Hallo,

ich hab mir leider den Smitfraud_C eingefangen. Bin dann auf dieses Forum hier gestoßen, und hab mich an die Anweisungen von cronos gehalten um diesen Virus zu entfernen.

Jetzt soll ich die Highjackthis-Logfile, die Ergebnisse von Escan und das Logfile von Smitrem hier posten.

Ich hoffe, dass mir jemand weiterhelfen kann. Bedanke mich auf jeden Fall bei allen, die es versuchen!!


Hier erstmal die Logfile von HighjackThis und von smitrem. Der Post war zu lang, die Ergebnisse von Escan stehen dann im nächsten!


Logfile of HijackThis v1.99.1
Scan saved at 19:01:15, on 24.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Classic PhoneTools\CapFax.EXE
C:\Programme\Medion\PowerCinema\My_TV\Agent.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\DitExp.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PGPsdkServ.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Tevion\ScanWizard 5\ScannerFinder.exe
C:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

h**p://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

h**p://www.bestwebslinks.com/search.php?qq=%1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.medion.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

h**p://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

h**p://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

h**p://www.bestwebslinks.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

h**p://www.bestwebslinks.com/
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Programme\Yahoo!\Messenger\ycomp.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Programme\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CapFax] C:\Programme\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [Agent] C:\Programme\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame

Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security

Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Tevion Scanner Finder.lnk = C:\Programme\Tevion\ScanWizard

5\ScannerFinder.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren -

res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -

C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -

C:\Programme\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra button: MedionShop - {36AF14E3-8E6A-413E-A01F-360900AD6802} -

h**p://www.medionshop.de (file missing) (HKCU)
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=h**p://www.medion.de
O16 - DPF: Yahoo! Chat - h**p://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -

h**p://www.cult3d.com/download/cult.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{41785D04-3EB2-4BF6-851B-F3664CA50215}: NameServer =

192.168.120.252,192.168.120.253
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin -

C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation -

C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation -

C:\WINDOWS\System32\PGPsdkServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame

Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe






smitRem log file
version 2.3

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

oleext.dll
wppp.html
intmonp.exe
msmsgs.exe
ole32vbs.exe
msole32.exe
shnlog.exe
intmon.exe
hhk.dll
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

uninstIU.exe
sites.ini
popuper.exe


~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN!

Die Ergebnisse von Escan sind immernoch zu groß ich splite sie also wieder in zwei Posts.

Hoffe, dass das auch alles richtig war, wie ich das gemacht hab.

Escan Teil 1:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Wed Aug 24 13:34:47 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Wed Aug 24 15:23:47 2005 => File C:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZNHJ39OS\wbk125.tmp infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:12 2005 => File C:\Programme\Norton AntiVirus\Quarantine\00A64927 infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:12 2005 => File C:\Programme\Norton AntiVirus\Quarantine\00C0190A infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:13 2005 => File C:\Programme\Norton AntiVirus\Quarantine\011D458F.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:13 2005 => File C:\Programme\Norton AntiVirus\Quarantine\01656140.class infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:13 2005 => File C:\Programme\Norton AntiVirus\Quarantine\01E54B74.jar infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:13 2005 => File C:\Programme\Norton AntiVirus\Quarantine\01E63EF8 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:13 2005 => File C:\Programme\Norton AntiVirus\Quarantine\01FD437A infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:13 2005 => File C:\Programme\Norton AntiVirus\Quarantine\05090E95 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:13 2005 => File C:\Programme\Norton AntiVirus\Quarantine\05975F69 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:13 2005 => File C:\Programme\Norton AntiVirus\Quarantine\05A40E01 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:13 2005 => File C:\Programme\Norton AntiVirus\Quarantine\063D47DB infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:14 2005 => File C:\Programme\Norton AntiVirus\Quarantine\09785FFB infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:14 2005 => File C:\Programme\Norton AntiVirus\Quarantine\0A9E15EB infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:14 2005 => File C:\Programme\Norton AntiVirus\Quarantine\0BA25301 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:14 2005 => File C:\Programme\Norton AntiVirus\Quarantine\0D1C08F1.class infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:14 2005 => File C:\Programme\Norton AntiVirus\Quarantine\0D6826C3 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:14 2005 => File C:\Programme\Norton AntiVirus\Quarantine\0D9B1E57 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:14 2005 => File C:\Programme\Norton AntiVirus\Quarantine\0DC200ED infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:14 2005 => File C:\Programme\Norton AntiVirus\Quarantine\0DE87500.htm infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:15 2005 => File C:\Programme\Norton AntiVirus\Quarantine\0E2201AF infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:15 2005 => File C:\Programme\Norton AntiVirus\Quarantine\0E7458C8 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:15 2005 => File C:\Programme\Norton AntiVirus\Quarantine\10C11AE5 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:15 2005 => File C:\Programme\Norton AntiVirus\Quarantine\123033D0.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:15 2005 => File C:\Programme\Norton AntiVirus\Quarantine\123607C9.exe infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:15 2005 => File C:\Programme\Norton AntiVirus\Quarantine\124A03B3.exe infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:15 2005 => File C:\Programme\Norton AntiVirus\Quarantine\124C3721 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:15 2005 => File C:\Programme\Norton AntiVirus\Quarantine\12976F13.class infected by "Trojan-Downloader.Java.OpenConnection.v" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:15 2005 => File C:\Programme\Norton AntiVirus\Quarantine\129A3481 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\12A54E7F infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\12C77EA9 infected by "Email-Worm.Win32.NetSky.c" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\138524CC infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\13BC4AB8.class infected by "Trojan-Downloader.Java.OpenConnection.v" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1478427E infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\149F5E85 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\14BD2B6A infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:16 2005 => File C:\Programme\Norton AntiVirus\Quarantine\150215D3 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:17 2005 => File C:\Programme\Norton AntiVirus\Quarantine\161142FE.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:17 2005 => File C:\Programme\Norton AntiVirus\Quarantine\161142FE.exe infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:17 2005 => File C:\Programme\Norton AntiVirus\Quarantine\161D045F infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:17 2005 => File C:\Programme\Norton AntiVirus\Quarantine\16216E6F infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:17 2005 => File C:\Programme\Norton AntiVirus\Quarantine\17123E89 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:17 2005 => File C:\Programme\Norton AntiVirus\Quarantine\191816E5 infected by "Email-Worm.Win32.NetSky.c" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1A482C1B infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1A734DEC infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1A8560A9 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1B21763B infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1B5D6BD9 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1B7067C3 infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1B8B37A6 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1B944CAD infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1B985F98 infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:18 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1BA83186 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1BBF576D infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1C30394B infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1CBD44CE infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1E4E2592.class infected by "Trojan-Downloader.Java.OpenConnection.v" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1F573F30 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1F952BF0 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:19 2005 => File C:\Programme\Norton AntiVirus\Quarantine\240D3F68 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:20 2005 => File C:\Programme\Norton AntiVirus\Quarantine\242D0012 infected by "Email-Worm.Win32.NetSky.b" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:20 2005 => File C:\Programme\Norton AntiVirus\Quarantine\243A0B35 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:20 2005 => File C:\Programme\Norton AntiVirus\Quarantine\24473327 infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:20 2005 => File C:\Programme\Norton AntiVirus\Quarantine\24BD7F55 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:20 2005 => File C:\Programme\Norton AntiVirus\Quarantine\24F414E8 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:20 2005 => File C:\Programme\Norton AntiVirus\Quarantine\253048BA infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:20 2005 => File C:\Programme\Norton AntiVirus\Quarantine\26382C1A infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:20 2005 => File C:\Programme\Norton AntiVirus\Quarantine\265B79F2 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:20 2005 => File C:\Programme\Norton AntiVirus\Quarantine\26AA5055 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:21 2005 => File C:\Programme\Norton AntiVirus\Quarantine\282E6B8A.htm infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:21 2005 => File C:\Programme\Norton AntiVirus\Quarantine\290323A8 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:21 2005 => File C:\Programme\Norton AntiVirus\Quarantine\29FA6E38 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:21 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2C372B04 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:21 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2C8474F3 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:21 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2CE07D74 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:21 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2CF7235A infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:21 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2D7F74B9.htm infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:21 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2DA34292.class infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:22 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2DDE752B infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:22 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2ED4082D infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:22 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2EF53B74 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:22 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2F2A468C infected by "Email-Worm.Win32.LovGate.p" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:22 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2F6221B6 infected by "Trojan-Dropper.Win32.Small.aaw" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:22 2005 => File C:\Programme\Norton AntiVirus\Quarantine\2F9F7545 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:22 2005 => File C:\Programme\Norton AntiVirus\Quarantine\30301F06.class infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:23 2005 => File C:\Programme\Norton AntiVirus\Quarantine\30471A18 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:23 2005 => File C:\Programme\Norton AntiVirus\Quarantine\32254FA2.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:23 2005 => File C:\Programme\Norton AntiVirus\Quarantine\32F23B79.class infected by "Exploit.Java.Bytverify" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:23 2005 => File C:\Programme\Norton AntiVirus\Quarantine\339C51F2 infected by "Email-Worm.Win32.LovGate.p" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:23 2005 => File C:\Programme\Norton AntiVirus\Quarantine\33EB11AF infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:23 2005 => File C:\Programme\Norton AntiVirus\Quarantine\34A371E1.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:23 2005 => File C:\Programme\Norton AntiVirus\Quarantine\35192F6F.jar infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:23 2005 => File C:\Programme\Norton AntiVirus\Quarantine\354C2C6E.jar infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:23 2005 => File C:\Programme\Norton AntiVirus\Quarantine\355D1068 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:23 2005 => File C:\Programme\Norton AntiVirus\Quarantine\358F16EE.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:23 2005 => File C:\Programme\Norton AntiVirus\Quarantine\35DD0697.class infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:24 2005 => File C:\Programme\Norton AntiVirus\Quarantine\35FD5644 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:24 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3621241D infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:24 2005 => File C:\Programme\Norton AntiVirus\Quarantine\36683F7B infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:24 2005 => File C:\Programme\Norton AntiVirus\Quarantine\36C453F8 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:24 2005 => File C:\Programme\Norton AntiVirus\Quarantine\37FB4BAC infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:24 2005 => File C:\Programme\Norton AntiVirus\Quarantine\383A2704 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:24 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3A8968F1 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:25 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3AE80740.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:25 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3AF52F31.exe infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:25 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3AF8592E.exe infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:25 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3E5B6F08 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:25 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3F3C6C21 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:25 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3FF22181 infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:25 2005 => File C:\Programme\Norton AntiVirus\Quarantine\40691CAF infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:26 2005 => File C:\Programme\Norton AntiVirus\Quarantine\422437D3 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:26 2005 => File C:\Programme\Norton AntiVirus\Quarantine\43207A4E infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:26 2005 => File C:\Programme\Norton AntiVirus\Quarantine\44047846 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:26 2005 => File C:\Programme\Norton AntiVirus\Quarantine\44AC0DC1 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:26 2005 => File C:\Programme\Norton AntiVirus\Quarantine\45606C2A infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:26 2005 => File C:\Programme\Norton AntiVirus\Quarantine\45E400EE infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:26 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4696578F infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:26 2005 => File C:\Programme\Norton AntiVirus\Quarantine\47554F2B infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.

Escan Teil 2:

Wed Aug 24 15:45:27 2005 => File C:\Programme\Norton AntiVirus\Quarantine\48C76B97 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:27 2005 => File C:\Programme\Norton AntiVirus\Quarantine\48DE117E infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:27 2005 => File C:\Programme\Norton AntiVirus\Quarantine\48F53765 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:27 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4908334F infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:27 2005 => File C:\Programme\Norton AntiVirus\Quarantine\490A101B infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:27 2005 => File C:\Programme\Norton AntiVirus\Quarantine\49BE0B52 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:27 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4A0D3B62 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:27 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4A293A08 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:28 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4C2F33A3 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:28 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4D571F0C infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:28 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4E9D58C6.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:28 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4EA002C2.exe infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:28 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4EC87A97.exe infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:28 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4F926AE3 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:28 2005 => File C:\Programme\Norton AntiVirus\Quarantine\4FE47083 infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:29 2005 => File C:\Programme\Norton AntiVirus\Quarantine\509A27EE infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:29 2005 => File C:\Programme\Norton AntiVirus\Quarantine\52D04073 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:29 2005 => File C:\Programme\Norton AntiVirus\Quarantine\53063049 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:29 2005 => File C:\Programme\Norton AntiVirus\Quarantine\544042E1 infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:29 2005 => File C:\Programme\Norton AntiVirus\Quarantine\545D3CC0 infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:29 2005 => File C:\Programme\Norton AntiVirus\Quarantine\54770CA3 infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:29 2005 => File C:\Programme\Norton AntiVirus\Quarantine\54DF021A infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:30 2005 => File C:\Programme\Norton AntiVirus\Quarantine\558B47B7 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:30 2005 => File C:\Programme\Norton AntiVirus\Quarantine\564E1C96 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:30 2005 => File C:\Programme\Norton AntiVirus\Quarantine\56577464 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:30 2005 => File C:\Programme\Norton AntiVirus\Quarantine\56886A2E infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:30 2005 => File C:\Programme\Norton AntiVirus\Quarantine\56951220 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:30 2005 => File C:\Programme\Norton AntiVirus\Quarantine\56A23A11 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:31 2005 => File C:\Programme\Norton AntiVirus\Quarantine\56FD25F1 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:31 2005 => File C:\Programme\Norton AntiVirus\Quarantine\571C1062 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:31 2005 => File C:\Programme\Norton AntiVirus\Quarantine\576475D7 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:31 2005 => File C:\Programme\Norton AntiVirus\Quarantine\579241A4 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:31 2005 => File C:\Programme\Norton AntiVirus\Quarantine\581C533E infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:31 2005 => File C:\Programme\Norton AntiVirus\Quarantine\585B7B23 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:31 2005 => File C:\Programme\Norton AntiVirus\Quarantine\58754B07 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:31 2005 => File C:\Programme\Norton AntiVirus\Quarantine\588272F8 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:32 2005 => File C:\Programme\Norton AntiVirus\Quarantine\588F1AEA infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:32 2005 => File C:\Programme\Norton AntiVirus\Quarantine\589F6CD8 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:32 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5ADA3BF7 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:32 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5B310996 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:32 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5B470C0F infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:32 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5B5A3AD7 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:32 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5B5C2B67 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:33 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5B627F60 infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:33 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5B8E5A9E infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:33 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5C0E4012 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:33 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5C366487 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:33 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5C545E67 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:33 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5C6B044D infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:33 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5D631B13.jar infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:33 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5DE258A7 infected by "Email-Worm.Win32.LovGate.p" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:34 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5E005286 infected by "Email-Worm.Win32.LovGate.p" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:34 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5E59186A infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:34 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5E73684E infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:34 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5E8A0E35 infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:34 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5E936047 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:34 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5EB05A26 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:34 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5EB75C51 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:34 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5F6B518A infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:35 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5F9842C4 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:35 2005 => File C:\Programme\Norton AntiVirus\Quarantine\5FCD3D1E infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:35 2005 => File C:\Programme\Norton AntiVirus\Quarantine\61CA3B0D infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:35 2005 => File C:\Programme\Norton AntiVirus\Quarantine\61D453EE infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:35 2005 => File C:\Programme\Norton AntiVirus\Quarantine\627274B9 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:35 2005 => File C:\Programme\Norton AntiVirus\Quarantine\62A47FEA infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:36 2005 => File C:\Programme\Norton AntiVirus\Quarantine\63402B26 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:36 2005 => File C:\Programme\Norton AntiVirus\Quarantine\656723AF infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:36 2005 => File C:\Programme\Norton AntiVirus\Quarantine\658B4FA2 infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:36 2005 => File C:\Programme\Norton AntiVirus\Quarantine\65ED3B37 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:36 2005 => File C:\Programme\Norton AntiVirus\Quarantine\66013721 infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:36 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6615330B infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:36 2005 => File C:\Programme\Norton AntiVirus\Quarantine\66BF6511.exe infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:36 2005 => File C:\Programme\Norton AntiVirus\Quarantine\675709D8 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:36 2005 => File C:\Programme\Norton AntiVirus\Quarantine\68103C91 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:36 2005 => File C:\Programme\Norton AntiVirus\Quarantine\68127F59 infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:37 2005 => File C:\Programme\Norton AntiVirus\Quarantine\68225147 infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:37 2005 => File C:\Programme\Norton AntiVirus\Quarantine\682D3671 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:37 2005 => File C:\Programme\Norton AntiVirus\Quarantine\683A0866 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:37 2005 => File C:\Programme\Norton AntiVirus\Quarantine\69F8774C infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:37 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6B0C746D infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:38 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6CDE58BF infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:38 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6DA61DA8 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:38 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6DB9532E infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:38 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6DCA6B81 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:38 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6E4D7D90 infected by "Email-Worm.Win32.NetSky.c" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:38 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6EDE41A9 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:38 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6EEC2C4D infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:38 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6EEE7209 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:39 2005 => File C:\Programme\Norton AntiVirus\Quarantine\712C6398 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:39 2005 => File C:\Programme\Norton AntiVirus\Quarantine\74776194 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:39 2005 => File C:\Programme\Norton AntiVirus\Quarantine\75495DB9 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:39 2005 => File C:\Programme\Norton AntiVirus\Quarantine\76084372 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:39 2005 => File C:\Programme\Norton AntiVirus\Quarantine\76DA521F infected by "Email-Worm.Win32.NetSky.c" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:39 2005 => File C:\Programme\Norton AntiVirus\Quarantine\77B42947 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:39 2005 => File C:\Programme\Norton AntiVirus\Quarantine\78793059 infected by "Email-Worm.Win32.NetSky.c" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:39 2005 => File C:\Programme\Norton AntiVirus\Quarantine\79881E80 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:40 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7B6005BE infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:40 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7B6E097C infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:40 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7B772BA4 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:40 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7B925754 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:40 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7D3233AA infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:40 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7D5F2E00 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:40 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7D71099A.jar infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:40 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7D9056F4.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:41 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7E716F27 infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 15:45:41 2005 => File C:\Programme\Norton AntiVirus\Quarantine\7F800DCD infected by "Email-Worm.Win32.Klez.h" Virus! Action Taken: No Action Taken.
Wed Aug 24 17:05:15 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Wed Aug 24 16:55:21 2005 => File D:\Tools\DivX Video\DivX502Bundle.exe tagged as "not-a-virus:AdWare.Bonzo.b". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Wed Aug 24 17:05:15 2005 => Total Virus(es) Found: 226
Wed Aug 24 17:05:15 2005 => Total Errors: 246
Wed Aug 24 17:05:15 2005 => Time Elapsed: 03:29:09
Wed Aug 24 17:05:15 2005 => Total Objects Scanned: 187902
Wed Aug 24 11:18:49 2005 => Virus Database Date: 2005/08/22
Wed Aug 24 13:32:37 2005 => Virus Database Date: 2005/08/22
Wed Aug 24 17:05:15 2005 => Virus Database Date: 2005/08/22
Wed Aug 24 18:44:31 2005 => Virus Database Date: 2005/08/22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

mann mann mann da hast du dir aber ne emailwurm-sammlung zugelegt.
leere mal den quarantäne-ordner von norton antivirus. (also in den ordner C:\Programme\Norton AntiVirus\Quarantine\ gehen, einfach alles markieren und löschen)

du solltest aber dies zuerst durchführen:
-extras -> ordneroptionen
-ansicht
-geschützte systemdateien ausblenden (haken weg)
-inhalte von systemordnern anzeigen (haken hin)
-alle dateien und ordner anzeigen (selektieren)

dann lösche mal diese dateien im abgesicherten modus (falls noch vorhanden):
im ordner c:\windows\system32
die dateien:
oleext.dll
wppp.html
intmonp.exe
msmsgs.exe
ole32vbs.exe
msole32.exe
shnlog.exe
intmon.exe
hhk.dll
logfiles

im ordner c:\windows diese dateien:
uninstIU.exe
sites.ini
popuper.exe


dann fixe mal diese einträge: (ebenfalls abgesicherter modus)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
h**p://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
h**p://www.bestwebslinks.com/search.php?qq=%1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.medion.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
h**p://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
h**p://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
h**p://www.bestwebslinks.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
h**p://www.bestwebslinks.com/
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - (no file)
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe

poste anschließend ein neues HJT-Logfile.

Zitat:

dann lösche mal diese dateien im abgesicherten modus (falls noch vorhanden):
im ordner c:\windows\system32
die dateien:
oleext.dll
wppp.html
intmonp.exe
msmsgs.exe
ole32vbs.exe
msole32.exe
shnlog.exe
intmon.exe
hhk.dll
logfiles

im ordner c:\windows diese dateien:
uninstIU.exe
sites.ini
popuper.exe

Die sollten nicht mehr vorhanden sein!

ach der zeigt was er löscht? oO das is ja n luxus!
bei escan darf man die dinger einzeln löschen.
naja bin hald noch die spartanischen progs gewöhnt

Zitat:

Zitat von Chris14

ach der zeigt was er löscht? oO das is ja n luxus!

Jepp!

Zitat:

bei escan darf man die dinger einzeln löschen.

Nur in der Billigheimer Variante.

Zitat:

naja bin hald noch die spartanischen progs gewöhnt

Nun ja, du als ME User ... .

Zitat:

Zitat von Cronos

Nun ja, du als ME User ... .

Jop, man hats als Multierror User nicht so einfach

Was hat Haui jetzt damit zu tun?

oO ich verwechsel euch beide dauernd. kA wieso oO

@ chris

das fasse ich als kompliment auf!
Aber nun BTT!

Erst mal danke, dass so schnell geantwortet wurde!!!

Ich hab jetzt das gemacht, was mir Chris14 gesagt hat. Hoffe mal, dass es das bald war.

Hier mein neues HJT-Logfile:


Logfile of HijackThis v1.99.1
Scan saved at 23:38:18, on 24.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PGPsdkServ.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Classic PhoneTools\CapFax.EXE
C:\Programme\Medion\PowerCinema\My_TV\Agent.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Tevion\ScanWizard 5\ScannerFinder.exe
C:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\HiJackThis\HijackThis.exe

O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Programme\Yahoo!\Messenger\ycomp.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Programme\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CapFax] C:\Programme\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [Agent] C:\Programme\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame

Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security

Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Tevion Scanner Finder.lnk = C:\Programme\Tevion\ScanWizard

5\ScannerFinder.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren -

res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -

C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -

C:\Programme\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra button: MedionShop - {36AF14E3-8E6A-413E-A01F-360900AD6802} -

h**p://www.medionshop.de (file missing) (HKCU)
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=h**p://www.medion.de
O16 - DPF: Yahoo! Chat - http://h***://us.chat1.yimg.com/us.y.../c381/chat.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -

h**p://www.cult3d.com/download/cult.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{41785D04-3EB2-4BF6-851B-F3664CA50215}: NameServer =

192.168.120.252,192.168.120.253
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin -

C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation -

C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation -

C:\WINDOWS\System32\PGPsdkServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame

Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Fixe zusätzlich folgende Einträge (wie immer im abgesicherten Modus):

O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Programme\Yahoo!\Messenger\ycomp.dll (file missing)
O9 - Extra button: MedionShop - {36AF14E3-8E6A-413E-A01F-360900AD6802}
h**p://www.medionshop.de (file missing) (HKCU)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -h**p://www.cult3d.com/download/cult.cab

Bereinige deine Registry mit Regseeker .

Poste danach ein aktuelles Logfile.

So, hab die Einträge gefixt.

Ob ich das mit dem Registry bereinigen richtig gemacht hab, weiß ich nicht so genau. Hab das auch im abgesicherten Modus gemacht, und alle Sachen die das Programm gefunden hat, gelöscht.

Hier das neue Logfile:


Logfile of HijackThis v1.99.1
Scan saved at 00:43:45, on 25.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Classic PhoneTools\CapFax.EXE
C:\Programme\Medion\PowerCinema\My_TV\Agent.exe
C:\WINDOWS\DitExp.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\PGPsdkServ.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Tevion\ScanWizard 5\ScannerFinder.exe
C:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CapFax] C:\Programme\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [Agent] C:\Programme\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame

Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security

Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Tevion Scanner Finder.lnk = C:\Programme\Tevion\ScanWizard

5\ScannerFinder.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren -

res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -

C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -

C:\Programme\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=h**p://www.medion.de
O16 - DPF: Yahoo! Chat - h**p://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{41785D04-3EB2-4BF6-851B-F3664CA50215}: NameServer =

192.168.120.252,192.168.120.253
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin -

C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation -

C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation -

C:\WINDOWS\System32\PGPsdkServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame

Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Ich würde dich nun zunächst darum bitten dein System upzudaten!

Service Pack 2 gibts unter eben genanntem Link.
Danach nochmal ein www.windowsupdate.com besuchen und alle wichtigen Updates installieren.
Danach melde dich mit einem Escan- und HJT-Log!