habe MicroWorld AntiVirus & Spyware Toolkit Utility laufen lassen
und nach anleitung stelle ich hier die virus informations vor.

bitte um prüfung!
Object "mwsoemon Spyware/Adware" found in File System! Action Taken: No Action Taken.

Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.

Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.

Entry "HKCR\CSSfile" refers to invalid object "{F9202A92-B111-11D0-BB8D-00A0C90F2744}". Action Taken: No Action Taken.

Entry "HKCR\Photoshop.Application.5" refers to invalid object "{6DECC242-87EF-11cf-86B4-444553540000} ". Action Taken: No Action Taken.

Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.

Entry "HKCR\TSLV.TSLV" refers to invalid object "{612DE685-FCC5-11D1-8A36-00A0C9B82ABC}". Action Taken: No Action Taken.

Entry "HKCR\TSLV.TSLV.1" refers to invalid object "{612DE685-FCC5-11D1-8A36-00A0C9B82ABC}". Action Taken: No Action Taken.

Entry "HKCR\VJUpgradeEngineLib.VJUpgradeEngine_7_1.1" refers to invalid object "{B0AC6ABA-AB35-4AEE-8D3D-6C55FA34F6A9}". Action Taken: No Action Taken.

Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.

Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.


File C:\FOUND.004\FILE0000.CHK infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\Dokumente und Einstellungen\uli\Lokale Einstellungen\Temp\res4.tmp tagged as "not-a-virus:AdWare.180Solutions.g". Action Taken: No Action Taken.

File C:\Dokumente und Einstellungen\uli\Lokale Einstellungen\Temp\jfgudk.exe infected by "Trojan-Downloader.Win32.IstBar.jx" Virus! Action Taken: No Action Taken.

File C:\Dokumente und Einstellungen\uli\msdirectx.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\Programme\AVPersonal\INFECTED\.EXE.VIR infected by "Trojan-Spy.Win32.Small.eo" Virus! Action Taken: No Action Taken.

File C:\Programme\xampplite\apache\bin\kill.exe tagged as not-a-virus:Tool.Win32.Pcwelt.a. No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0028109.srg tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0031110.ini tagged as "not-a-virus:AdWare.BargainBuddy.y". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0032123.exe infected by "Trojan.Win32.LowZones.br" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0033114.exe infected by "Trojan-Downloader.Win32.Dyfuca.ej" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0033115.exe infected by "Trojan.Win32.LowZones.br" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0034114.exe infected by "Trojan.Win32.LowZones.br" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0034115.exe infected by "Trojan-Downloader.Win32.Dyfuca.ej" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0034123.exe infected by "Trojan.Win32.LowZones.br" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0034124.exe infected by "Trojan-Downloader.Win32.Dyfuca.ej" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0035121.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0036120.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0036124.exe infected by "Trojan.Win32.LowZones.br" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0036125.exe infected by "Trojan-Downloader.Win32.Dyfuca.ej" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0037130.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0037134.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0037135.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0037143.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0037144.exe infected by "Trojan.Win32.LowZones.br" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0037145.exe infected by "Trojan-Downloader.Win32.Dyfuca.ej" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0037147.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0037148.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0037154.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0038155.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0038160.exe tagged as "not-a-virus:AdWare.WinAD.at". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0038161.exe tagged as "not-a-virus:AdWare.WinAD.au". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0038162.dll tagged as "not-a-virus:AdWare.WinAD.av". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0038163.exe tagged as "not-a-virus:AdWare.BargainBuddy.y". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0038164.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action
File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0038165.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0039151.DLL tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0039155.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0039159.exe infected by "Trojan.Win32.LowZones.br" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0040154.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0040163.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\msprcc32.exe infected by "Trojan-Downloader.Win32.Dyfuca.ej" Virus! Action Taken: No Action Taken.

File C:\mssdit.exe infected by "Trojan.Win32.LowZones.br" Virus! Action Taken: No Action Taken.


wie soll ich vorgehen?
danke!

Warum machst Du einen neuen Thread auf:
http://www.trojaner-board.de/showthread.php?t=19129

Lese die Anleitung zum eScan nochmal sorgfältig durch und poste uns das mit der Datei find.bat erstellte Logfile.

@mooshandl
du hast dieser im system
http://vic.zonelabs.com/tmpl/body/CA....jsp?VId=40790
und zwar hier
File C:\Dokumente und Einstellungen\uli\msdirectx.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

deswegen kann ich dir nur raten dein system nue aufzusetzen(format)

hier eine anleitung
http://www.trojaner-board.de/showpos...28&postcount=2


sry
chaosman

@felix

leider funktioniert die find.bat nicht!
ich nutze mal die "alternative" und hoffe das bringt weiter!

File C:\FOUND.004\FILE0000.CHK infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\Dokumente und Einstellungen\uli\Lokale Einstellungen\Temp\res4.tmp tagged as "not-a-virus:AdWare.180Solutions.g". Action Taken: No Action Taken.

File C:\Dokumente und Einstellungen\uli\Lokale Einstellungen\Temp\jfgudk.exe infected by "Trojan-Downloader.Win32.IstBar.jx" Virus! Action Taken: No Action Taken.

File C:\Dokumente und Einstellungen\uli\msdirectx.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\Programme\AVPersonal\INFECTED\.EXE.VIR infected by "Trojan-Spy.Win32.Small.eo" Virus! Action Taken: No Action Taken.

File C:\Programme\xampplite\apache\bin\kill.exe tagged as not-a-virus:Tool.Win32.Pcwelt.a. No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0028109.srg tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0031110.ini tagged as "not-a-virus:AdWare.BargainBuddy.y". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0032123.exe infected by "Trojan.Win32.LowZones.br" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0033114.exe infected by "Trojan-Downloader.Win32.Dyfuca.ej" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0033115.exe infected by "Trojan.Win32.LowZones.br" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0034114.exe infected by "Trojan.Win32.LowZones.br" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0034115.exe infected by "Trojan-Downloader.Win32.Dyfuca.ej" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0034123.exe infected by "Trojan.Win32.LowZones.br" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0034124.exe infected by "Trojan-Downloader.Win32.Dyfuca.ej" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0035121.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0036120.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0036124.exe infected by "Trojan.Win32.LowZones.br" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0036125.exe infected by "Trojan-Downloader.Win32.Dyfuca.ej" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0037130.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0037134.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0037135.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0037143.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0037144.exe infected by "Trojan.Win32.LowZones.br" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0037145.exe infected by "Trojan-Downloader.Win32.Dyfuca.ej" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0037147.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0037148.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0037154.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0038155.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0038160.exe tagged as "not-a-virus:AdWare.WinAD.at". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0038161.exe tagged as "not-a-virus:AdWare.WinAD.au". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0038162.dll tagged as "not-a-virus:AdWare.WinAD.av". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0038163.exe tagged as "not-a-virus:AdWare.BargainBuddy.y". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0038164.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action
File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0038165.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0039151.DLL tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0039155.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0039159.exe infected by "Trojan.Win32.LowZones.br" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0040154.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\System Volume Information\_restore{2CA65315-FF0C-4460-9937-35C14FE18542}\RP184\A0040163.sys infected by "Trojan.Win32.Rootkit.h" Virus! Action Taken: No Action Taken.

File C:\msprcc32.exe infected by "Trojan-Downloader.Win32.Dyfuca.ej" Virus! Action Taken: No Action Taken.

File C:\mssdit.exe infected by "Trojan.Win32.LowZones.br" Virus! Action Taken: No Action Taken.

Aufgrund des aktiven Trojan.Win32.Rootkit.h kann ich die Empfehlung von chaosman nur bestätigen bzw. unterstützen.
Setze zur deiner eigenen Sicherheit das kompromittierte System neu auf, da es nicht mehr vertrauenswürdig ist.