Hier als neues Thema. Es geht um Spyaxe. Ich habe versucht die Anleitung in einem anderen Threat(?) zu befolgen, aber irgendwie hat das bei mir nicht geklappt. Soll ich alle Programme nochmal deinstallieren und nochmal von vorn anfangen?
Dieses Spyaxe soll ja ein AntiVir Prog sein, allerdigs hatte ich es schon wieder deinstalliert(es installiert sich ja immer wieder neu, von allein).
Thx schonmal für Hilfe

Poste bitte zuerst ein HijackThis-Logfile zusammen mit einem Silent-Runners-Logfile.

OK, hier der HiJack:
Logfile of HijackThis v1.99.1
Scan saved at 15:18:46, on 30.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ahead\InCD\InCD.exe
C:\WINDOWS\SOINTGR.EXE
C:\Programme\Lexmark 6200 Series\lxbumon.exe
C:\Programme\Lexmark 6200 Series\ezprint.exe
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
C:\PROGRA~1\eScan\SPOOLER.EXE
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\eScan\kavss.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\FlexLM\lmgrd.exe
C:\PROGRA~1\eScan\avpm.exe
C:\FlexLM\LMG.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\PROGRA~1\eScan\AvpM.exe
C:\Programme\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\DOKUME~1\LARSKU~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startseite.de/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp6031.tmp
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programme\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE"
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Programme\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Programme\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\Trojancheck 6\tcguard.exe
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Programme\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'mwtsp.dll' missing
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B8634A6E-38D5-4AAE-8708-3F3DB92FF9D0} (NTR Activex 1.0.8) - http://www.inquiero.com/inquiero/mod/setup/ntractivex108.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6196F914-62C6-4BB2-AFD0-BC3550272EB3}: NameServer = 217.237.149.161 217.237.151.225
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O23 - Service: eScan Server-Updater (eScan-trayicos) - MWTI2 - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: FLEXlm License Server - Unknown owner - C:\FlexLM\lmgrd.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

und hier das Silent Runners:
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"msnmsgr" = ""C:\Programme\MSN Messenger\MsnMsgr.Exe" /background" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"wininet.dll" = "mscornet.exe" [null data]
"nvctrl.exe" = "nvctrl.exe" [file not found]
"kernel32.dll" = "C:\WINDOWS\system32\mssearchnet.exe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"FaxCenterServer" = ""C:\Programme\Lexmark Fax Solutions\fm3032.exe" /s" [null data]
"LWBMOUSE" = "C:\Programme\Tech\Wheel Mouse\5.3\MOUSE32A.EXE" [file not found]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Avance Logic, Inc."]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"InCD" = "C:\Programme\ahead\InCD\InCD.exe" ["Copyright (C) ahead software gmbh and its licensors"]
"SO5 Integrator Pass Two" = "C:\WINDOWS\SOINTGR.EXE" [null data]
"AVK Mail Checker" = ""C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE"" ["G DATA Software AG"]
"lxbumon.exe" = ""C:\Programme\Lexmark 6200 Series\lxbumon.exe"" ["Lexmark International, Inc."]
"EzPrint" = ""C:\Programme\Lexmark 6200 Series\ezprint.exe"" ["Lexmark International Inc."]
"LXBUCATS" = "rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16" [MS]
"Trojancheck 6 Guard" = "C:\Programme\Trojancheck 6\tcguard.exe" [empty string]
"(Default)" = (empty string)
"MailScan Dispatcher" = ""C:\Programme\eScan\LAUNCH.EXE"" ["MicroWorld Technologies Inc."]
"eScan Updater" = "C:\PROGRA~1\eScan\TRAYICOS.EXE /App" ["MicroWorld Technologies Inc."]
"eScan Monitor" = "C:\PROGRA~1\eScan\AVPMWrap.EXE" ["MicroWorld Technologies Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{e0103cd4-d1ce-411a-b75b-4fec072867f4}\(Default) = "HomepageBHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hp6031.tmp" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{D3796116-94D3-4009-96D7-51578411CC7D}" = "Outpost Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\oshdlr.dll" [file not found]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universelle Plug & Play-Geräte"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssflwbox.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
mwtsp.dll ["MicroWorld Technologies Inc."], 01 - 28, 57
%SystemRoot%\system32\mswsock.dll [MS], 29 - 31, 34 - 56
%SystemRoot%\system32\rsvpsp.dll [MS], 32 - 33


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Einfache TCP/IP-Dienste, SimpTcp, "C:\WINDOWS\System32\tcpsvcs.exe" [MS]
eScan Monitor Service, KAVMonitorService, "C:\PROGRA~1\eScan\avpm.exe /service" ["Kaspersky Labs."]
eScan Server-Updater, eScan-trayicos, "C:\PROGRA~1\eScan\TRAYSSER.EXE" ["MWTI2"]
FLEXlm License Server, FLEXlm License Server, "C:\FlexLM\lmgrd.exe" [null data]
IPv6-Hilfsdienst, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
lxbu_device, lxbu_device, "C:\WINDOWS\system32\lxbucoms.exe -service" ["Lexmark International, Inc."]
RIP-Überwachung, Iprip, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\iprip.dll" [MS]}


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
6200 Series Port\Driver = "lxbulmpm.DLL" ["Lexmark International, Inc."]
HPO00108\Driver = "HPOLPM08.DLL" [file not found]
Lexmark Print-2-Fax Port\Driver = "LXPRMON.DLL" [null data]
LPR Port\Driver = "lprmon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 26 seconds, including 4 seconds for message boxes)

Hallo,

lade und aktualisiere eine Testversion von ewido. Noch nicht scannen.

Lade SmitfraudFix herunter -> Entpacke es-> Starte die smitfraudfix.cmd-> Option 1 wählen-> Logfile posten
Starte den PC im abgesicherten Modus.
Starte Smitfraudfix noch mal-> Option 2-> Fragen mit "O" (oui) beantworten.

Scanne mit ewido im abgesicherten Modus, lass das, was er findet löschen und speichere den Report.

Neustart & neues HijackThis-Log & die Ergebnisse von ewido sowie Smitfraudfix posten.

Soll ich die anderen scanner und so alle drauf lassen?

Ich sehe nur einen Scanner und das ist eScan.
ewido ist ein Ergänzungspodukt zu AV-Software, es sollte also keine Probleme geben.