zwei trojaner, aber was löschen ?:(
 

hallo, danke dass es soclhe foren gibt:

bekomm evon anti vir immer die meldung dass ich zwei trojanischer pferde habe..trotz löschen kommen die immer wieder

einer ist tr/dldr.agent.exe und der andere tr/agent.kt

hab hier schon etwas gelesen und dieses hijack runtergeladen

das kam dabei raus :

Logfile of HijackThis v1.99.1
Scan saved at 21:44:11, on 24.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\iesi32.exe
C:\Programme\Schmaili 5.1\schmaili.exe
C:\Programme\FinePixViewer\QuickDCF.exe
C:\Programme\MediaKey\OSD.EXE
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\MediaKey\Versato.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\atlcb.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Dahlfeld\LOKALE~1\Temp\Rar$EX01.859\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\cgpsc.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cgpsc.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\cgpsc.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\cgpsc.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cgpsc.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\cgpsc.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\cgpsc.dll/sp.html#12345
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {D7595883-DFA2-3BDB-61CA-458C65127F0F} - C:\WINDOWS\system32\addpp32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Programme\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [netsn.exe] C:\WINDOWS\system32\netsn.exe
O4 - HKLM\..\Run: [B.tmp] C:\DOKUME~1\Dahlfeld\LOKALE~1\Temp\B.tmp.exe 1 10001
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iesi32.exe] C:\WINDOWS\iesi32.exe
O4 - HKCU\..\Run: [Versato] C:\Programme\MediaKey\MagicRun.exe
O4 - HKCU\..\Run: [Schmaili] C:\Programme\Schmaili 5.1\schmaili.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Programme\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Network Security Service (�%AF夶À¨) - Unknown owner - C:\WINDOWS\atlcb.exe" /s (file missing)

aber was soll ich denn nun löschen ?


danke für eure hilfe

jubifahrer

@jubifahrer
update dein system und IE

die O15 einträge bekommst du hiermit weg
http://www.trojaner-board.de/showpos...6&postcount=31
mache was in das posting von Lutz steht.

danach escan downloaden
anleitung lesen
und genau so durchführen
überprüfe Deinen Rechner zunächst mit dem eScan: lade den eScan runter, erstelle dafür einen Ordner (=Verzeichnis) c:\bases, update den eScan online und führe ihn offline im abgesicherten Modus aus. Beachte, dass der eScan ab Version 4.5.1 gefundene Malware nicht löscht. Das wird von Hand auf Anweisung durch uns gemacht.

Teile uns dann das Ergebnis des eScan mit: welche Viren wurden auf Deinem Rechner gefunden: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen." (Zitat Cidre)

chaosman

so..hier mal die sachen, die escan gefunden hat....mit inhalt infected

Thu Feb 24 23:21:11 2005 => File C:\WINDOWS\system32\d3ic.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:21:14 2005 => File C:\WINDOWS\system32\d3ic.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:21:47 2005 => C:\WINDOWS\apijk.exe possibly infected and removed by background antivirus package!

Thu Feb 24 23:21:50 2005 => File C:\WINDOWS\atlyt.exe infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:21:55 2005 => C:\WINDOWS\iesp32.exe possibly infected and removed by background antivirus package!
Thu Feb 24 23:21:55 2005 => File C:\WINDOWS\iesp32.exe infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:21:58 2005 => C:\WINDOWS\ieur.exe possibly infected and removed by background antivirus package!
Thu Feb 24 23:21:58 2005 => File C:\WINDOWS\ieur.exe infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.
Thu Feb 24 23:22:16 2005 => C:\WINDOWS\mfcxv.exe possibly infected and removed by background antivirus package!
Thu Feb 24 23:22:16 2005 => File C:\WINDOWS\mfcxv.exe infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:22:20 2005 => File C:\WINDOWS\sysec.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:22:20 2005 => File C:\WINDOWS\sysec.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
Thu Feb 24 23:22:23 2005 => File C:\WINDOWS\winib32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:22:25 2005 => File C:\WINDOWS\System32\addei32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.
Thu Feb 24 23:22:26 2005 => File C:\WINDOWS\System32\apidt32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:22:26 2005 => File C:\WINDOWS\System32\apidt32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:22:36 2005 => File C:\WINDOWS\System32\crbb.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:22:36 2005 => File C:\WINDOWS\System32\crbb.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:22:36 2005 => File C:\WINDOWS\System32\crbb.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:22:36 2005 => File C:\WINDOWS\System32\crfr.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:22:41 2005 => File C:\WINDOWS\System32\d3sq.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:23:02 2005 => File C:\WINDOWS\System32\ienl.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:23:03 2005 => File C:\WINDOWS\System32\ieys.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:23:13 2005 => File C:\WINDOWS\System32\javamd32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:23:13 2005 => File C:\WINDOWS\System32\javaoz.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:23:24 2005 => File C:\WINDOWS\System32\mfchv.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:23:46 2005 => File C:\WINDOWS\System32\ntdz32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:24:08 2005 => File C:\WINDOWS\System32\sdkev.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:24:08 2005 => File C:\WINDOWS\System32\sdkgl.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:24:53 2005 => File C:\DOKUME~1\müller\LOKALE~1\Temp\iinstall.exe infected by "Trojan-Downloader.Win32.IstBar.hm" Virus. Action Taken: No Action Taken.

Thu Feb 24 23:34:11 2005 => File C:\Dokumente und Einstellungen\müller\Lokale Einstellungen\Temp\iinstall.exe infected by "Trojan-Downloader.Win32.IstBar.hm" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:41:54 2005 => File C:\WINDOWS\system32\d3ic.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:42:06 2005 => File C:\WINDOWS\iesi32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:42:21 2005 => File C:\WINDOWS\atlcb.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:42:39 2005 => File C:\WINDOWS\sysec.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:42:44 2005 => File C:\WINDOWS\winib32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:42:47 2005 => File C:\WINDOWS\System32\addei32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:42:49 2005 => File C:\WINDOWS\System32\apidt32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:43:03 2005 => File C:\WINDOWS\System32\crbb.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:43:03 2005 => File C:\WINDOWS\System32\crbb.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:43:03 2005 => File C:\WINDOWS\System32\crfr.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:43:03 2005 => File C:\WINDOWS\System32\crwt.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:43:10 2005 => File C:\WINDOWS\System32\d3sq.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:43:42 2005 => File C:\WINDOWS\System32\ienl.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:43:42 2005 => File C:\WINDOWS\System32\ieys.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:43:58 2005 => File C:\WINDOWS\System32\javamd32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:43:58 2005 => File C:\WINDOWS\System32\javaoz.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.


Fri Feb 25 09:44:14 2005 => File C:\WINDOWS\System32\mfchv.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:44:45 2005 => File C:\WINDOWS\System32\ntdz32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:45:16 2005 => File C:\WINDOWS\System32\sdkev.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:45:16 2005 => File C:\WINDOWS\System32\sdkgl.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:46:22 2005 => File C:\DOKUME~1\müller\LOKALE~1\Temp\iinstall.exe infected by "Trojan-Downloader.Win32.IstBar.hm" Virus. Action Taken: No Action Taken.

Fri Feb 25 09:58:03 2005 => File C:\Dokumente und Einstellungen\müller\Lokale Einstellungen\Temp\iinstall.exe infected by "Trojan-Downloader.Win32.IstBar.hm" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:05:47 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*

Fri Feb 25 10:26:50 2005 => File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP197\A0029067.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:26:50 2005 => Scanning File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP197\A0029068.exe
Fri Feb 25 10:26:50 2005 => File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP197\A0029068.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:26:50 2005 => Scanning File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP197\A0029069.exe
Fri Feb 25 10:26:50 2005 => File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP197\A0029069.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:26:50 2005 => Scanning File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP197\A0029070.exe
Fri Feb 25 10:26:50 2005 => File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP197\A0029070.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:26:50 2005 => Scanning File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP197\A0029071.exe
Fri Feb 25 10:26:51 2005 => File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP197\A0029071.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:26:51 2005 => Scanning File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP197\A0029072.exe
Fri Feb 25 10:26:51 2005 => File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP197\A0029072.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:26:51 2005 => Scanning File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP197\A0029073.exe
Fri Feb 25 10:26:51 2005 => File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP197\A0029073.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:26:54 2005 => File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP197\A0029091.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:26:54 2005 => Scanning File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP197\A0029092.dll
Fri Feb 25 10:26:54 2005 => File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP197\A0029092.dll infected by "not-a-virus:PornWare.Dialer.OnlineDialer" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:26:54 2005 => Scanning File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP197\A0029093.dll
Fri Feb 25 10:26:54 2005 => File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP197\A0029093.dll infected by "not-a-virus:AdWare.JS.OneMoreSearch.a" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:27:24 2005 => File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP197\A0031203.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:27:24 2005 => File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP197\A0031206.dll infected by "not-a-virus:AdWare.JS.OneMoreSearch.a" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:31:06 2005 => File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP216\A0031655.dll infected by "Trojan-Downloader.Win32.Agent.jb" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:31:06 2005 => File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP216\A0031672.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:31:06 2005 => Scanning File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP216\A0031673.exe
Fri Feb 25 10:31:06 2005 => File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP216\A0031673.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:31:06 2005 => Scanning File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP216\A0031674.exe
Fri Feb 25 10:31:06 2005 => File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP216\A0031674.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:31:06 2005 => Scanning File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP216\A0031675.exe
Fri Feb 25 10:31:07 2005 => File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP216\A0031675.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:31:07 2005 => Scanning File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP216\A0031676.exe
Fri Feb 25 10:31:07 2005 => File C:\System Volume Information\_restore{867DD3EC-EC75-4612-96BC-C4DE26E0AECF}\RP216\A0031676.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:33:40 2005 => File C:\WINDOWS\Downloaded Program Files\YSBactivex.dll infected by "Trojan-Downloader.Win32.IstBar.fa" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:58:42 2005 => File C:\WINDOWS\sysec.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:58:46 2005 => File C:\WINDOWS\system32\addei32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:58:47 2005 => File C:\WINDOWS\system32\apidt32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:59:31 2005 => File C:\WINDOWS\system32\crbb.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:59:31 2005 => File C:\WINDOWS\system32\crfr.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:59:31 2005 => File C:\WINDOWS\system32\crwt.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 10:59:37 2005 => File C:\WINDOWS\system32\d3sq.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Fri Feb 25 11:03:50 2005 => File C:\WINDOWS\system32\ienl.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Fri Feb 25 11:03:51 2005 => File C:\WINDOWS\system32\ieys.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 11:04:05 2005 => File C:\WINDOWS\system32\javamd32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 11:04:05 2005 => Scanning File C:\WINDOWS\system32\javaoz.exe
Fri Feb 25 11:04:05 2005 => File C:\WINDOWS\system32\javaoz.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 11:04:26 2005 => File C:\WINDOWS\system32\mfchv.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 11:04:56 2005 => File C:\WINDOWS\system32\ntdz32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 11:05:37 2005 => File C:\WINDOWS\system32\sdkev.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 11:05:37 2005 => File C:\WINDOWS\system32\sdkgl.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Fri Feb 25 11:06:55 2005 => File C:\WINDOWS\winib32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

so, das wars :(

wäre nett, wenn sich das mal einer anschauen könnte

vielen dank

jubifahrer

Hi jubifahrer

da gibt es jetzt nur noch eins, System neuaufsetzen
Grund: die Trojaner hätten wir noch wegbringen können aber bei Backdoor kann man nicht genau sagen was am System schon verändert wurde.
Die Hilfe für's Neuaufsetzen

hallo gigamail,

ist es da nicht einfacher format c zu machen oder ist mein problem damit nicht gelöst ?

jubifahrer

mit Neuaufsetzen ist schon vorher Format erforderlich
Mein Link "Hilfe für's Neuausetzen" soll eine Hilfestellung zur gesamten Absicherung sein :)

danke gigamail,
werde dass dann wohl machen müssen :heul:.

muss ich mir gedanken um die anderen rechner machen, die mit am router hängen ?

jubifahrer

solltest Du vielleicht auch mal mit eScan prüfen

hallo gigamail,

habe jetzt alles so gemacht,

formatiert, neu aufgebaut, ie und windoes upgedated, antivirinstalliert


nur bekomm ich den antivir nicht aktiviert, wasmach ich falsch...kann dieaktivierungsschaltfläche nicht anklicken :(

danke

jubifahrer

andere rechner scheinen übrigens sauber zu sein :puh:

ha..ich habs selber gefunden:klatsch:

jubifahrer

@ jubifahrer

na super :party: