Bitte um Analyse meines Logfiles
 

Mein PC sendet, sobald er online ist, massenweise Spammails (im Subject steht immer nur "Re:"), allerdings nicht über mein E-Mail-Programm (TheBat), sondern offensichtilich mit einer eigenen SMTP-Einrichtung.

Norton Antivirus popt jedenfalls tausende Fenster auf mit der Meldung "Ausgehend E-Mail wird geprüft", bis der ganze Screen damit übersäht ist.

Diverse Scanner habe ich nun über den Rechner laufen lassen, alle haben auch irgendetwas gefunden, aber das Teil ist hartnäckig.

Mit Hijackthis habe ich nun untenstehendes Logfile erstellt.

Wer kann mir bei der Analyse helfen, bzw. sagen, was nun zu tun ist? Für jeden Hinweis, wäre ich sehr dankbar!

Ciao, Pfeife

Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 12:25:29, on 11.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\Programme\ewido anti-malware\ewidoguard.exe
C:\apache\mysql\bin\mysqld-nt.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programme\Eset\nod32krn.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SCARDS32.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\Fast.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\IconSaver\IconSaver.exe
C:\WINDOWS\System32\fast.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Trojancheck 6\tcguard.exe
C:\Programme\Sony Handheld\HOTSYNC.EXE
C:\Programme\klickIdent Herbst 2005\klickIdentPP.exe
C:\Programme\Sony Handheld\USBSwt.exe
C:\Programme\ewido anti-malware\securitysuite.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\OPScan.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Dokumente und Einstellungen\T**\Desktop\Windows XP Update\Hijackthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PreispiratenSearchURL - {0B660087-931C-4056-A04F-0423890E40B6} - C:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {6C23079E-34ED-4913-0CAD-4CA5D9F7B198} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: metaspinner media GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\Preispiraten\Preispiraten2\IEButtonAmazonInterface.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {BBE59AF5-EE22-4A3A-AB26-3F774D1B4216} - C:\Programme\FolderBox\FolderBox.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: metaspinner media GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\Preispiraten\Preispiraten2\IEButtonEBayInterface.dll
O2 - BHO: metaspinner media GmbH - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - C:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [IconSaver] "C:\Programme\IconSaver\IconSaver.exe"
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\System32\bgswitch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\Trojancheck 6\tcguard.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [klickIdentPP.exe"] "C:\Programme\klickIdent Herbst 2005\klickIdentPP.exe"
O4 - Startup: HotSync Manager.lnk = C:\Programme\Sony Handheld\HOTSYNC.EXE
O4 - Startup: klickIdent 15.lnk = C:\Programme\klickIdent Herbst 2005\klickIdentPP.exe
O4 - Startup: SonyPDA USB Switcher.lnk = C:\Programme\Sony Handheld\USBSwt.exe
O8 - Extra context menu item: &Google-Suche - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten\\Preispiraten2\\preispiraten.html
O8 - Extra context menu item: amazon Suche - C:\Programme\Preispiraten\Preispiraten2\Searchamazon.htm
O8 - Extra context menu item: amazon Suche starten - C:\Programme\Preispiraten\Preispiraten2\Searchamazon.htm
O8 - Extra context menu item: eBay - Mein eBay - C:\Programme\Preispiraten\Preispiraten2\SearchEbaymein.htm
O8 - Extra context menu item: eBay - Powersuche - C:\Programme\Preispiraten\Preispiraten2\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Startseite - C:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm
O8 - Extra context menu item: eBay Suche starten - C:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm
O8 - Extra context menu item: Google AdSense Preview Tool - h**p://pagead2.googlesyndication.com/pagead/preview/en/preview.html
O8 - Extra context menu item: Google Suche - C:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm
O8 - Extra context menu item: Google Suche starten - C:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Preispiraten 2.5 - {2638A03E-1669-43BE-8119-B47087629A7F} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programme\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programme\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .sib: C:\Programme\Internet Explorer\PLUGINS\NPSibelius.dll
O14 - IERESET.INF: START_PAGE_URL=h**p://www.spartipps.com/
O16 - DPF: Yahoo! Chat - h**p://cs5.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - h**p://site.ebrary.com/support/plugins/ebraryRdr.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - h**ps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=h**p://www2.minolta.de/foto/a1de/09_2.html
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - h**p://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - h**p://172.16.7.100/wfica.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - h**p://download.ebay.com/turbo_lister/DE/install.cab
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - h**ps://banking.seb.de/hbci/plugin/AXFOAM.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - h**p://cs6.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - h**p://otx.ifilm.com/OTXMedia/OTXMedia.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - h**p://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095436890020
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - h**p://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - h**p://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - h**p://toolbar.google.com/data/de/deleon/1.1.54-deleon/GoogleNav.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - h**p://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - h**p://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - h**p://asp04.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab
O20 - Winlogon Notify: docent0 - docent0.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySql - Unknown owner - C:/apache/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: CHIPDRIVESCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programme\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Hi,
das Logfile sehe ich nicht als zu tragisch an.
Das hier:
R3 - Default URLSearchHook is missing
gehört gefixt; über andere Einträge machen wir uns Gedanken, wenn du einen eScan genau nach Anleitung durchgeführt und das Ergebnis gepostet hast. Bitte beachten: Sprache auf Englisch lassen, damit er die automatische Auswertung (find.bat) nutzen kann!!
cacatoa

was genau meinst du mit "das teil ist hartnäckig"

hast du die antivieren scanns etc. im abgesicherten modus durchgeführt nachdem die systhemwiederherstellung deaktiviert wurde?



auserdem sagt http://www.hijackthis.de
das

O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - h**p://216.249.25.152/code/PWActiveXImgCtl.CAB

O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - h**p://otx.ifilm.com/OTXMedia/OTXMedia.dll

O8 - Extra context menu item: amazon Suche - C:\Programme\Preispiraten\Preispiraten2\Searchamaz on.htm

O8 - Extra context menu item: amazon Suche starten - C:\Programme\Preispiraten\Preispiraten2\Searchamaz on.htm

und R3 - Default URLSearchHook is missing

böse sind.

denke also das es net schaden kann die zu fixen

edit: cacatoa war wol schneller;-)

@ cacatoa R3 - Default URLSearchHook is missing is das nen trojaner?
oder nur sypware?

Also:
Den O16 kannst fixen; auch wenn ich ihn später beseitigt hätte.
Die O8 Amazon-Einträge kannst lassen, ebenso ifilm.
Was soll daran schlimm sein? Nur weil die automatische Auswertung hier zickt?
Wie gesagt; erst eScan durchführen, dann weitermachen.
cacatoa

Öhm, nöööö (Asche auf mein Haupt)
Mit hartnäckig meine ich, daß der Rechner sich immer noch so verhält, obwohl ich mit diversen Trojanercheckern, Antispyware-Programmen etc. den Rechner habe scannen lassen. Die gefixten oder gelöschten Dateien waren aber offensichtlich nicht die Ursache des Problems.

Habe ich gemacht (bevor cacatoas 2. Nachricht kam).
Ciao, Pfeife

done.

Habe mich genau an die Hinweise gehalten. Die Scan-Ergebnisse in der MWAV.log ergeben mehr als 30 MB, darum habe ich mal nur die Virus Log- Information rausgezogen, und die poste ich hier:



######################################

File C:\WINDOWS\system32\msctl32.dll infected by "SpamTool.Win32.Mailbot.s" Virus! Action Taken: No Action Taken.
Object "bargainbuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "conducent flexpak Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "helper Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "password-finder 2.1 PSWTool" found in File System! Action Taken: No Action Taken.
Object "everad Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "speer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.desktop toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.desktop toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mediamotor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mediamotor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "weathercast Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "weathercast Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "weathercast Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cydoor.topicks.a Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "powerreg scheduler Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "password-finder 2.1 PSWTool" found in File System! Action Taken: No Action Taken.
Object "whenu.desktop toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "powerreg scheduler Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "password-finder 2.1 PSWTool" found in File System! Action Taken: No Action Taken.
Object "whenu.desktop toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "speer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.desktop toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.desktop toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\googlenav.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\OTXMedia.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\PWActiveXImgCtl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\OTXMedia.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton SystemWorks\Password Manager\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton SystemWorks\Norton Ghost\Agent\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Citrix\ICA Client\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Citrix\ICA Client\Cache\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Citrix\ICA Client\resource\de\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Citrix\ICA Client\resource\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".part". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{567DB2D4-9B01-4EBF-9FFA-543491BF3379}" refers to invalid object "F:\PJStream.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6E5526E3-4B91-11d4-876F-005004BCDA99}" refers to invalid object "F:\PJStream.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6E5526E4-4B91-11d4-876F-005004BCDA99}" refers to invalid object "F:\PJStream.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{178F2316-1BF7-4436-B506-53BB8F75026F}" refers to invalid object " ". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1D0BC1B2-7F7F-4FAC-8FC9-4E57FA89C0D4}" refers to invalid object " ". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{32187E62-601A-4C7E-8A67-6FCD5F1FB53E}" refers to invalid object "C:\DOKUME~1\T**\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3A919507-FA94-4F7D-B3E0-B2C778C6B8F2}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\OTXMedia.dll". Action Taken: No Action Taken.
Entry "HKCR\.x3d" refers to invalid object "X3D.Document". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\T**\.jpi_cache\jar\1.0\loaderadv408.jar-16d4db64-36eba50a.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\T**\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-3cb2e71a.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\T**\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-49d59a85.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\T**\Desktop\Jux\Screenmates\butterfliesfree_354.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\T**\Desktop\Jux\Screenmates\waterfree.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.aq". Action Taken: No Action Taken.
File C:\Programme\Eset\cache\FND1.NFI tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.
File C:\Programme\Eset\cache\FND10.NFI infected by "Trojan.Win32.StartPage.aha" Virus! Action Taken: No Action Taken.
File C:\Programme\Eset\cache\FND11.NFI infected by "Trojan-Spy.Win32.Agent.jl" Virus! Action Taken: No Action Taken.
File C:\Programme\Eset\cache\FND12.NFI infected by "Trojan-Spy.Win32.Agent.jl" Virus! Action Taken: No Action Taken.
File C:\Programme\Eset\cache\FND13.NFI infected by "Trojan-Spy.Win32.Goldun.gj" Virus! Action Taken: No Action Taken.
File C:\Programme\Eset\cache\FND14.NFI infected by "Trojan-Downloader.Win32.Adload.j" Virus! Action Taken: No Action Taken.
File C:\Programme\Eset\cache\FNDB.NFI infected by "Trojan-Downloader.Win32.Small.cfd" Virus! Action Taken: No Action Taken.
File C:\Programme\Eset\cache\FNDD.NFI infected by "Trojan-Spy.Win32.Goldun.gj" Virus! Action Taken: No Action Taken.
File C:\Programme\Eset\cache\FNDE.NFI infected by "Packed.Win32.Klone.b" Virus! Action Taken: No Action Taken.
File C:\Programme\Eset\cache\FNDF.NFI infected by "Trojan-Clicker.Win32.VB.kc" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00002647 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00271E1C infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\002F1C69 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\0038700A infected by "Email-Worm.Win32.NetSky.r" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00406BDF infected by "Email-Worm.Win32.NetSky.y" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\004263D0 infected by "Email-Worm.Win32.NetSky.c" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00426F39 infected by "Email-Worm.Win32.NetSky.c" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00444605 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00450C94 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\005535FA infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00554717 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00556B24 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\005F33EF infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00625DEC infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\006507E8 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\006931E4 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\006B06B7 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\006C0FD0 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\006C33AB infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\006E0574 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00721097 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\007659D6 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00782EA9 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00795B9D infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\007B2D66 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\007C2DCF infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\008C11F3 infected by "Email-Worm.Win32.Sober.g" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00932B80 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\009B66D9 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00A00DDE infected by "Email-Worm.Win32.Sober.g" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00AD35CF infected by "Email-Worm.Win32.NetSky.aa" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00AD5788 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00B648B4 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00B733C4 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00B77959 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00BB754B infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00BF2CA7 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00C45BB6 infected by "Email-Worm.Win32.Sober.g" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00C850DA infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00D01270 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00D01270.com infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00D66264 infected by "Email-Worm.Win32.NetSky.aa" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00DB4CC4 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00DF4324 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00EE7B11 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00F2493D infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00F6623C infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00F74F45 infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\00FF150A infected by "Email-Worm.Win32.NetSky.aa" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\01076FA5 infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\010C3CFB infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\0110192E infected by "Email-Worm.Win32.Bagle.at" Virus! Action Taken: No Action Taken.



usw.

Und am Schluß:


File C:\RECYCLER\NPROTECT\00893668. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00893680. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File D:\Downloads\Pilot\Palm-Win VNC\PalmVNC-WinVNC.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.1540. No Action Taken.
File D:\Downloads\Finale\Finale 2006\ngnf6u01.exe infected by "Trojan-Downloader.Win32.IstBar.is" Virus! Action Taken: No Action Taken.
File D:\Downloads\Spyanywhere\setup.exe tagged as not-a-virus:Monitor.Win32.SpyAgent.44103. No Action Taken.

################################################


Dies war nur der Anfang der Virus Log Informationen, aber was dann folgt ist so ähnlich, nämlich:

Strings, die so anfangen:
C:\Programme\Eset\cache
oder so:
C:\RECYCLER\NPROTECT
oder so:
C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine


Wenn ich mich nicht irre, bezeichnen sie doch infizierte Dateien, die schon von anderen Scannern unter Quarantäne gestellt wurden und somit nichts mehr anrichten können, oder?


Den kompletten Text habe ich hier abgelegt:
http://www.kirchenmusikliste.de/dl/


Vielen Dank im Voraus, wenn sich jemand um diese Angaben kümmert und mir sagt, was ich machen soll.

Ciao, Pfeife

@ Pfeife:
Wie wär´s mal mit dem Einsatz der "find.bat"?
Das sind die wichtigsten Infos.
Allerdings möchte ich insgesamt kein solch verseuchtes System haben.
Aber, wie gesagt, schaun wir mal, wenn du die find.bat benutzt hast...
cacatoa

Hallo Leute, ich werde noch verrückt.
Jedesmal wenn cih versuche mit Winmp ein lied abzuspielen, stürzt er ab.
Mein lahmt jetzt auch schon und immer wieder (zumindest so scheint es) wegen irgend so ner fu** datei dwwin.exe
ich bin echt am verzewifeln!!!
Bitte helft mir!!!und bitte so , dass ichs versteh check net wirklich allzu viel von der "Profi-Sprache"
Hoffe auf baldige antwort und hilfe....Niko!!!



Logfile of HijackThis v1.98.2
Scan saved at 13:17:45, on 12.01.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
D:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
D:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
D:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
D:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Eigene Dateien\Niko\Security\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O18 - Protocol: bw+0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {E62B68FE-3CD7-4C02-9E1C-33F4FF1C5619} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

@ pimperish:
Mach bitte einen eigenen thread auf!
cacatoa

Ich hatte den Hinweis auf die find.bat im Kleingedruckten bei www.cidres-security.de/escan_neu.html tatsächlich übersehen

Aber jetzt!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jan 12 17:25:26 2006 => File C:\WINDOWS\system32\msctl32.dll infected by "SpamTool.Win32.Mailbot.s" Virus! Action Taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with ezula Spyware/Adware (conscorr.ini)! Action taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with conducent flexpak Spyware/Adware (gpinstall.exe)! Action taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with helper Spyware/Adware (helper.exe)! Action taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with zipitpro Spyware/Adware (iun6002.exe)! Action taken: No Action Taken.
Thu Jan 12 17:26:14 2006 => System found infected with limewire Spyware/Adware (options.js)! Action taken: No Action Taken.
Thu Jan 12 17:26:24 2006 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken.
Thu Jan 12 17:26:40 2006 => System found infected with ezula Spyware/Adware (antivirus.url)! Action taken: No Action Taken.
Thu Jan 12 17:26:46 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:26:46 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with imiserver ieplugin Spyware/Adware (migrate.dll)! Action taken: No Action Taken.
Thu Jan 12 17:27:02 2006 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
Thu Jan 12 17:27:03 2006 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:03 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (toolbar.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:04 2006 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:04 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (toolbar.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:10 2006 => System found infected with ezula Spyware/Adware (antivirus.url)! Action taken: No Action Taken.
Thu Jan 12 17:27:12 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:27:13 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:27:14 2006 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
Thu Jan 12 17:56:19 2006 => File C:\Dokumente und Einstellungen\T**\.jpi_cache\jar\1.0\loaderadv408.jar-16d4db64-36eba50a.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
Thu Jan 12 17:58:26 2006 => File C:\Dokumente und Einstellungen\T**\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-3cb2e71a.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
Thu Jan 12 17:58:26 2006 => File C:\Dokumente und Einstellungen\T**\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-49d59a85.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
Thu Jan 12 18:31:31 2006 => Scanning Folder: C:\Programme\Eset\infected\*.*
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\A1XPUGDA.NQF
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\A1XPUGDA.NQI
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\YPEQ53AA.NQF
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\YPEQ53AA.NQI
Thu Jan 12 19:57:28 2006 => File C:\Programme\The Bat!\MAIL\GMX\Sent\MESSAGES.TBB infected by "Email-Worm.Win32.Bagle.pac" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:01:04 2006 => File C:\Programme\The Bat!\MAIL\Vocalscene\Inbox\MESSAGES.TBB infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:02:29 2006 => File C:\Programme\TweakNow PowerPack\Backup\FileBackup2.zip infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:02:36 2006 => File C:\Programme\TweakNow PowerPack 2006\Backup\Disk_Cleaner_08.11.2005_18%b15%b30.zip infected by "Net-Worm.Win32.Mytob.h" Virus! Action Taken: No Action Taken.

####################################
Dann sehr viele Einträge wie dieser (darum alle gesnippt):
Thu Jan 12 20:11:50 2006 => C:\RECYCLER\NPROTECT\00518771. possibly infected and removed by background antivirus package!
Thu Jan 12 20:11:50 2006 => File C:\RECYCLER\NPROTECT\00518771. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:11:50 2006 => C:\RECYCLER\NPROTECT\00519056. possibly infected and removed by background antivirus package!
Thu Jan 12 20:11:50 2006 => File C:\RECYCLER\NPROTECT\00519056. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Diese Dateien lassen sich übrigens weder löschen, noch umbenennen. Im Explorer werden sie alle mit einigen kb Dateigröße angezeigt. Läßt man sich aber ihre Eigenschaften anzeigen, so haben sie alle 0 byte Gewicht.
Ich kann mir nicht vorstellen, daß sie die Ursache meines Problems sind, denn diese Dateien liegen dort schon seit vielen Monaten.
#####################################


Thu Jan 12 21:37:44 2006 => File D:\Downloads\Finale\Finale 2006\ngnf6u01.exe infected by "Trojan-Downloader.Win32.IstBar.is" Virus! Action Taken: No Action Taken.
Thu Jan 12 22:27:32 2006 => Total Disinfected Objects: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jan 12 18:03:29 2006 => File C:\Dokumente und Einstellungen\T**\Desktop\Jux\Screenmates\butterfliesfree_354.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.
Thu Jan 12 18:04:04 2006 => File C:\Dokumente und Einstellungen\T**\Desktop\Jux\Screenmates\waterfree.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.aq". Action Taken: No Action Taken.
Thu Jan 12 19:43:19 2006 => File C:\Programme\RealVNC\VNC4\wm_hooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
Thu Jan 12 21:33:44 2006 => File D:\Downloads\Pilot\Palm-Win VNC\PalmVNC-WinVNC.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.1540. No Action Taken.
Thu Jan 12 21:41:09 2006 => File D:\Downloads\Spyanywhere\setup.exe tagged as not-a-virus:Monitor.Win32.SpyAgent.44103. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jan 12 17:26:04 2006 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\bullseye network !!!
Thu Jan 12 17:26:05 2006 => Offending file found: C:\WINDOWS\conscorr.ini
Thu Jan 12 17:26:05 2006 => Offending file found: C:\WINDOWS\gpinstall.exe
Thu Jan 12 17:26:05 2006 => Offending file found: C:\WINDOWS\helper.exe
Thu Jan 12 17:26:05 2006 => Offending file found: C:\WINDOWS\iun6002.exe
Thu Jan 12 17:26:06 2006 => Offending Folder found: C:\Programme\password-finder
Thu Jan 12 17:26:07 2006 => Offending Folder found: C:\Dokumente und Einstellungen\T**\Anwendungsdaten\everad
Thu Jan 12 17:26:14 2006 => Offending file found: C:\Dokumente und Einstellungen\T**\Anwendungsdaten\mozilla\firefox\profiles\default.6pr\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences\options.js
Thu Jan 12 17:26:24 2006 => Offending file found: C:\WINDOWS\Favoriten\links\ebay.url
Thu Jan 12 17:26:30 2006 => Offending Folder found: D:\ABLAGE\partituren\capella2000\partituren\partiturbibliothek\speer
Thu Jan 12 17:26:40 2006 => Offending file found: D:\ABLAGE\favoriten\lesezeichen für download-tip.de\download-tip.de rubriken\tools\antivirus.url
Thu Jan 12 17:26:46 2006 => Offending file found: D:\ABLAGE\dienst\kindchor\konzepte\message.html
Thu Jan 12 17:26:46 2006 => Offending file found: D:\ABLAGE\dienst\gembrief\2005\frühjahr\message.html
Thu Jan 12 17:26:51 2006 => Offending Folder found: C:\Dokumente und Einstellungen\T**\Lokale Einstellungen\anwendungsdaten\macromedia\contribute 3\configuration\toolbars\mm
Thu Jan 12 17:26:53 2006 => Offending Folder found: C:\Dokumente und Einstellungen\T**\Lokale Einstellungen\Anwendungsdaten\macromedia\contribute 3\configuration\toolbars\mm
Thu Jan 12 17:26:59 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\template\1031\webs\projec_t\search.htm
Thu Jan 12 17:26:59 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\template\1031\webs\custsu_t\search.htm
Thu Jan 12 17:26:59 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\template\1031\pages\search_t\search.htm
Thu Jan 12 17:26:59 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\office10\migrate\migrate.dll
Thu Jan 12 17:27:01 2006 => Offending Folder found: D:\CD\gnu
Thu Jan 12 17:27:02 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
Thu Jan 12 17:27:03 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\norton systemworks premier\norton utilities\norton disk doctor.lnk
Thu Jan 12 17:27:03 2006 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\password-finder
Thu Jan 12 17:27:03 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\powerdesk pro 5.0\toolbar.lnk
Thu Jan 12 17:27:04 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\norton systemworks premier\norton utilities\norton disk doctor.lnk
Thu Jan 12 17:27:04 2006 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\password-finder
Thu Jan 12 17:27:04 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\powerdesk pro 5.0\toolbar.lnk
Thu Jan 12 17:27:06 2006 => Offending Folder found: D:\ABLAGE\partituren\capella2000\partituren\partiturbibliothek\speer
Thu Jan 12 17:27:10 2006 => Offending file found: D:\ABLAGE\favoriten\lesezeichen für download-tip.de\download-tip.de rubriken\tools\antivirus.url
Thu Jan 12 17:27:12 2006 => Offending file found: D:\ABLAGE\dienst\kindchor\konzepte\message.html
Thu Jan 12 17:27:13 2006 => Offending file found: D:\ABLAGE\dienst\gembrief\2005\frühjahr\message.html
Thu Jan 12 17:27:14 2006 => Offending file found: C:\WINDOWS\iun6002.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jan 12 22:27:32 2006 => Total Errors: 12500
Thu Jan 12 22:27:32 2006 => Time Elapsed: 04:59:52
Thu Jan 12 22:27:32 2006 => Total Objects Scanned: 255370
Thu Jan 12 17:16:19 2006 => Virus Database Date: 1/3/2006
Thu Jan 12 17:17:23 2006 => Virus Database Date: 1/12/2006
Thu Jan 12 17:24:17 2006 => Virus Database Date: 1/12/2006
Thu Jan 12 22:27:32 2006 => Virus Database Date: 1/12/2006
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~


Ich kann diese Angaben nur rudimentär deuten, weiß aber noch nicht einmal, was danach zu tun ist. Kann man z.B.
C:\WINDOWS\system32\msctl32.dll
einfach löschen? Oder muß man diese Datei durch eine nicht infizierte Originaldatei ersetzen? Oder läßt die sich reparieren?

cacatoa, wenn Du mir sagen könntest, was jetzt getan werden muß, wäre ich Dir sehr dankbar!

Ciao, Pfeife

Holla, Pfeife:
Folgendes lädst Du Dir jetzt runter:
1. Spybot S&D 1.4
2. AdAware SE
3. Ewido Testversion
4. RegSeeker
Dann jedes Programm außer Regseeker manuell updaten (die update-Funktion bei Spybot S&D bei der Installation funktioniert meistens nicht richtig).
Dann: mit RegSeeker die Registrierung säubern.
Dann den Java-cache leeren (Start> Einstellungen> Systemsteuerung> Java> Dateien löschen> Haken bei allen drei Punkten> löschen> ok.
Dann im abgesicherten Modus bei deaktivierter Systemwiederherstellung hintereinander laufen lassen und alles löschen lassen, was sie finden:
Spyvot S&D, AdAware SE und ewido.
Anschließend neu booten und diese Anleitung abarbeiten.
Dann gibt es noch zu beachten: Die Recycler (Systemweiderherstellung) bei XP lassen sich leeren, in dem man die Systemwiederherstellung ausschaltet, Rechner aus, Rechner an, Systemwiederherstellung wieder an. Allerdings: Die Norton-Benutzer müssen sich damit abfinden, daß Norton in jedem Laufwerk noch einen zweiten Recycler anlegt, der sich so nicht löschen läßt... na,ja, Norton halt...:crazy:
Wenn du fertig bist, dann meldest Dich wieder mit einem neuen HJT-Logfile und einem neuen eScan log. Wird zwar ganz schön dauern, aber es sollte dann o.k. sein.
cacatoa

WOW! Hier werde ich geholfen. Vielen Dank!!
Wenn ich alles befolgt habe, melde ich mich wieder.
Jetzt muß ich erst zur Arbeit.

Ciao, Pfeife

Hat auch ganz schön gedauert, aber die lästigen Popups von Norton (daß jetzt E-Mails gesendet werden), die den ganzen Screen überfluteten, sind weg. Auch wird das System nicht mehr ausgebremst.

HJT sagt dies:

Logfile of HijackThis v1.99.1
Scan saved at 00:18:24, on 14.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\IconSaver\IconSaver.exe
C:\WINDOWS\System32\fast.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Programme\klickIdent Herbst 2005\klickIdentPP.exe
C:\Programme\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Programme\Sony Handheld\USBSwt.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SCARDS32.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\Fast.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\OPScan.exe
C:\Dokumente und Einstellungen\T**\Desktop\Windows XP Update\Hijackthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PreispiratenSearchURL - {0B660087-931C-4056-A04F-0423890E40B6} - C:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {6C23079E-34ED-4913-0CAD-4CA5D9F7B198} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: metaspinner media GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\Preispiraten\Preispiraten2\IEButtonAmazonInterface.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {BBE59AF5-EE22-4A3A-AB26-3F774D1B4216} - C:\Programme\FolderBox\FolderBox.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: metaspinner media GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\Preispiraten\Preispiraten2\IEButtonEBayInterface.dll
O2 - BHO: metaspinner media GmbH - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - C:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IconSaver] "C:\Programme\IconSaver\IconSaver.exe"
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\System32\bgswitch.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [klickIdentPP.exe"] "C:\Programme\klickIdent Herbst 2005\klickIdentPP.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programme\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Startup: HotSync Manager.lnk = C:\Programme\Sony Handheld\HOTSYNC.EXE
O4 - Startup: klickIdent 15.lnk = C:\Programme\klickIdent Herbst 2005\klickIdentPP.exe
O4 - Startup: SonyPDA USB Switcher.lnk = C:\Programme\Sony Handheld\USBSwt.exe
O8 - Extra context menu item: &Google-Suche - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten\\Preispiraten2\\preispiraten.html
O8 - Extra context menu item: eBay - Mein eBay - C:\Programme\Preispiraten\Preispiraten2\SearchEbaymein.htm
O8 - Extra context menu item: eBay - Powersuche - C:\Programme\Preispiraten\Preispiraten2\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Startseite - C:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm
O8 - Extra context menu item: eBay Suche starten - C:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm
O8 - Extra context menu item: Google AdSense Preview Tool - h**p://pagead2.googlesyndication.com/pagead/preview/en/preview.html
O8 - Extra context menu item: Google Suche - C:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm
O8 - Extra context menu item: Google Suche starten - C:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Preispiraten 2.5 - {2638A03E-1669-43BE-8119-B47087629A7F} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programme\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programme\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .sib: C:\Programme\Internet Explorer\PLUGINS\NPSibelius.dll
O14 - IERESET.INF: START_PAGE_URL=h**p://www.spartipps.com/
O16 - DPF: Yahoo! Chat - h**p://cs5.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - h**p://site.ebrary.com/support/plugins/ebraryRdr.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - h**ps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=h**p://www2.minolta.de/foto/a1de/09_2.html
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - h**p://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - h**p://172.16.7.100/wfica.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - h**p://download.ebay.com/turbo_lister/DE/install.cab
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - h**ps://banking.seb.de/hbci/plugin/AXFOAM.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - h**p://cs6.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - h**p://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095436890020
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - h**p://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - h**p://toolbar.google.com/data/de/deleon/1.1.54-deleon/GoogleNav.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - h**p://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - h**p://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - h**p://asp04.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab
O20 - Winlogon Notify: docent0 - docent0.dll (file missing)
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: CHIPDRIVESCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programme\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

escan sagt dies:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jan 12 17:25:26 2006 => File C:\WINDOWS\system32\msctl32.dll infected by "SpamTool.Win32.Mailbot.s" Virus! Action Taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with ezula Spyware/Adware (conscorr.ini)! Action taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with conducent flexpak Spyware/Adware (gpinstall.exe)! Action taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with helper Spyware/Adware (helper.exe)! Action taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with zipitpro Spyware/Adware (iun6002.exe)! Action taken: No Action Taken.
Thu Jan 12 17:26:14 2006 => System found infected with limewire Spyware/Adware (options.js)! Action taken: No Action Taken.
Thu Jan 12 17:26:24 2006 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken.
Thu Jan 12 17:26:40 2006 => System found infected with ezula Spyware/Adware (antivirus.url)! Action taken: No Action Taken.
Thu Jan 12 17:26:46 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:26:46 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with imiserver ieplugin Spyware/Adware (migrate.dll)! Action taken: No Action Taken.
Thu Jan 12 17:27:02 2006 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
Thu Jan 12 17:27:03 2006 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:03 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (toolbar.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:04 2006 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:04 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (toolbar.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:10 2006 => System found infected with ezula Spyware/Adware (antivirus.url)! Action taken: No Action Taken.
Thu Jan 12 17:27:12 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:27:13 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:27:14 2006 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
Thu Jan 12 17:56:19 2006 => File C:\Dokumente und Einstellungen\T**\.jpi_cache\jar\1.0\loaderadv408.jar-16d4db64-36eba50a.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
Thu Jan 12 17:58:26 2006 => File C:\Dokumente und Einstellungen\T**\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-3cb2e71a.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
Thu Jan 12 17:58:26 2006 => File C:\Dokumente und Einstellungen\T**\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-49d59a85.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
Thu Jan 12 18:31:31 2006 => Scanning Folder: C:\Programme\Eset\infected\*.*
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\A1XPUGDA.NQF
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\A1XPUGDA.NQI
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\YPEQ53AA.NQF
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\YPEQ53AA.NQI
Thu Jan 12 19:57:28 2006 => File C:\Programme\The Bat!\MAIL\GMX\Sent\MESSAGES.TBB infected by "Email-Worm.Win32.Bagle.pac" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:01:04 2006 => File C:\Programme\The Bat!\MAIL\Vocalscene\Inbox\MESSAGES.TBB infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:02:29 2006 => File C:\Programme\TweakNow PowerPack\Backup\FileBackup2.zip infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:02:36 2006 => File C:\Programme\TweakNow PowerPack 2006\Backup\Disk_Cleaner_08.11.2005_18%b15%b30.zip infected by "Net-Worm.Win32.Mytob.h" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:11:33 2006 => C:\RECYCLER\NPROTECT\00000000. possibly infected and removed by background antivirus package!
Thu Jan 12 20:11:33 2006 => File C:\RECYCLER\NPROTECT\00000000. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.

usw....

Thu Jan 12 20:13:51 2006 => File C:\RECYCLER\NPROTECT\00886136. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:13:51 2006 => C:\RECYCLER\NPROTECT\00886137. possibly infected and removed by background antivirus package!
Thu Jan 12 20:13:51 2006 => File C:\RECYCLER\NPROTECT\00886137. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:13:51 2006 => C:\RECYCLER\NPROTECT\00893528. possibly infected and removed


Sieht das jetzt besser aus als die ersten Logfiles? Für mich ist das alles ja sehr kryptisch. Vielen Dank, cacatoa, für Deine Hilfe!

Ciao, Thomas

??
Das eScan Logfile ist das vom 12. 01.; also kein neues>> nochmal nachschauen!
Folgende mit HJT noch fixen:
O2 - BHO: (no name) - {6C23079E-34ED-4913-0CAD-4CA5D9F7B198} - (no file)
O20 - Winlogon Notify: docent0 - docent0.dll (file missing)
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\
Ansonsten ist das Logfile schon o.k.!
Was haben ewido, Spybot S&D und AdAware SE gefunden?
cacatoa

Uuuuuuups! Da ist mir beim Speichern der verschiedenen eScan-Logs ein Fehler unterlaufen. Sorry!

Jetzt aber richtig:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jan 12 17:25:26 2006 => File C:\WINDOWS\system32\msctl32.dll infected by "SpamTool.Win32.Mailbot.s" Virus! Action Taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with ezula Spyware/Adware (conscorr.ini)! Action taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with conducent flexpak Spyware/Adware (gpinstall.exe)! Action taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with helper Spyware/Adware (helper.exe)! Action taken: No Action Taken.
Thu Jan 12 17:26:05 2006 => System found infected with zipitpro Spyware/Adware (iun6002.exe)! Action taken: No Action Taken.
Thu Jan 12 17:26:14 2006 => System found infected with limewire Spyware/Adware (options.js)! Action taken: No Action Taken.
Thu Jan 12 17:26:24 2006 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken.
Thu Jan 12 17:26:40 2006 => System found infected with ezula Spyware/Adware (antivirus.url)! Action taken: No Action Taken.
Thu Jan 12 17:26:46 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:26:46 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with weathercast Spyware/Adware (search.htm)! Action taken: No Action Taken.
Thu Jan 12 17:26:59 2006 => System found infected with imiserver ieplugin Spyware/Adware (migrate.dll)! Action taken: No Action Taken.
Thu Jan 12 17:27:02 2006 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
Thu Jan 12 17:27:03 2006 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:03 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (toolbar.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:04 2006 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:04 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (toolbar.lnk)! Action taken: No Action Taken.
Thu Jan 12 17:27:10 2006 => System found infected with ezula Spyware/Adware (antivirus.url)! Action taken: No Action Taken.
Thu Jan 12 17:27:12 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:27:13 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (message.html)! Action taken: No Action Taken.
Thu Jan 12 17:27:14 2006 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
Thu Jan 12 17:56:19 2006 => File C:\Dokumente und Einstellungen\Tom\.jpi_cache\jar\1.0\loaderadv408.jar-16d4db64-36eba50a.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
Thu Jan 12 17:58:26 2006 => File C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-3cb2e71a.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
Thu Jan 12 17:58:26 2006 => File C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-49d59a85.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
Thu Jan 12 18:31:31 2006 => Scanning Folder: C:\Programme\Eset\infected\*.*
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\A1XPUGDA.NQF
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\A1XPUGDA.NQI
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\YPEQ53AA.NQF
Thu Jan 12 18:31:31 2006 => Scanning File C:\Programme\Eset\infected\YPEQ53AA.NQI
Thu Jan 12 19:57:28 2006 => File C:\Programme\The Bat!\MAIL\GMX\Sent\MESSAGES.TBB infected by "Email-Worm.Win32.Bagle.pac" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:01:04 2006 => File C:\Programme\The Bat!\MAIL\Vocalscene\Inbox\MESSAGES.TBB infected by "Exploit.HTML.Iframe.FileDownload" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:02:29 2006 => File C:\Programme\TweakNow PowerPack\Backup\FileBackup2.zip infected by "Email-Worm.Win32.NetSky.d" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:02:36 2006 => File C:\Programme\TweakNow PowerPack 2006\Backup\Disk_Cleaner_08.11.2005_18%b15%b30.zip infected by "Net-Worm.Win32.Mytob.h" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:11:33 2006 => C:\RECYCLER\NPROTECT\00000000. possibly infected and removed by background antivirus package!
Thu Jan 12 20:11:33 2006 => File C:\RECYCLER\NPROTECT\00000000. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Thu Jan 12 20:11:33 2006 => C:\RECYCLER\NPROTECT\00000001. possibly infected and removed by background antivirus package!
Thu Jan 12 20:11:33 2006 => File C:\RECYCLER\NPROTECT\00000001. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.

usw.

Sat Jan 14 03:13:10 2006 => File C:\RECYCLER\NPROTECT\00894714. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Sat Jan 14 03:13:10 2006 => C:\RECYCLER\NPROTECT\00894723. possibly infected and removed by background antivirus package!
Sat Jan 14 03:13:10 2006 => File C:\RECYCLER\NPROTECT\00894723. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Sat Jan 14 04:38:28 2006 => File D:\Downloads\Finale\Finale 2006\ngnf6u01.exe infected by "Trojan-Downloader.Win32.IstBar.is" Virus! Action Taken: No Action Taken.
Sat Jan 14 05:27:20 2006 => Total Disinfected Objects: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jan 12 18:03:29 2006 => File C:\Dokumente und Einstellungen\Tom\Desktop\Jux\Screenmates\butterfliesfree_354.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.
Thu Jan 12 18:04:04 2006 => File C:\Dokumente und Einstellungen\Tom\Desktop\Jux\Screenmates\waterfree.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.aq". Action Taken: No Action Taken.
Thu Jan 12 19:43:19 2006 => File C:\Programme\RealVNC\VNC4\wm_hooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
Thu Jan 12 21:33:44 2006 => File D:\Downloads\Pilot\Palm-Win VNC\PalmVNC-WinVNC.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.1540. No Action Taken.
Thu Jan 12 21:41:09 2006 => File D:\Downloads\Spyanywhere\setup.exe tagged as not-a-virus:Monitor.Win32.SpyAgent.44103. No Action Taken.
Sat Jan 14 01:05:36 2006 => File C:\Dokumente und Einstellungen\Tom\Desktop\Jux\Screenmates\butterfliesfree_354.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.
Sat Jan 14 01:06:10 2006 => File C:\Dokumente und Einstellungen\Tom\Desktop\Jux\Screenmates\waterfree.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.aq". Action Taken: No Action Taken.
Sat Jan 14 02:42:04 2006 => File C:\Programme\RealVNC\VNC4\wm_hooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
Sat Jan 14 04:34:26 2006 => File D:\Downloads\Pilot\Palm-Win VNC\PalmVNC-WinVNC.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.1540. No Action Taken.
Sat Jan 14 04:41:57 2006 => File D:\Downloads\Spyanywhere\setup.exe tagged as not-a-virus:Monitor.Win32.SpyAgent.44103. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jan 12 17:26:04 2006 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\bullseye network !!!
Thu Jan 12 17:26:05 2006 => Offending file found: C:\WINDOWS\conscorr.ini
Thu Jan 12 17:26:05 2006 => Offending file found: C:\WINDOWS\gpinstall.exe
Thu Jan 12 17:26:05 2006 => Offending file found: C:\WINDOWS\helper.exe
Thu Jan 12 17:26:05 2006 => Offending file found: C:\WINDOWS\iun6002.exe
Thu Jan 12 17:26:06 2006 => Offending Folder found: C:\Programme\password-finder
Thu Jan 12 17:26:07 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\everad
Thu Jan 12 17:26:14 2006 => Offending file found: C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\mozilla\firefox\profiles\default.6pr\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences\options.js
Thu Jan 12 17:26:24 2006 => Offending file found: C:\WINDOWS\Favoriten\links\ebay.url
Thu Jan 12 17:26:30 2006 => Offending Folder found: D:\ABLAGE\partituren\capella2000\partituren\partiturbibliothek\speer
Thu Jan 12 17:26:40 2006 => Offending file found: D:\ABLAGE\favoriten\lesezeichen für download-tip.de\download-tip.de rubriken\tools\antivirus.url
Thu Jan 12 17:26:46 2006 => Offending file found: D:\ABLAGE\dienst\kindchor\konzepte\message.html
Thu Jan 12 17:26:46 2006 => Offending file found: D:\ABLAGE\dienst\gembrief\2005\frühjahr\message.html
Thu Jan 12 17:26:51 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\anwendungsdaten\macromedia\contribute 3\configuration\toolbars\mm
Thu Jan 12 17:26:53 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\Anwendungsdaten\macromedia\contribute 3\configuration\toolbars\mm
Thu Jan 12 17:26:59 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\template\1031\webs\projec_t\search.htm
Thu Jan 12 17:26:59 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\template\1031\webs\custsu_t\search.htm
Thu Jan 12 17:26:59 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\template\1031\pages\search_t\search.htm
Thu Jan 12 17:26:59 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\office10\migrate\migrate.dll
Thu Jan 12 17:27:01 2006 => Offending Folder found: D:\CD\gnu
Thu Jan 12 17:27:02 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
Thu Jan 12 17:27:03 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\norton systemworks premier\norton utilities\norton disk doctor.lnk
Thu Jan 12 17:27:03 2006 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\password-finder
Thu Jan 12 17:27:03 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\powerdesk pro 5.0\toolbar.lnk
Thu Jan 12 17:27:04 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\norton systemworks premier\norton utilities\norton disk doctor.lnk
Thu Jan 12 17:27:04 2006 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\password-finder
Thu Jan 12 17:27:04 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\powerdesk pro 5.0\toolbar.lnk
Thu Jan 12 17:27:06 2006 => Offending Folder found: D:\ABLAGE\partituren\capella2000\partituren\partiturbibliothek\speer
Thu Jan 12 17:27:10 2006 => Offending file found: D:\ABLAGE\favoriten\lesezeichen für download-tip.de\download-tip.de rubriken\tools\antivirus.url
Thu Jan 12 17:27:12 2006 => Offending file found: D:\ABLAGE\dienst\kindchor\konzepte\message.html
Thu Jan 12 17:27:13 2006 => Offending file found: D:\ABLAGE\dienst\gembrief\2005\frühjahr\message.html
Thu Jan 12 17:27:14 2006 => Offending file found: C:\WINDOWS\iun6002.exe
Sat Jan 14 00:29:41 2006 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\bullseye network !!!
Sat Jan 14 00:29:46 2006 => Offending file found: C:\WINDOWS\conscorr.ini
Sat Jan 14 00:29:46 2006 => Offending file found: C:\WINDOWS\gpinstall.exe
Sat Jan 14 00:29:46 2006 => Offending file found: C:\WINDOWS\helper.exe
Sat Jan 14 00:29:46 2006 => Offending file found: C:\WINDOWS\iun6002.exe
Sat Jan 14 00:29:47 2006 => Offending Folder found: C:\Programme\password-finder
Sat Jan 14 00:29:48 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\everad
Sat Jan 14 00:29:55 2006 => Offending file found: C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\mozilla\firefox\profiles\default.6pr\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences\options.js
Sat Jan 14 00:30:04 2006 => Offending file found: C:\WINDOWS\Favoriten\links\ebay.url
Sat Jan 14 00:30:11 2006 => Offending Folder found: D:\ABLAGE\partituren\capella2000\partituren\partiturbibliothek\speer
Sat Jan 14 00:30:21 2006 => Offending file found: D:\ABLAGE\favoriten\lesezeichen für download-tip.de\download-tip.de rubriken\tools\antivirus.url
Sat Jan 14 00:30:26 2006 => Offending file found: D:\ABLAGE\dienst\kindchor\konzepte\message.html
Sat Jan 14 00:30:27 2006 => Offending file found: D:\ABLAGE\dienst\gembrief\2005\frühjahr\message.html
Sat Jan 14 00:30:32 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\anwendungsdaten\macromedia\contribute 3\configuration\toolbars\mm
Sat Jan 14 00:30:33 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\Anwendungsdaten\macromedia\contribute 3\configuration\toolbars\mm
Sat Jan 14 00:30:39 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\template\1031\webs\projec_t\search.htm
Sat Jan 14 00:30:39 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\template\1031\webs\custsu_t\search.htm
Sat Jan 14 00:30:39 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\template\1031\pages\search_t\search.htm
Sat Jan 14 00:30:39 2006 => Offending file found: D:\CD\officexp\files\pfiles\msoffice\office10\migrate\migrate.dll
Sat Jan 14 00:30:41 2006 => Offending Folder found: D:\CD\gnu
Sat Jan 14 00:30:43 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
Sat Jan 14 00:30:44 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\norton systemworks premier\norton utilities\norton disk doctor.lnk
Sat Jan 14 00:30:44 2006 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\password-finder
Sat Jan 14 00:30:44 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\powerdesk pro 5.0\toolbar.lnk
Sat Jan 14 00:30:44 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\norton systemworks premier\norton utilities\norton disk doctor.lnk
Sat Jan 14 00:30:44 2006 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\password-finder
Sat Jan 14 00:30:44 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\powerdesk pro 5.0\toolbar.lnk
Sat Jan 14 00:30:47 2006 => Offending Folder found: D:\ABLAGE\partituren\capella2000\partituren\partiturbibliothek\speer
Sat Jan 14 00:30:51 2006 => Offending file found: D:\ABLAGE\favoriten\lesezeichen für download-tip.de\download-tip.de rubriken\tools\antivirus.url
Sat Jan 14 00:30:53 2006 => Offending file found: D:\ABLAGE\dienst\kindchor\konzepte\message.html
Sat Jan 14 00:30:54 2006 => Offending file found: D:\ABLAGE\dienst\gembrief\2005\frühjahr\message.html
Sat Jan 14 00:30:55 2006 => Offending file found: C:\WINDOWS\iun6002.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Jan 12 22:27:32 2006 => Total Errors: 12500
Sat Jan 14 05:27:20 2006 => Total Errors: 12545
Thu Jan 12 22:27:32 2006 => Time Elapsed: 04:59:52
Sat Jan 14 05:27:20 2006 => Time Elapsed: 04:56:49
Thu Jan 12 22:27:32 2006 => Total Objects Scanned: 255370
Sat Jan 14 05:27:20 2006 => Total Objects Scanned: 250353
Thu Jan 12 17:16:19 2006 => Virus Database Date: 1/3/2006
Thu Jan 12 17:17:23 2006 => Virus Database Date: 1/12/2006
Thu Jan 12 17:24:17 2006 => Virus Database Date: 1/12/2006
Thu Jan 12 22:27:32 2006 => Virus Database Date: 1/12/2006
Thu Jan 12 22:32:02 2006 => Virus Database Date: 1/12/2006
Sat Jan 14 00:20:12 2006 => Virus Database Date: 1/12/2006
Sat Jan 14 00:21:03 2006 => Virus Database Date: 1/14/2006
Sat Jan 14 00:28:03 2006 => Virus Database Date: 1/14/2006
Sat Jan 14 05:27:20 2006 => Virus Database Date: 1/14/2006
Sat Jan 14 09:13:51 2006 => Virus Database Date: 1/14/2006
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~



done.

Die Logfiles von AdAware undSpybot habe ich noch nicht gefunden, aber das von ewido schreibt:

[Kommt in separater Antwort, weil der Platz hier nicht reicht]

Ciao, Pfeife

Ewido:

---------------------------------------------------------
ewido anti-malware - Scan Report
---------------------------------------------------------

+ Erstellt am: 17:49:30, 13.01.2006
+ Report-Checksumme: E6EEDB2A

+ Scanergebnis:

:mozilla.10:C:\Dokumente und Einstellungen\T**\Anwendungsdaten\Mozilla\Firefox\Profiles\default.6pr\cookies.txt -> Spyware.Cookie.Com : Gesäubert mit Backup
:mozilla.11:C:\Dokumente und Einstellungen\T**\Anwendungsdaten\Mozilla\Firefox\Profiles\default.6pr\cookies.txt -> Spyware.Cookie.Com : Gesäubert mit Backup
:mozilla.19:C:\Dokumente und Einstellungen\T**\Anwendungsdaten\Mozilla\Firefox\Profiles\default.6pr\cookies.txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
:mozilla.34:C:\Dokumente und Einstellungen\T**\Anwendungsdaten\Mozilla\Firefox\Profiles\default.6pr\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.35:C:\Dokumente und Einstellungen\T**\Anwendungsdaten\Mozilla\Firefox\Profiles\default.6pr\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.36:C:\Dokumente und Einstellungen\T**\Anwendungsdaten\Mozilla\Firefox\Profiles\default.6pr\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.37:C:\Dokumente und Einstellungen\T**\Anwendungsdaten\Mozilla\Firefox\Profiles\default.6pr\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.38:C:\Dokumente und Einstellungen\T**\Anwendungsdaten\Mozilla\Firefox\Profiles\default.6pr\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
C:\RECYCLER\NPROTECT\00579634. -> Spyware.Cookie.Hitbox : Gesäubert mit Backup
:mozilla.10:C:\RECYCLER\NPROTECT\00894795.MOZ -> Spyware.Cookie.Com : Gesäubert mit Backup
:mozilla.11:C:\RECYCLER\NPROTECT\00894795.MOZ -> Spyware.Cookie.Com : Gesäubert mit Backup
:mozilla.18:C:\RECYCLER\NPROTECT\00894795.MOZ -> Spyware.Cookie.Doubleclick : Gesäubert mit Backup
:mozilla.19:C:\RECYCLER\NPROTECT\00894795.MOZ -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
:mozilla.20:C:\RECYCLER\NPROTECT\00894795.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.21:C:\RECYCLER\NPROTECT\00894795.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.22:C:\RECYCLER\NPROTECT\00894795.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.23:C:\RECYCLER\NPROTECT\00894795.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.24:C:\RECYCLER\NPROTECT\00894795.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.25:C:\RECYCLER\NPROTECT\00894795.MOZ -> Spyware.Cookie.Mediaplex : Gesäubert mit Backup
:mozilla.51:C:\RECYCLER\NPROTECT\00894795.MOZ -> Spyware.Cookie.Advertising : Gesäubert mit Backup
:mozilla.52:C:\RECYCLER\NPROTECT\00894795.MOZ -> Spyware.Cookie.Advertising : Gesäubert mit Backup
:mozilla.53:C:\RECYCLER\NPROTECT\00894795.MOZ -> Spyware.Cookie.Advertising : Gesäubert mit Backup
:mozilla.11:C:\RECYCLER\NPROTECT\00894799.MOZ -> Spyware.Cookie.Com : Gesäubert mit Backup
:mozilla.12:C:\RECYCLER\NPROTECT\00894799.MOZ -> Spyware.Cookie.Com : Gesäubert mit Backup
:mozilla.18:C:\RECYCLER\NPROTECT\00894799.MOZ -> Spyware.Cookie.Doubleclick : Gesäubert mit Backup
:mozilla.19:C:\RECYCLER\NPROTECT\00894799.MOZ -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
:mozilla.20:C:\RECYCLER\NPROTECT\00894799.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.21:C:\RECYCLER\NPROTECT\00894799.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.22:C:\RECYCLER\NPROTECT\00894799.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.23:C:\RECYCLER\NPROTECT\00894799.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.24:C:\RECYCLER\NPROTECT\00894799.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.25:C:\RECYCLER\NPROTECT\00894799.MOZ -> Spyware.Cookie.Mediaplex : Gesäubert mit Backup
:mozilla.51:C:\RECYCLER\NPROTECT\00894799.MOZ -> Spyware.Cookie.Advertising : Gesäubert mit Backup
:mozilla.52:C:\RECYCLER\NPROTECT\00894799.MOZ -> Spyware.Cookie.Advertising : Gesäubert mit Backup
:mozilla.53:C:\RECYCLER\NPROTECT\00894799.MOZ -> Spyware.Cookie.Advertising : Gesäubert mit Backup
:mozilla.13:C:\RECYCLER\NPROTECT\00894800.MOZ -> Spyware.Cookie.Com : Gesäubert mit Backup
:mozilla.14:C:\RECYCLER\NPROTECT\00894800.MOZ -> Spyware.Cookie.Com : Gesäubert mit Backup
:mozilla.20:C:\RECYCLER\NPROTECT\00894800.MOZ -> Spyware.Cookie.Doubleclick : Gesäubert mit Backup
:mozilla.21:C:\RECYCLER\NPROTECT\00894800.MOZ -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
:mozilla.22:C:\RECYCLER\NPROTECT\00894800.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.23:C:\RECYCLER\NPROTECT\00894800.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.24:C:\RECYCLER\NPROTECT\00894800.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.25:C:\RECYCLER\NPROTECT\00894800.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.26:C:\RECYCLER\NPROTECT\00894800.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.27:C:\RECYCLER\NPROTECT\00894800.MOZ -> Spyware.Cookie.Mediaplex : Gesäubert mit Backup
:mozilla.51:C:\RECYCLER\NPROTECT\00894800.MOZ -> Spyware.Cookie.Advertising : Gesäubert mit Backup
:mozilla.52:C:\RECYCLER\NPROTECT\00894800.MOZ -> Spyware.Cookie.Advertising : Gesäubert mit Backup
:mozilla.53:C:\RECYCLER\NPROTECT\00894800.MOZ -> Spyware.Cookie.Advertising : Gesäubert mit Backup
:mozilla.13:C:\RECYCLER\NPROTECT\00894808.MOZ -> Spyware.Cookie.Com : Gesäubert mit Backup
:mozilla.14:C:\RECYCLER\NPROTECT\00894808.MOZ -> Spyware.Cookie.Com : Gesäubert mit Backup
:mozilla.20:C:\RECYCLER\NPROTECT\00894808.MOZ -> Spyware.Cookie.Doubleclick : Gesäubert mit Backup
:mozilla.21:C:\RECYCLER\NPROTECT\00894808.MOZ -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
:mozilla.22:C:\RECYCLER\NPROTECT\00894808.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.23:C:\RECYCLER\NPROTECT\00894808.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.24:C:\RECYCLER\NPROTECT\00894808.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.25:C:\RECYCLER\NPROTECT\00894808.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.26:C:\RECYCLER\NPROTECT\00894808.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.27:C:\RECYCLER\NPROTECT\00894808.MOZ -> Spyware.Cookie.Mediaplex : Gesäubert mit Backup
:mozilla.51:C:\RECYCLER\NPROTECT\00894808.MOZ -> Spyware.Cookie.Advertising : Gesäubert mit Backup
:mozilla.52:C:\RECYCLER\NPROTECT\00894808.MOZ -> Spyware.Cookie.Advertising : Gesäubert mit Backup
:mozilla.53:C:\RECYCLER\NPROTECT\00894808.MOZ -> Spyware.Cookie.Advertising : Gesäubert mit Backup
:mozilla.13:C:\RECYCLER\NPROTECT\00894809.MOZ -> Spyware.Cookie.Com : Gesäubert mit Backup
:mozilla.14:C:\RECYCLER\NPROTECT\00894809.MOZ -> Spyware.Cookie.Com : Gesäubert mit Backup
:mozilla.20:C:\RECYCLER\NPROTECT\00894809.MOZ -> Spyware.Cookie.Doubleclick : Gesäubert mit Backup
:mozilla.21:C:\RECYCLER\NPROTECT\00894809.MOZ -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
:mozilla.22:C:\RECYCLER\NPROTECT\00894809.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.23:C:\RECYCLER\NPROTECT\00894809.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.24:C:\RECYCLER\NPROTECT\00894809.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.25:C:\RECYCLER\NPROTECT\00894809.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.26:C:\RECYCLER\NPROTECT\00894809.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.27:C:\RECYCLER\NPROTECT\00894809.MOZ -> Spyware.Cookie.Mediaplex : Gesäubert mit Backup
:mozilla.51:C:\RECYCLER\NPROTECT\00894809.MOZ -> Spyware.Cookie.Advertising : Gesäubert mit Backup
:mozilla.52:C:\RECYCLER\NPROTECT\00894809.MOZ -> Spyware.Cookie.Advertising : Gesäubert mit Backup
:mozilla.53:C:\RECYCLER\NPROTECT\00894809.MOZ -> Spyware.Cookie.Advertising : Gesäubert mit Backup
:mozilla.6:C:\RECYCLER\NPROTECT\00894814.MOZ -> Spyware.Cookie.Doubleclick : Gesäubert mit Backup
:mozilla.8:C:\RECYCLER\NPROTECT\00894814.MOZ -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
:mozilla.16:C:\RECYCLER\NPROTECT\00894814.MOZ -> Spyware.Cookie.Com : Gesäubert mit Backup
:mozilla.17:C:\RECYCLER\NPROTECT\00894814.MOZ -> Spyware.Cookie.Com : Gesäubert mit Backup
:mozilla.22:C:\RECYCLER\NPROTECT\00894814.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.23:C:\RECYCLER\NPROTECT\00894814.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.24:C:\RECYCLER\NPROTECT\00894814.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.25:C:\RECYCLER\NPROTECT\00894814.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.26:C:\RECYCLER\NPROTECT\00894814.MOZ -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.27:C:\RECYCLER\NPROTECT\00894814.MOZ -> Spyware.Cookie.Mediaplex : Gesäubert mit Backup
:mozilla.51:C:\RECYCLER\NPROTECT\00894814.MOZ -> Spyware.Cookie.Advertising : Gesäubert mit Backup
:mozilla.52:C:\RECYCLER\NPROTECT\00894814.MOZ -> Spyware.Cookie.Advertising : Gesäubert mit Backup
:mozilla.53:C:\RECYCLER\NPROTECT\00894814.MOZ -> Spyware.Cookie.Advertising : Gesäubert mit Backup
C:\WINDOWS\system32\msctl32.dll -> Not-A-Virus.SpamTool.Win32.Mailbot.s : Gesäubert mit Backup


::Report Ende


Ciao, Pfeife

PS: Steckt denn jetzt noch immer irgendwo der Wurm drin?
Die Logfiles von AdAware und Spybot werde ich noch auftreiben.

Na, das gefällt mir bisher ja schon ganz gut!
cacatoa

Jau, mir auch!
Dank Deiner Hilfe läuft das System bisher rund.

Die Logfiles von Spybot habe ich inzwischen gefunden:

Checks-Log:
13.01.2006 13:21:31 - ##### check started #####
13.01.2006 13:21:31 - ### Version: 1.4
13.01.2006 13:21:31 - ### Date: 13.01.2006 13:21:31
13.01.2006 13:21:39 - ##### checking bots #####
13.01.2006 13:27:34 - found: ErrorSafe Einstellungen
13.01.2006 13:27:49 - found: Smitfraud-C. Einstellungen
13.01.2006 13:27:49 - found: Smitfraud-C. Einstellungen
13.01.2006 13:27:50 - found: Smitfraud-C. Daten
13.01.2006 13:27:50 - found: Smitfraud-C. Daten
13.01.2006 13:27:50 - found: Smitfraud-C. Einstellungen
13.01.2006 13:28:17 - found: Windows.ActiveDesktop Benutzer-Einstellungen
13.01.2006 13:28:31 - found: Windows Security Center.AntiVirusDisableNotify Einstellungen
13.01.2006 13:30:40 - found: NewsUpdate Class ID CTMarq Property Page
13.01.2006 13:31:11 - found: Advertising.com Verfolgender Cookie (Firefox: default)
13.01.2006 13:31:11 - found: Advertising.com Verfolgender Cookie (Firefox: default)
13.01.2006 13:31:11 - found: Advertising.com Verfolgender Cookie (Firefox: default)
13.01.2006 13:31:11 - found: DoubleClick Verfolgender Cookie (Firefox: default)
13.01.2006 13:31:11 - found: MediaPlex Verfolgender Cookie (Firefox: default)
13.01.2006 13:34:07 - found: CoolWWWSearch Lesezeichen (Firefox: default)
13.01.2006 13:34:07 - found: CoolWWWSearch Lesezeichen (Firefox: default)
13.01.2006 13:34:07 - found: CoolWWWSearch Lesezeichen (Firefox: default)
13.01.2006 13:34:09 - ##### check finished #####

##########################################

Checks-Txt:

--- Report generated: 2006-01-13 13:34 ---

ErrorSafe: Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\drsmartload

Smitfraud-C.: Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msctl32.dll\DllName

Smitfraud-C.: Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msctl32.dll\Startup

Smitfraud-C.: Daten (Datei, nothing done)
c:\windows\drsmartload.dat

Smitfraud-C.: Daten (Datei, nothing done)
c:\windows\teller2.chk

Smitfraud-C.: Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_USERS\S-1-5-21-1454471165-854245398-1060284298-1003\WindowsSubVersion

Windows.ActiveDesktop: Benutzer-Einstellungen (Registrierungsdatenbank-Änderung, nothing done)
HKEY_USERS\S-1-5-21-1454471165-854245398-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1

Windows Security Center.AntiVirusDisableNotify: Einstellungen (Registrierungsdatenbank-Änderung, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

NewsUpdate: Class ID (CTMarq Property Page) (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C1B43B82-8B3C-11D4-B615-00A0C98E9F5B}

Advertising.com: Verfolgender Cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Verfolgender Cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Verfolgender Cookie (Firefox: default) (Cookie, nothing done)


DoubleClick: Verfolgender Cookie (Firefox: default) (Cookie, nothing done)


MediaPlex: Verfolgender Cookie (Firefox: default) (Cookie, nothing done)


CoolWWWSearch: Lesezeichen (Firefox: default) (Lesezeichen, nothing done)


CoolWWWSearch: Lesezeichen (Firefox: default) (Lesezeichen, nothing done)


CoolWWWSearch: Lesezeichen (Firefox: default) (Lesezeichen, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-01-13 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-01-13 Includes\Cookies.sbi (*)
2006-01-13 Includes\Dialer.sbi (*)
2006-01-13 Includes\Hijackers.sbi (*)
2006-01-13 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-01-13 Includes\Malware.sbi (*)
2006-01-13 Includes\PUPS.sbi (*)
2003-11-12 Includes\QA Tests.sbi (*)
2006-01-13 Includes\Revision.sbi (*)
2006-01-13 Includes\Security.sbi (*)
2006-01-13 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-01-13 Includes\Trojans.sbi (*)

##########################

Fixes-Txt:


--- Report generated: 2006-01-13 13:48 ---

ErrorSafe: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\drsmartload

Smitfraud-C.: Einstellungen (Registrierungsdatenbank-Wert, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msctl32.dll\DllName

Smitfraud-C.: Einstellungen (Registrierungsdatenbank-Wert, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msctl32.dll\Startup

Smitfraud-C.: Daten (Datei, fixed)
c:\windows\drsmartload.dat

Smitfraud-C.: Daten (Datei, fixed)
c:\windows\teller2.chk

Smitfraud-C.: Einstellungen (Registrierungsdatenbank-Wert, fixed)
HKEY_USERS\S-1-5-21-1454471165-854245398-1060284298-1003\WindowsSubVersion

Windows.ActiveDesktop: Benutzer-Einstellungen (Registrierungsdatenbank-Änderung, fixed)
HKEY_USERS\S-1-5-21-1454471165-854245398-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1

Windows Security Center.AntiVirusDisableNotify: Einstellungen (Registrierungsdatenbank-Änderung, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

NewsUpdate: Class ID (CTMarq Property Page) (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C1B43B82-8B3C-11D4-B615-00A0C98E9F5B}

Advertising.com: Verfolgender Cookie (Firefox: default) (Cookie, fixed)


Advertising.com: Verfolgender Cookie (Firefox: default) (Cookie, fixed)


Advertising.com: Verfolgender Cookie (Firefox: default) (Cookie, fixed)


DoubleClick: Verfolgender Cookie (Firefox: default) (Cookie, fixed)


MediaPlex: Verfolgender Cookie (Firefox: default) (Cookie, fixed)


CoolWWWSearch: Lesezeichen (Firefox: default) (Lesezeichen, fixed)


CoolWWWSearch: Lesezeichen (Firefox: default) (Lesezeichen, fixed)


CoolWWWSearch: Lesezeichen (Firefox: default) (Lesezeichen, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-01-13 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-01-13 Includes\Cookies.sbi (*)
2006-01-13 Includes\Dialer.sbi (*)
2006-01-13 Includes\Hijackers.sbi (*)
2006-01-13 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-01-13 Includes\Malware.sbi (*)
2006-01-13 Includes\PUPS.sbi (*)
2003-11-12 Includes\QA Tests.sbi (*)
2006-01-13 Includes\Revision.sbi (*)
2006-01-13 Includes\Security.sbi (*)
2006-01-13 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-01-13 Includes\Trojans.sbi (*)



AdAware hatte ich ja vorher laufen lassen. Da wurden mehr als 80 Einträge gefunden/gelöscht/gefixt/was auch immer.

Diese Ergebnisse werde ich auch noch irgendwo finden.
Kommen in der nächsten Nachricht.

Bisher alles normal.
Toll, daß Du mir so geholfen hast!

Ciao, Pfeife

Hier kommt das Logfile von AdAware:


Ad-Aware SE Build 1.06r1
Logfile Created on:Freitag, 13. Januar 2006 13:49:42
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R86 11.01.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):51 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


13.01.2006 13:49:42 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\Tom\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\ahead\nero wave editor\recent file list
Description : list of recently used files in nero wave editor


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\macromedia\dreamweaver 4\recent file list
Description : list of recently used files in macromedia dreamweaver


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\macromedia\dreamweaver 6\recent file list
Description : list of recently used files in macromedia dreamweaver


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\frontpage\editor
Description : default add image directory for microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\frontpage\editor\recent templates
Description : list of recently used templates in microsoft publisher


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
Description : list of recently used files in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent page list
Description : list of recently used pages in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent publish list
Description : list of recently published webs in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
Description : list of recently used webs in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\frontpage\webs\opened
Description : list of recently opened webs in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\office\10.0\common\search\last query
Description : last query in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\office\10.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\office\10.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\office\10.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\office\10.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\office\10.0\publisher\recent file list
Description : list of recent files used by microsoft publisher


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\office\10.0\word\recent templates
Description : list of recent templates used by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\realnetworks\realplayer\6.0\preferences
Description : last save as directory in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-854245398-1060284298-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 148
ThreadCreationTime : 13.01.2006 12:16:16
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 208
ThreadCreationTime : 13.01.2006 12:18:17
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 232
ThreadCreationTime : 13.01.2006 12:18:19
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 276
ThreadCreationTime : 13.01.2006 12:18:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 288
ThreadCreationTime : 13.01.2006 12:18:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 444
ThreadCreationTime : 13.01.2006 12:18:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 504
ThreadCreationTime : 13.01.2006 12:18:37
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 560
ThreadCreationTime : 13.01.2006 12:18:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 744
ThreadCreationTime : 13.01.2006 12:19:01
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:10 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1024
ThreadCreationTime : 13.01.2006 12:49:14
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 51


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 51


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 51


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 51



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 51


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 51


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 51

14:28:54 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:39:11.761
Objects scanned:344922
Objects identified:0
Objects ignored:0
New critical objects:0



Mir sagt das im Detail ja alles nichts. Aber auch mir zeigt sich, daß da so einiges bereinigt wurde.

AdAware ließ ich alle paar Wochen mal über den Rechner laufen. Aber ich hatte noch nicht die neuste Version. Ab sofort lasse ich den Rechner regelmäßig mit AdAware und Spybot durchleuchten.

Ciao, Pfeife

So, Pfeife,
bitte noch ein abschließendes HJT-Logfile posten; dann haben wir´s.
cacatoa

Das wäre zu schön, um wahr zu sein!

HJT-Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 19:44:38, on 14.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\IconSaver\IconSaver.exe
C:\WINDOWS\System32\fast.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Programme\Sony Handheld\HOTSYNC.EXE
C:\Programme\klickIdent Herbst 2005\klickIdentPP.exe
C:\Programme\Sony Handheld\USBSwt.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SCARDS32.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\Fast.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\RegSeeker\RegSeeker145\RegSeeker\RegSeeker.exe
C:\Programme\The Bat!\thebat.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\OPScan.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Dokumente und Einstellungen\T**\Desktop\Windows XP Update\Hijackthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PreispiratenSearchURL - {0B660087-931C-4056-A04F-0423890E40B6} - C:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: metaspinner media GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\Preispiraten\Preispiraten2\IEButtonAmazonInterface.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {BBE59AF5-EE22-4A3A-AB26-3F774D1B4216} - C:\Programme\FolderBox\FolderBox.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: metaspinner media GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\Preispiraten\Preispiraten2\IEButtonEBayInterface.dll
O2 - BHO: metaspinner media GmbH - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - C:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IconSaver] "C:\Programme\IconSaver\IconSaver.exe"
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\System32\bgswitch.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [klickIdentPP.exe"] "C:\Programme\klickIdent Herbst 2005\klickIdentPP.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programme\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Startup: HotSync Manager.lnk = C:\Programme\Sony Handheld\HOTSYNC.EXE
O4 - Startup: klickIdent 15.lnk = C:\Programme\klickIdent Herbst 2005\klickIdentPP.exe
O4 - Startup: SonyPDA USB Switcher.lnk = C:\Programme\Sony Handheld\USBSwt.exe
O8 - Extra context menu item: &Google-Suche - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten\\Preispiraten2\\preispiraten.html
O8 - Extra context menu item: eBay - Mein eBay - C:\Programme\Preispiraten\Preispiraten2\SearchEbaymein.htm
O8 - Extra context menu item: eBay - Powersuche - C:\Programme\Preispiraten\Preispiraten2\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Startseite - C:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm
O8 - Extra context menu item: eBay Suche starten - C:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm
O8 - Extra context menu item: Google AdSense Preview Tool - h**p://pagead2.googlesyndication.com/pagead/preview/en/preview.html
O8 - Extra context menu item: Google Suche - C:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm
O8 - Extra context menu item: Google Suche starten - C:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Preispiraten 2.5 - {2638A03E-1669-43BE-8119-B47087629A7F} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programme\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programme\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .sib: C:\Programme\Internet Explorer\PLUGINS\NPSibelius.dll
O14 - IERESET.INF: START_PAGE_URL=h**p://www.spartipps.com/
O16 - DPF: Yahoo! Chat - h**p://cs5.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - h**p://site.ebrary.com/support/plugins/ebraryRdr.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - h**ps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=h**p://www2.minolta.de/foto/a1de/09_2.html
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - h**p://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - h**p://172.16.7.100/wfica.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - h**p://download.ebay.com/turbo_lister/DE/install.cab
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - h**ps://banking.seb.de/hbci/plugin/AXFOAM.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - h**p://cs6.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - h**p://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095436890020
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - h**p://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - h**p://toolbar.google.com/data/de/deleon/1.1.54-deleon/GoogleNav.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - h**p://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - h**p://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - h**p://asp04.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: CHIPDRIVESCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programme\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

In den nächsten Tagen werde ich mich mal näher mit HJT befassen. Schließlich will ich verstehen, wie man solch ein Logfile deutet, und was das Programm sonst noch kann.

Ciao, Pfeife

Hi, Pfeife,
dein Logfile ist o.k.
Du solltest Dir noch Spyware Blaster installieren und up to date halten. Warum? Ich sehe in deinem Log viele Active-X Elemente. Spyware-Blaster verhindert die Installation von unerwünschten Active-X-Elementen.
Immer wieder mal Spybot S&D laufen lassen, sowie AdAware SE; und vor allem nicht auf alles clicken, was auf den ersten Blick gut aussieht!
So, das war´s.
cacatoa

Wird gemacht!
Cacatoa, habe ganz herzlichen Dank für Deine große Hilfe!
Ich werde Deine Ratschläge befolgen und mich vor allem nicht mehr darauf verlassen, daß Norton Antivirus und eine Firewall im Router mich vor allem beschützen.

Die größte Sicherheitslücke ist nicht IM, sondern sitzt VOR dem Computer. Auch das habe ich gelernt.

Ich kann nur sagen:
Mercithankyougraziebedankteucharistoutodagraciastaktesekurlerschukran!

Ciao, Pfeife (der die ganze Zeit überlegt, warum er eine Hundeseele haben sollte...) ;-)

Gern geschehen!
Na, und das mit der Hundeseele: Hunde sind halt einfach die besseren Menschen...;)
cacatoa