Hi, ich würde eure Hilfe brauchen.

Seit einigen Tagen macht mein Computer beim Starten immer zwei Fenster auf:

1. Fehler beim Laden von
p2esocks_1026.dll
Modul wurde nicht gefunden

2. Fehler beim Laden von
eAcceleration\Installer\stopsinfo.dll
Modul wurde nicht gefunden

Da ich nur Benutzer bin und mich sehr wenig auskenne , bitte ich euch um Antwort, was ich machen soll.
Schreibt bitte so, dass auch ein Laie wie ich es verstehen kann.

Vielen Dank im Vorhinein,
Gemini

Hallo,

Zitat:

File C:\WINDOWS\System32\p2esocks_1029.dll infected by "Trojan.Win32.P2E.am" Virus und http://www.anti-spy.info/process/stopsinfo.dll.html

Erstelle mit HiJackThis ein Log-File und lösche die O4 Einträge die auf die oben genannten Dateien verweisen.
Wenn du dir unsicher bist dann kannst du auch das Log-File hier rein posten.
Persönliche Informationen, wie Benutzername und dergleichen, bitte unkenntlich machen.

Vielen Dank für die wirklich prompte Antwort.
Leider funktioniert bei mir der Download von "HiJackThis" nicht (hab es mehrmals versucht). Ich habe aber "Stop-Sign" durch laufen lassen und folgendes Ergebnis erhalten:

C:\WINDOWS\tmlpmg.exe is infected with Trojan.Wintrim
C:\WINDOWS\Downloaded Program Files\910000_211127_.exe717 is infected with Trojan.DownLoader.486
C:\WINDOWS\Downloaded Program Files\910000_211151_.exe003 is infected with Trojan.DownLoader.486
C:\WINDOWS\Downloaded Program Files\910000_211151_.exe325 is infected with Trojan.DownLoader.486
C:\WINDOWS\Downloaded Program Files\910000_211151_.exe331 is infected with Trojan.DownLoader.486
C:\WINDOWS\Downloaded Program Files\910000_211151_.exe746 is infected with Trojan.DownLoader.486
C:\WINDOWS\Downloaded Program Files\comload.dll is infected with Trojan.DownLoader.1044
C:\WINDOWS\system32\msklive.dll is infected with Trojan.Mslag

Was soll ich weiter tun?

lg, Gemini

Zitat:

Leider funktioniert bei mir der Download von "HiJackThis" nicht

Versuch es mal hier -> http://www.spychecker.com/program/hijackthis.html oder http://www.hijackthis.de/

Zitat:

Ich habe aber "Stop-Sign" durch laufen lassen und folgendes Ergebnis erhalten:

So wie es aussieht schlummert noch mehr Malware auf deinem System. Führe deshalb dies aus:
Lade und scanne mit eScan AntiVirus im abgesicherten Modus wie beschrieben.
Poste anschliessend die Virus Log Information von eScan AntiVirus:
Öffne die mwav.log im Ordner C:\bases -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen.

Hi, Cidre
hier ist die Virus Log Information von eScan AntiVirus:

File C:\WINDOWS\installer[gwd-10188,de].exe infected by "not-a-virus:PornWare.Dialer.Intexdial" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\installer[gwd-11283,de].exe tagged as not-a-virus:RiskWare.Dialer.Stardialer. No Action Taken.
File C:\WINDOWS\installer[p2p-10114,de].exe infected by "not-a-virus:PornWare.Dialer.Star" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\installer[p2p-10114,d].exe infected by "not-a-virus:PornWare.Dialer.Star" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\tmlpmg.exe infected by "Trojan-Downloader.Win32.Wintrim.cd" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\EGAUTH.dll infected by "Trojan.Win32.P2E.al" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\EGCOMSERVICE2.dll tagged as not-a-virus:RiskWare.Dialer.E-Group.b. No Action Taken.
File C:\WINDOWS\system32\EGCOMSERVICE_1046.dll tagged as not-a-virus:RiskWare.Dialer.E-Group.1046. No Action Taken.
File C:\WINDOWS\system32\EGDACCESS_1055.dll infected by "not-a-virus:PornWare.Dialer.InstantAccess" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\EGDial.dll tagged as not-a-virus:RiskWare.Dialer.E-Group.1017. No Action Taken.
File C:\WINDOWS\system32\HornyCam_at-uninstall.exe tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken.
File C:\WINDOWS\system32\msklive.dll infected by "Trojan-Spy.Win32.Mslagent" Virus. Action Taken: No Action Taken.

Vielleicht hilft dir das

lg, Gemini

@gemini

die dialer dateien auf diskette speichern zwecks beweismittel, wenn du jedoch mit reinem DSL unterwegs bist brauchst du das nicht zu tun.
wechsle danach in den abgesicherten modus und lösche manuell
C:\WINDOWS\installer[gwd-10188,de].exe
C:\WINDOWS\installer[gwd-11283,de].exe
C:\WINDOWS\installer[p2p-10114,de].exe
C:\WINDOWS\installer[p2p-10114,d].exe
C:\WINDOWS\tmlpmg.exe
C:\WINDOWS\system32\EGAUTH.dll
C:\WINDOWS\system32\EGCOMSERVICE2.dll
C:\WINDOWS\system32\EGDACCESS_1055.dll
C:\WINDOWS\system32\HornyCam_at-uninstall.exe
C:\WINDOWS\system32\msklive.dll
neu booten, neues HJT logfile posten

chaosman

Danke, Chaosman!

Hier ist das neue Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 17:53:30, on 20.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\desk98.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\viewport.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\LVComS.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\VIA\RAID\raid_tool.exe
C:\Programme\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\DOKUME~1\Ernst\LOKALE~1\Temp\Temporäres Verzeichnis 6 für hijackthis_199.zip\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.at/0SEDEAT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.at/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Programme\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DMS-Kalenderchen] C:\Dokumente und Einstellungen\Ernst\Eigene Dateien\programme\Kalenderchen1\Kalenderchen.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HydraVisionViewport] viewport.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1026.dll,InstantAccess
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: raid_tool.exe.lnk = C:\Programme\VIA\RAID\raid_tool.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Programme\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03736cea...dxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1088447493187
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19B71144-9776-4C01-8CD2-AF7ABE75A614}: NameServer = 212.152.182.10,195.70.224.61
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Leider bekomme ich die Meldung:

"Fehler beim Laden von
p2esocks_1026.dll
Modul wurde nicht gefunden"

nach dem Neustart immer noch.

Mit lieben Grüßen,
Gemini

@gemini
wechsle in den abgesicherten modus und fixe mit HJT
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1026.dll,InstantAccess

neu booten, neues HJT logfile posten

chaosman

Hallo, zusammen!

Ich habe jetzt auch dieses gefixt.

Das neue Logfile von HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 17:26:02, on 23.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\desk98.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\viewport.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\VIA\RAID\raid_tool.exe
C:\Programme\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Microsoft Office\Office10\POWERPNT.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\DOKUME~1\Ernst\LOKALE~1\Temp\Temporäres Verzeichnis 10 für hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.at/0SEDEAT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.at/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Programme\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DMS-Kalenderchen] C:\Dokumente und Einstellungen\Ernst\Eigene Dateien\programme\Kalenderchen1\Kalenderchen.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HydraVisionViewport] viewport.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: raid_tool.exe.lnk = C:\Programme\VIA\RAID\raid_tool.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Programme\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03736cea...dxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1088447493187
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19B71144-9776-4C01-8CD2-AF7ABE75A614}: NameServer = 212.152.182.10,195.70.224.61
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Bekomme auch diese Fehlermeldung nicht mehr.

e.scan bringt folgende Meldungen im der Virus Log Information:

File C:\Program Files\MaxALERT\bsaveinstwm.exe infected by "not-a-virus:AdWare.SaveNow.k" Virus. Action Taken: No Action Taken.
File C:\Programme\IncrediMail\incredimail_install.exe tagged as not-a-virus:RiskWare.Downloader.ImLoader.b. No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\0AEF69A9 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\0C9C03AE infected by "Email-Worm.Win32.Zafi.d" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\14CE6C86.zlq infected by "Backdoor.Win32.Hackarmy.gen" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\21C23D20 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\2D9D69FE infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\35EA5EF3 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\46C645A6.txt infected by "Trojan-Downloader.Win32.Stardler.a" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\564C4E66 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\56841828 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\56CC33D9 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\56DC05C7 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\56EC57B5 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\5D123E23 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\5D5D03D0 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\64C113DB infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\66F00A08.htm infected by "Trojan-Downloader.JS.Small.d" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\66F77BDE infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6C8155AB infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6CB81F6E infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6CE66B3C infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6DB00B4B infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6E0124F1 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6E566894 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6E606689 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6E6D0E7A infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6EAB2C36 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6ECC5012 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6ED97804 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6F2113B5 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6F243DB1 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6F3165A3 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6F55337B infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6F682F66 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6F837F49 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6F992530 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6FAD211A infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\6FCA1AFA infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\70050EB9 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\700C62B2 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\70B23FFB infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\70DC26CE infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\71664535 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\7170432A infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\71D802B7 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\72267261 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\72D079A6 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\73603108 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\73C54699 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\73D94283 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\755A1CDB infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\75B20A7A infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\75DD2C4B infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\76042420 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\768D0789 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\770C6CFD infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\7792266A infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\77997A63 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\779C245F infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\77CA702D infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\77D04425 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\79A76220 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\79B40A12 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\7A264794 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\7A3D6D7B infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\7AE34AC3 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\7B35646A infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\7CC710B0 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\7D1C5452 infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\7D6719FF infected by "Email-Worm.Win32.Sober.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{A1284649-2459-4CC7-A301-5E20EDCAD98F}\RP1\A0001037.exe infected by "not-a-virus:PornWare.Dialer.Star" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{A1284649-2459-4CC7-A301-5E20EDCAD98F}\RP1\A0001038.exe tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken.
File C:\System Volume Information\_restore{A1284649-2459-4CC7-A301-5E20EDCAD98F}\RP1\A0001039.exe infected by "not-a-virus:PornWare.Dialer.Intexdial" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{A1284649-2459-4CC7-A301-5E20EDCAD98F}\RP1\A0001040.exe tagged as not-a-virus:RiskWare.Dialer.Stardialer. No Action Taken.
File C:\System Volume Information\_restore{A1284649-2459-4CC7-A301-5E20EDCAD98F}\RP1\A0001041.exe infected by "not-a-virus:PornWare.Dialer.Star" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{A1284649-2459-4CC7-A301-5E20EDCAD98F}\RP1\A0001042.exe infected by "Trojan-Downloader.Win32.Wintrim.cd" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{A1284649-2459-4CC7-A301-5E20EDCAD98F}\RP1\A0001043.dll infected by "Trojan-Spy.Win32.Mslagent" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{A1284649-2459-4CC7-A301-5E20EDCAD98F}\RP1\A0001044.dll infected by "Trojan.Win32.P2E.al" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{A1284649-2459-4CC7-A301-5E20EDCAD98F}\RP1\A0001045.dll tagged as not-a-virus:RiskWare.Dialer.E-Group.b. No Action Taken.
File C:\System Volume Information\_restore{A1284649-2459-4CC7-A301-5E20EDCAD98F}\RP1\A0001046.dll infected by "not-a-virus:PornWare.Dialer.InstantAccess" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{A1284649-2459-4CC7-A301-5E20EDCAD98F}\RP2\A0001188.dll tagged as not-a-virus:RiskWare.Dialer.E-Group.1017. No Action Taken.
File C:\System Volume Information\_restore{A1284649-2459-4CC7-A301-5E20EDCAD98F}\RP2\A0001189.dll tagged as not-a-virus:RiskWare.Dialer.E-Group.1046. No Action Taken.
File C:\System Volume Information\_restore{A1284649-2459-4CC7-A301-5E20EDCAD98F}\RP2\A0001516.exe infected by "not-a-virus:AdWare.SaveNow.k" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{A1284649-2459-4CC7-A301-5E20EDCAD98F}\RP2\A0001517.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{A1284649-2459-4CC7-A301-5E20EDCAD98F}\RP2\A0001519.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{A1284649-2459-4CC7-A301-5E20EDCAD98F}\RP2\A0001520.exe tagged as not-a-virus:RiskWare.Downloader.ImLoader.b. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\910000_211127_.exe717 infected by "Trojan.Win32.Dialer.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\910000_211151_.exe003 infected by "Trojan.Win32.Dialer.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\910000_211151_.exe325 infected by "Trojan.Win32.Dialer.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\910000_211151_.exe331 infected by "Trojan.Win32.Dialer.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\910000_211151_.exe746 infected by "Trojan.Win32.Dialer.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\comload.dll infected by "Trojan-Downloader.Win32.Axload.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\secureweb.ocx infected by "not-a-virus:Porn-Dialer.Win32.ALifeDialer" Virus. Action Taken: No Action Taken.

Sieht aus, als wäre da doch noch mehr los.

Kann mir weiterhin jemand helfen?

Tschüß, Gemini

... übrigens:

vielen lieben Dank für eure bisherige Hilfe

, Gemini

Hallo,
habe ich etwa irgend jemanden unbewusst beleidigt? - Wenn ja, dann tut es mir leid.

Vielleicht könnte mir jemand mit meinen Trojanern weiterhin helfen (Logfils siehe unten).

Liebe Grüße und ein schönes Wochenende an euch alle,
Gemini

@gemini

Zitat:

habe ich etwa irgend jemanden unbewusst beleidigt?

warum solche Frage?
Wenn ich deinen eScan -Log anschaue, kann ich deinem PC gar nicht vertrauen, denn es ist kein dein PC mehr (s, in meiner Signatur "The 10 Immutable..").
Aus dem Grund folge biite der Anleitung in meiner Signatur.

Guten Morgen, @gemini, leere mal den Quarantin Ordner von AntiVirus und danach sehen wir weiter.
LG, Charlie

Hallo, nochmal vielen Dank an alle.

@ Rene-gad: Ich habe mir diesen Link angesehen, aber ich muss zugeben, dass ich ca. die Hälfte davon verstehe (bin nicht so gut in Englisch)

@ Charlie1: den Quarantäne-Ordner habe ich geleert, hier ist das neue Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 17:23:57, on 27.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\desk98.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\viewport.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\WINDOWS\system32\LVComS.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\VIA\RAID\raid_tool.exe
C:\Programme\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Messenger\msmsgs.exe
C:\DOKUME~1\Ernst\LOKALE~1\Temp\Temporäres Verzeichnis 3 für hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.at/0SEDEAT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.at/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Programme\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DMS-Kalenderchen] C:\Dokumente und Einstellungen\Ernst\Eigene Dateien\programme\Kalenderchen1\Kalenderchen.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HydraVisionViewport] viewport.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: raid_tool.exe.lnk = C:\Programme\VIA\RAID\raid_tool.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Programme\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03736cea...dxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1088447493187
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19B71144-9776-4C01-8CD2-AF7ABE75A614}: NameServer = 212.152.182.10,195.70.224.61
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Soll ich noch irgend etwas fixen oder wäre es besser, den Rechner gleich neu aufzusetzen?

lg., Gemini

@gemini

Zitat:

Ich habe mir diesen Link angesehen, aber ich muss zugeben, dass ich ca. die Hälfte davon verstehe (bin nicht so gut in Englisch)

Anleitung zum Neuafsetzen des PC ist von Cidre in Hochdeutsch geschrieben.