File C:\Recycled\Q330995.exe infected by "Trojan-Downloader.Win32.Small.amb" Virus! Action Taken: No Action Taken.
Wed May 25 00:20:54 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed May 25 00:03:02 2005 => File C:\WINDOWS\Downloaded Program Files\dscert_209.exe.tcf tagged as "not-a-virus:AdWare.EnergyPlugin.f". Action Taken: No Action Taken.
Wed May 25 00:17:26 2005 => File C:\Programme\MyWay\myBar\1.bin\MY2NS.EXE tagged as "not-a-virus:AdWare.Toolbar.MyWay.b". Action Taken: No Action Taken.
Wed May 25 00:17:26 2005 => File C:\Programme\MyWay\myBar\1.bin\NPMYWAY.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWay.f". Action Taken: No Action Taken.
Wed May 25 00:17:26 2005 => File C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL.tcf tagged as "not-a-virus:AdWare.ToolBar.MyWay.g". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed May 25 00:20:54 2005 => Total Virus(es) Found: 16
Wed May 25 00:20:54 2005 => Total Errors: 110
Wed May 25 00:20:54 2005 => Time Elapsed: 00:36:57
Wed May 25 00:20:54 2005 => Total Objects Scanned: 50144
Tue May 24 23:43:30 2005 => Virus Database Date: 2005/05/24
Wed May 25 00:20:54 2005 => Virus Database Date: 2005/05/24
Wed May 25 00:24:20 2005 => Virus Database Date: 2005/05/24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

BDS/Iroffer.14b2 HILFE!

Plagegeister aller Art und deren Bekämpfung: BDS/Iroffer.14b2 HILFE!