Guten Abend,nachdem ich mir die ganze Nacht um die Ohren geschlagen habe bin ich kurz davor mein System wieder neu aufzusetzen.Habe das vorinstallierte Norton laufen lassen, der fand nichts. Den Escan habe ich auch scannen lassen.Nun bin ich völlig durcheinander.Nachdem ich gestern neu aufgesetzt hatte, liess ich scannen.Escan fand 3 Vieren. Ebenso,als ich im abgesicherten Modus habe scannen lassen.Habe dann einen Registry-Eintrag gelöscht,so das nur noch eine Art Wurm angezeigt wurde.Nachdem ich ihn heute nochmal drüber laufen ließ, zeigte mir Escan plötzlich 7 Vieren an. Dabei bin ich mit dem NB doch garnicht im Inet gewesen.Wie kann das sein?Etliche offene Ports von syvhost.exe zeigt er mir auch an.Ich poste erst mal das Logfile.Bitte,bitte um Hilfe.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:28:49, on 27.08.2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16386)Boot mode: NormalRunning processes:c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\RtHDVCpl.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\WINDOWS\System32\rundll32.exeC:\WINDOWS\System32\rundll32.exeC:\WINDOWS\System32\wpcumi.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Windows\system32\taskeng.exeC:\Program Files\Hewlett-Packard\Shared\HpqToaster.exeC:\Windows\system32\mmc.exeC:\Users\roshni\AppData\Local\Temp\mexe.comC:\Windows\system32\notepad.exeC:\Windows\regedit.e xeC:\Users\roshni\AppData\Local\Temp\viewtcp.exeC:\Windows\system32\taskmgr.exeC:\Users\roshni\Desktop\hijack\prüfung.com.exeC:\Windows\system32\DllHo st.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dllO2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dllO3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeO4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeO4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeO4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeO4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStartO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModuleO4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exeO4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -schedulerO4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dllO10 - Unknown file in Winsock LSP: bmnet.dllO10 - Unknown file in Winsock LSP: bmnet.dllO10 - Unknown file in Winsock LSP: bmnet.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dllO13 - Gopher Prefix: O20 - AppInit_DLLs: APSHook.dllO23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\Windows\system32\bmwebcfg.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exeO23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exeO23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe--End of file - 8334 bytes

Hier geht es weiter für dich -> http://www.trojaner-board.de/42646-d...n-ist-das.html

Was habe ich denn jetzt für ein Mist gemacht?Hier noch das Logfile von EscanMon Aug 27 02:12:45 2007 => Offending file found: C:\Users\roshni\AppData\Local\Temp\symlcsv1.exeMon Aug 27 02:12:45 2007 => System found infected with freespyscannerandremover Corrupted Adware/Spyware (symlcsv1.exe)! Action taken: Keine Aktion vorgenommen. Mon Aug 27 02:12:45 2007 => Offending file found: C:\Users\roshni\AppData\Local\temp\symlcsv1.exeMon Aug 27 02:12:45 2007 => System found infected with freespyscannerandremover Corrupted Adware/Spyware (symlcsv1.exe)! Action taken: Keine Aktion vorgenommen. Mon Aug 27 02:12:53 2007 => Checking MountPoints2 Registry Key...Mon Aug 27 02:12:53 2007 => Executable Command Found in {4f57e3f1-5422-11dc-81b5-001b2445f68e}\shell\Autoplay\DropTarget\AutoRun\command: H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exeMon Aug 27 02:12:53 2007 => Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f57e3f1-5422-11dc-81b5-001b2445f68e} !!!Mon Aug 27 02:12:53 2007 => Object "Possible Fujacks-type Worm" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen.