Verbindung zum Router nicht mehr vorhanden, IP wird durch Programm verändert
 

Hallihallo,

ich habe seit Tagen ein Problem mit meinem Rechner. Ich gehe über einen Router mit DSL online, die IP wird normalerweise automatisch vom Router bezogen, dies wird jetzt aber anscheinend durch ein Programm manipuliert, meinem Rechner wird einfach eine IP zugewiesen, infolge kann der Router nicht gefunden werden. Sämtliches Pingen in alle Richtungen schlug fehl.
Ich habe dann mit Antivirus-Tools und Ad-Aware alles mögliche abgesucht ohne Erfolg. Dann habe im Taskmanager alles mögliche deaktiviert, um zu sehen, welcher Prozess ohne mein Wissen läuft. Dort habe ich dann rausgefunden, dass ich immer einen Prozess laufen habe, eine exe, die immer anders bezeichnet ist. Sobald ich den einen Prozess beende, kommt ein neuer der anscheinend den vorherigen ersetzt.

Da ich gestern hier auf das Forum gestoßen bin und gesehen habe, dass man ein Log posten kann, versuche ich nun damit mein Glück. Ich habe zum Glück noch einen zweiten Rechner zu Verfügung, mit dem ich noch online gehen kann.

Hier also mein Log:

Logfile of HijackThis v1.99.1
Scan saved at 20:51:18, on 30.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgar.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Winamp\Winampa.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\Mixer.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
c:\windows\system32\xsievgp.exe
C:\Programme\Norton Utilities\SYSDOC32.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Speed Disk\nopdb.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realevent.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Nina\LOKALE~1\Temp\Rar$EX00.625\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [mepzwdh] c:\windows\system32\xsievgp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Programme\Norton Utilities\SYSDOC32.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: MedionShop - {543CDDE7-DF47-47DD-9339-0B023AC5DCA8} - http://www.medionshop.de (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\aklsp.dll' missing
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\irlul5391.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Programme\Speed Disk\nopdb.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

Für Hilfe wäre ich echt sehr dankbar!

Bis dann,
Nina

Hallo Oasis,

führe bitte dies mal aus:
1. Downloade Dir escan und befolge genau diese Anleitung (Ordner „C:\base_x“ erstellen, die „mwav.exe“ dorthin entpacken, mit „kavupd.exe“ updaten. Scan IM ABGESICHERTEN MODUS dauert etwa eine Stunde), http://www.systemwiederherstellung-d...indows-xp.html
2. leere vor dem Scan den Quarantäne-Ordner Deines Antivir-Pogamms,
3. und nimm eine Datenträgerbereinigung vor (Start/ausführen/cleanmgr eingeben/ alle Temp-Ordner leeren und alle Offlineinhalte löschen)
4. teile nach dem Scan das Ergebnis per Rechtsklick auf die Find.bat (dazu musst Du online sein) mit-> Ziel „Speichern unter…“ z.B. „C:\Find.bat“ -> Find.bat doppelklicken und den Scan abwarten -> den Inhalt der automatisch erstellten „C:\eScan_neu.txt“ dann posten.

dartus

Hallo dartus,

wie kann ich denn den escan updaten, wenn ich auf dem betroffenen Rechner keine Verbindung zum Netz kriege? ich kann nichtmal den Rechner vom Router nehmen und dann online gehen.

Kann ich die kavupd.exe auch auf diesem rechner hier updaten und dann erst auf meinem installieren?

Hallo Oasis!
Ja, kannst du.
Kopiere folgenden Ordner 'C:\bases_x' auf USB-Stick/CD/DVD und scanne wie beschrieben.

So nachdem ich jetzt erstmal Probleme hatte, die Dateien zwischen beiden Rechnern zu jonglieren und ich mir dann nen USB-Stick geholt hab, kann ich hier meine Liste posten:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun May 01 21:30:00 2005 => File C:\WINDOWS\system32\dvprov.dll infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
Sun May 01 21:30:05 2005 => File c:\windows\system32\esffao.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 21:30:18 2005 => File C:\WINDOWS\svcproc.exe infected by "Trojan.Win32.Stervis.c" Virus. Action Taken: No Action Taken.
Sun May 01 21:30:20 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sun May 01 21:30:20 2005 => File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun May 01 21:30:21 2005 => System found infected with AdDestroyer Spyware/Adware (swrt01.dll)! Action taken: No Action Taken.
Sun May 01 21:30:21 2005 => File System Found infected by "AdDestroyer Spyware/Adware" Virus. Action Taken: No Action Taken.
Sun May 01 21:30:22 2005 => File C:\WINDOWS\Bolger.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
Sun May 01 21:30:25 2005 => File C:\WINDOWS\gojxkietkl.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
Sun May 01 21:30:44 2005 => File C:\WINDOWS\System32\BO2202031216.dll infected by "not-a-virus:AdWare.VirtualBouncer.d" Virus. Action Taken: No Action Taken.
Sun May 01 21:30:50 2005 => File C:\WINDOWS\System32\clmres.dll infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
Sun May 01 21:30:55 2005 => File C:\WINDOWS\System32\ctbv2.dll infected by "not-a-virus:AdWare.Sahat.g" Virus. Action Taken: No Action Taken.
Sun May 01 21:31:10 2005 => File C:\WINDOWS\System32\DrPMon.dll infected by "Trojan.Win32.Agent.db" Virus. Action Taken: No Action Taken.
Sun May 01 21:31:12 2005 => File C:\WINDOWS\System32\dwghelp.dll infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
Sun May 01 21:31:36 2005 => File C:\WINDOWS\System32\kadlt1.dll infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
Sun May 01 21:31:53 2005 => File C:\WINDOWS\System32\mrencode.dll infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
Sun May 01 21:32:13 2005 => File C:\WINDOWS\System32\nostalgia.dll infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
Sun May 01 21:32:13 2005 => File C:\WINDOWS\System32\nostalgia.dlltmp infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
Sun May 01 21:32:46 2005 => File C:\WINDOWS\System32\SHAgent.dll infected by "not-a-virus:AdWare.Sahat.g" Virus. Action Taken: No Action Taken.
Sun May 01 21:32:46 2005 => File C:\WINDOWS\System32\SHAgent1007.dll infected by "not-a-virus:AdWare.Sahat.g" Virus. Action Taken: No Action Taken.
Sun May 01 21:32:54 2005 => File C:\WINDOWS\System32\SWRT01.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
Sun May 01 21:33:23 2005 => File C:\WINDOWS\System32\Xcite.dll infected by "not-a-virus:AdWare.F1Organizer.m" Virus. Action Taken: No Action Taken.
Sun May 01 21:33:23 2005 => File C:\WINDOWS\System32\Xcite.exe infected by "not-a-virus:AdWare.F1Organizer.m" Virus. Action Taken: No Action Taken.
Sun May 01 22:45:38 2005 => Scanning Folder: C:\Programme\ESET\infected\*.*
Sun May 01 22:45:38 2005 => Scanning File C:\Programme\ESET\infected\Q3A55HDA.NQF
Sun May 01 22:45:38 2005 => File C:\Programme\ESET\infected\Q3A55HDA.NQF infected by "Trojan-Downloader.Win32.Agent.br" Virus. Action Taken: No Action Taken.
Sun May 01 22:45:38 2005 => Scanning File C:\Programme\ESET\infected\Q3A55HDA.NQI
Sun May 01 23:46:18 2005 => File C:\Programme\Mozilla Firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de}\chrome\isearch.jar infected by "not-a-virus:AdWare.ToolBar.ISearch.e" Virus. Action Taken: No Action Taken.
Sun May 01 23:52:24 2005 => File C:\RECYCLER\NPROTECT\00039175.jar infected by "not-a-virus:AdWare.ToolBar.ISearch.e" Virus. Action Taken: No Action Taken.
Sun May 01 23:52:24 2005 => File C:\RECYCLER\NPROTECT\00039194.DLL infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
Sun May 01 23:52:25 2005 => File C:\RECYCLER\NPROTECT\00039197.dll infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
Sun May 01 23:52:27 2005 => File C:\RECYCLER\NPROTECT\00039311.jar infected by "not-a-virus:AdWare.ToolBar.ISearch.e" Virus. Action Taken: No Action Taken.
Sun May 01 23:52:28 2005 => File C:\RECYCLER\NPROTECT\00039328.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:03 2005 => File C:\RECYCLER\NPROTECT\00040234.jar infected by "not-a-virus:AdWare.ToolBar.ISearch.e" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:04 2005 => File C:\RECYCLER\NPROTECT\00040291.DLL infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:04 2005 => File C:\RECYCLER\NPROTECT\00040292.dll infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:05 2005 => File C:\RECYCLER\NPROTECT\00040322.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:05 2005 => File C:\RECYCLER\NPROTECT\00040326.jar infected by "not-a-virus:AdWare.ToolBar.ISearch.e" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:06 2005 => File C:\RECYCLER\NPROTECT\00040356.DLL infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:06 2005 => File C:\RECYCLER\NPROTECT\00040357.dll infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:18 2005 => File C:\RECYCLER\NPROTECT\00040499.jar infected by "not-a-virus:AdWare.ToolBar.ISearch.e" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:19 2005 => File C:\RECYCLER\NPROTECT\00040543.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:20 2005 => File C:\RECYCLER\NPROTECT\00040578.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:21 2005 => File C:\RECYCLER\NPROTECT\00040605.jar infected by "not-a-virus:AdWare.ToolBar.ISearch.e" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:22 2005 => File C:\RECYCLER\NPROTECT\00040627.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:22 2005 => File C:\RECYCLER\NPROTECT\00040631.jar infected by "not-a-virus:AdWare.ToolBar.ISearch.e" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:24 2005 => File C:\RECYCLER\NPROTECT\00040685.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:24 2005 => File C:\RECYCLER\NPROTECT\00040686.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:24 2005 => File C:\RECYCLER\NPROTECT\00040687.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:24 2005 => File C:\RECYCLER\NPROTECT\00040688.DLL infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:25 2005 => File C:\RECYCLER\NPROTECT\00040689.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:25 2005 => File C:\RECYCLER\NPROTECT\00040690.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:25 2005 => File C:\RECYCLER\NPROTECT\00040691.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:25 2005 => File C:\RECYCLER\NPROTECT\00040692.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:26 2005 => File C:\RECYCLER\NPROTECT\00040693.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:26 2005 => File C:\RECYCLER\NPROTECT\00040694.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:26 2005 => File C:\RECYCLER\NPROTECT\00040695.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:26 2005 => File C:\RECYCLER\NPROTECT\00040696.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:27 2005 => File C:\RECYCLER\NPROTECT\00040697.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:27 2005 => File C:\RECYCLER\NPROTECT\00040698.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:27 2005 => File C:\RECYCLER\NPROTECT\00040699.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:27 2005 => File C:\RECYCLER\NPROTECT\00040700.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:28 2005 => File C:\RECYCLER\NPROTECT\00040701.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:28 2005 => File C:\RECYCLER\NPROTECT\00040702.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:28 2005 => File C:\RECYCLER\NPROTECT\00040704.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:28 2005 => File C:\RECYCLER\NPROTECT\00040705.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:29 2005 => File C:\RECYCLER\NPROTECT\00040708.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:29 2005 => File C:\RECYCLER\NPROTECT\00040712.jar infected by "not-a-virus:AdWare.ToolBar.ISearch.e" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:29 2005 => File C:\RECYCLER\NPROTECT\00040729.DLL infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:29 2005 => File C:\RECYCLER\NPROTECT\00040730.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:30 2005 => File C:\RECYCLER\NPROTECT\00040731.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:30 2005 => File C:\RECYCLER\NPROTECT\00040733.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:30 2005 => File C:\RECYCLER\NPROTECT\00040734.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:32 2005 => File C:\RECYCLER\NPROTECT\00040770.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:32 2005 => File C:\RECYCLER\NPROTECT\00040773.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:32 2005 => File C:\RECYCLER\NPROTECT\00040774.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:33 2005 => File C:\RECYCLER\NPROTECT\00040778.jar infected by "not-a-virus:AdWare.ToolBar.ISearch.e" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:39 2005 => File C:\RECYCLER\NPROTECT\00040959.jar infected by "not-a-virus:AdWare.ToolBar.ISearch.e" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:40 2005 => File C:\RECYCLER\NPROTECT\00040986.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:40 2005 => File C:\RECYCLER\NPROTECT\00040990.jar infected by "not-a-virus:AdWare.ToolBar.ISearch.e" Virus. Action Taken: No Action Taken.
Sun May 01 23:53:45 2005 => File C:\RECYCLER\NPROTECT\00041223.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
Mon May 02 00:00:10 2005 => File C:\WINDOWS\Bolger.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
Mon May 02 00:02:14 2005 => File C:\WINDOWS\gojxkietkl.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
Mon May 02 00:17:12 2005 => File C:\WINDOWS\isrvs\delprot.sys infected by "Trojan.Win32.Delprot.a" Virus. Action Taken: No Action Taken.
Mon May 02 00:17:12 2005 => File C:\WINDOWS\isrvs\isearch.xpi infected by "not-a-virus:AdWare.ToolBar.ISearch.e" Virus. Action Taken: No Action Taken.
Mon May 02 00:21:18 2005 => File C:\WINDOWS\system\UpdInst.exe infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
Mon May 02 00:21:29 2005 => File C:\WINDOWS\system32\BO2202031216.dll infected by "not-a-virus:AdWare.VirtualBouncer.d" Virus. Action Taken: No Action Taken.
Mon May 02 00:21:42 2005 => File C:\WINDOWS\system32\clmres.dll infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
Mon May 02 00:22:21 2005 => File C:\WINDOWS\system32\ctbv2.dll infected by "not-a-virus:AdWare.Sahat.g" Virus. Action Taken: No Action Taken.
Mon May 02 00:25:48 2005 => File C:\WINDOWS\system32\DrPMon.dll infected by "Trojan.Win32.Agent.db" Virus. Action Taken: No Action Taken.
Mon May 02 00:25:50 2005 => File C:\WINDOWS\system32\dwghelp.dll infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
Mon May 02 00:26:16 2005 => File C:\WINDOWS\system32\kadlt1.dll infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
Mon May 02 00:26:39 2005 => File C:\WINDOWS\system32\mrencode.dll infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
Mon May 02 00:27:01 2005 => File C:\WINDOWS\system32\nostalgia.dll infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
Mon May 02 00:27:02 2005 => File C:\WINDOWS\system32\nostalgia.dlltmp infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
Mon May 02 00:27:58 2005 => File C:\WINDOWS\system32\SHAgent.dll infected by "not-a-virus:AdWare.Sahat.g" Virus. Action Taken: No Action Taken.
Mon May 02 00:27:58 2005 => File C:\WINDOWS\system32\SHAgent1007.dll infected by "not-a-virus:AdWare.Sahat.g" Virus. Action Taken: No Action Taken.
Mon May 02 00:28:11 2005 => File C:\WINDOWS\system32\SWRT01.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
Mon May 02 00:28:52 2005 => File C:\WINDOWS\system32\Xcite.dll infected by "not-a-virus:AdWare.F1Organizer.m" Virus. Action Taken: No Action Taken.
Mon May 02 00:28:52 2005 => File C:\WINDOWS\system32\Xcite.exe infected by "not-a-virus:AdWare.F1Organizer.m" Virus. Action Taken: No Action Taken.
Mon May 02 01:00:29 2005 => File D:\mp3z\iMeshV3.exe infected by "not-a-virus:AdWare.ToolBar.CommonName.a" Virus. Action Taken: No Action Taken.
Mon May 02 01:00:33 2005 => File D:\mp3z\KazaaUpdate15.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
Mon May 02 01:00:34 2005 => File D:\mp3z\KazaaUpdate151.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
Mon May 02 01:00:37 2005 => File D:\mp3z\kmd133_en.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
Mon May 02 01:00:39 2005 => File D:\mp3z\kmd171gu_en.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
Mon May 02 01:31:22 2005 => File D:\Trillian\users\default\downloads\103666840\Cute-FTP4032.exe infected by "not-a-virus:AdWare.TimeSink" Virus. Action Taken: No Action Taken.
Mon May 02 01:36:27 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun May 01 21:37:37 2005 => File C:\Dokumente und Einstellungen\Nina\Desktop\Downloads\Flash FXP v2.1 CRACKED.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sun May 01 21:37:40 2005 => File C:\Dokumente und Einstellungen\Nina\Desktop\Downloads\Flash FXP v2.1.924 + crk.rar tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sun May 01 21:38:41 2005 => File C:\Dokumente und Einstellungen\Nina\Desktop\Downloads\Macromedia Flash MX 2004 Pro.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sun May 01 21:48:08 2005 => File C:\Dokumente und Einstellungen\Nina\Eigene Dateien\ICQ Lite\44076922\Donald Dark_91046952\mirc616.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
Sun May 01 21:53:54 2005 => File C:\Dokumente und Einstellungen\Nina\Eigene Dateien\Meine Downloads\Software\DivXPro502GAINBundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sun May 01 21:54:50 2005 => File C:\Dokumente und Einstellungen\Nina\Eigene Dateien\Meine Downloads\Software\FlashFXP.v1.4.800.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sun May 01 21:54:50 2005 => File C:\Dokumente und Einstellungen\Nina\Eigene Dateien\Meine Downloads\Software\FlashFXP_21_Setup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sun May 01 22:07:00 2005 => File C:\Dokumente und Einstellungen\Nina\Eigene Dateien\Nina\audiogalaxy.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sun May 01 22:08:12 2005 => File C:\Dokumente und Einstellungen\Nina\Eigene Dateien\Nina\napv2b9.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sun May 01 22:08:59 2005 => File C:\Dokumente und Einstellungen\Nina\Eigene Dateien\Nina\zonalarm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Sun May 01 22:14:42 2005 => File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
Sun May 01 22:17:09 2005 => Scanning File C:\Programme\Adobe\InDesign 2.0\Plug-ins\Filters\Tagged Text Attributes.apln
Sun May 01 22:17:09 2005 => Scanning File C:\Programme\Adobe\InDesign 2.0\Plug-ins\Filters\Tagged Text Export Filter.apln
Sun May 01 22:17:09 2005 => Scanning File C:\Programme\Adobe\InDesign 2.0\Plug-ins\Filters\Tagged Text Import Filter.apln
Sun May 01 23:53:49 2005 => File C:\TEMP\setup.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Mon May 02 01:01:17 2005 => File D:\mp3z\Macromedia Flash MX.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Mon May 02 01:27:57 2005 => File D:\Treiber\PERIPHERIE\WEBCAMS\MD 9369\SETUP.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Mon May 02 01:28:04 2005 => File D:\Treiber\PERIPHERIE\WEBCAMS\PENCAM MD 9456\SETUP.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Mon May 02 01:33:58 2005 => File D:\Trillian\users\default\downloads\63702706\NNSCRIPT352.EXE tagged as not-a-virus:RiskWare.mIRC.6.01. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mon May 02 01:36:27 2005 => Total Virus(es) Found: 117
Mon May 02 01:36:27 2005 => Total Errors: 23
Mon May 02 01:36:27 2005 => Time Elapsed: 04:06:50
Mon May 02 01:36:27 2005 => Total Objects Scanned: 136481
Sun May 01 21:28:22 2005 => Virus Database Date: 2005/05/01
Mon May 02 01:36:27 2005 => Virus Database Date: 2005/05/01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~


Was mich sehr stutzig macht ist, dass er 4std, gescannt hat ... hab ich so viel aufm Rechner oder ist das normal?

Danke schonmal!
Nina

*hochpost* Kann mir niemand helfen? :(

Ob es wirklich Sinn macht, diesen Rechner zu bereinigen, mage ich persönlich bezweifeln.
Imho solltest du dein System neu aufsetzen und dir Gedanken machen, warum sich die Malware so ausbreiten konnte, trotz deiner verwendeten Sicherheitssoftware!
Eine Anleitung findest du in meiner Signatur.

btw:
Diese Datei 'c:\windows\system32\xsievgp.exe' wurde z.B. gar nicht erkannt!