Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Home search assistent, Search extender & Trojaner (https://www.trojaner-board.de/12056-home-search-assistent-search-extender-trojaner.html)

roland33 13.01.2005 11:40
Home search assistent, Search extender & Trojaner
 
Hallo, nachdem die Suche mit HijackThis bei mir nichts ergeben hat,
hat man mir freundlicherweise den Tip gegeben, das System mit eScan
zu untersuchen.

Beigefügt das Log, es sind sehr viele Dateien infiziert. Kann man hier noch
etwas retten, und wenn ja wie oder hilft hier nur eine Formatierung und Systemneuinstallation ?


File C:\WINDOWS\addxg.dll infected by "Trojan-Downloader.Win32.Agent.an" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\CMEII\CMESys.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\crwg32.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\netds.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\yyzzfq.dat infected by "Trojan-Downloader.Win32.Agent.an" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\uzqmvz.dat infected by "Trojan-Downloader.Win32.Agent.an" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\yrebqt.dat infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\cuqvoa.dat infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\uviaik.txt infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wllext.dat infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ntqg32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\CD_CLINT.DLL infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Roland\LOKALE~1\Temp\__unin__.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Roland\LOKALE~1\Temp\remove.exe infected by "TrojanDownloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Roland\LOKALE~1\Temp\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Roland\LOKALE~1\Temp\C.tmp infected by "Trojan-Downloader.Win32.IstBar.gv" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\CD_CLINT.DLL infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm4.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm25.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\adm.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\admdata.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\admdloader.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\admfdi.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\admprog.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\dmfiles.cab infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\mysearch.cab infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\pmfiles.cab infected by "not-a-virus:AdWare.BrilliantDigital.1007" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Altnet\Setup.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\yyzzfq.dat infected by "Trojan-Downloader.Win32.Agent.an" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\uzqmvz.dat infected by "Trojan-Downloader.Win32.Agent.an" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\yrebqt.dat infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\cuqvoa.dat infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\uviaik.txt infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wllext.dat infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ntqg32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\browserxtras\pn\remove.exe infected by "TrojanDownloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Roland\Eigene Dateien\Dateien\DivXPro503GAINBundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Dokumente und Einstellungen\Roland\Lokale Einstellungen\Temp\__unin__.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Roland\Lokale Einstellungen\Temp\remove.exe infected by "TrojanDownloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Roland\Lokale Einstellungen\Temp\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Roland\Lokale Einstellungen\Temp\C.tmp infected by "Trojan-Downloader.Win32.IstBar.gv" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\GMT.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\gtrawbm.fil infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GController.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\AVPersonal\INFECTED\updmgr.VIR infected by "TrojanDownloader.Win32.Keenval" Virus. Action Taken: No Action Taken.
File C:\Programme\AVPersonal\INFECTED\OQELNDSNB.EXE.VIR infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File C:\Programme\NewDotNet(2)\newdotnet3_88(2).dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\Programme\PerfectNav\BHO\PerfectNav150C.dll infected by "not-a-virus:AdWare.Perfnav.a" Virus. Action Taken: No Action Taken.
File C:\Programme\PerfectNav\BHO\PerfectNav150.dll infected by "not-a-virus:AdWare.Perfnav.c" Virus. Action Taken: No Action Taken.
File C:\Programme\themexp\Themexp.org File\TBEZA127Q.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\Programme\themexp\Themexp.org File\NNEZTA388.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\Programme\QuickSearch\QuickSearchBar1_27.dll infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP322\A0129902.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP322\A0129903.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.

roland33 13.01.2005 11:41
Log Teil 2:


File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP324\A0130039.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP325\A0130157.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP325\A0130159.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP326\A0130272.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP326\A0130274.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP327\A0130385.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP327\A0130387.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\Programme\themexp\Themexp.org File\TBEZA127Q.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\Programme\themexp\Themexp.org File\NNEZTA388.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\Programme\QuickSearch\QuickSearchBar1_27.dll infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP322\A0129902.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP322\A0129903.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP324\A0130039.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP325\A0130157.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP325\A0130159.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP326\A0130272.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP326\A0130274.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP327\A0130385.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AE946D8C-06E9-46E6-A0F3-5AA1ACA13462}\RP327\A0130387.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.

MountainKing 13.01.2005 12:03
Hallo,

da du neben einigen weniger schlimmen Adwaresachen auch einen handfesten Backdoor auf dem Rechner hast, solltest du in der Tat dein System neu aufsetzen:


http://board.protecus.de/showtopic.p...me=1097944155&


Für die Zukunft:

http://www.mathematik.uni-marburg.de...ompromise.html

http://www.forum-3dcenter.org/vbulle...d.php?t=163074


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:42 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131