Trojaner-Board - HILFE "Auto:Blank" und "Best of" machen mich fertig, hier mein Escan!!

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - HILFE "Auto:Blank" und "Best of" machen mich fertig, hier mein Escan!! (https://www.trojaner-board.de/16444-hilfe-auto-blank-best-of-mich-fertig-escan.html)

HILFE "Auto:Blank" und "Best of" machen mich fertig, hier mein Escan!!

Ich habe den eScan ausgeführt, aber soll ich wirklich alle dateien löschen???
Helftmir bitte schnell!! Sonst endets noch in :juul: ...

File C:\WINDOWS\cruc.dll infected by "Trojan-Dropper.Win32.Small.tn" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\atlxt32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\javaws.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\apihi32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\crgq.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
C:\WINDOWS\cruc.dll infected by "Trojan-Dropper.Win32.Small.tn" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\iexu32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\sdkoi32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\winyv.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\atlxt32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\javaws.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\udgyb.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\vbsys2.dll infected by "Trojan-Clicker.Win32.Agent.ac" Virus. Action Taken: No Action Taken.
Sat Apr 09 14:53:07 2005 => File C:\System Volume Information\_restore{5E1E978B-3236-4793-9912-99AA7DAF8BEF}\RP325\A0164314.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\apihi32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\crgq.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\cruc.dll infected by "Trojan-Dropper.Win32.Small.tn" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\iexu32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\sdkoi32.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\atlxt32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\javaws.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\udgyb.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\vbsys2.dll infected by "Trojan-Clicker.Win32.Agent.ac" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\winyv.exe infected by "Trojan.Win32.Agent.bi" Virus. Action Taken: No Action Taken.

Sat Apr 09 15:04:15 2005 => ***** Scanning complete. *****

Sat Apr 09 15:04:15 2005 => Total Files Scanned: 29955
Sat Apr 09 15:04:15 2005 => Total Virus(es) Found: 24
Sat Apr 09 15:04:15 2005 => Total Disinfected Files: 0
Sat Apr 09 15:04:15 2005 => Total Files Renamed: 0
Sat Apr 09 15:04:15 2005 => Total Deleted Files: 0
Sat Apr 09 15:04:15 2005 => Total Errors: 5
Sat Apr 09 15:04:15 2005 => Time Elapsed: 00:19:58
Sat Apr 09 15:04:15 2005 => Virus Database Date: 2005/04/09
Sat Apr 09 15:04:15 2005 => Virus Database Count: 125267

Sat Apr 09 15:04:15 2005 => Scan Completed.

Zitat:

Ich habe den eScan ausgeführt, aber soll ich wirklich alle dateien löschen???

Natürlich, oder willst du die Malware auf dein System belassen?!

Hast du nur die Systempartition gescannt?

btw:
Trojan.Win32.Agent.bi -> http://de.trendmicro-europe.com/ente...=TROJ_AGENT.RK
Trojan-Downloader.Win32.Agent.bq -> http://de.trendmicro-europe.com/ente...=TROJ_AGENT.EL
usw.

Nur die weil die D Partition leer ist

na dann gehe ich nochmal in den abgesicherten Modus und lösch die Dateien...

bis gleich!

Es wäre empfehlenswert, wenn du die Malware Einträge mit HJT auch gleich fixen würdest.

Hier meine Logfile!! Was soll ich fixen?? Und im abgesicherten Modus oder geht es auch so??

C:\Programme\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\udgyb.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\udgyb.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\udgyb.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\udgyb.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\udgyb.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\udgyb.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C9906193-7B7B-FA65-B978-4F6E47E66321} - C:\WINDOWS\cruc.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Programme\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [atlxt32.exe] C:\WINDOWS\system32\atlxt32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Programme\Citrix\ICA Client\pnagent.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de
O15 - Trusted Zone: adm.gebr-heinemann.de
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/24a9040f/enter.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5304F664-A4C3-4213-B820-8A830E189310}: NameServer = 192.168.120.252,192.168.120.253
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\sdkta.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe