hilfe bei search extender und Co.
 

hallo leute
kann mir vielleicht jemand hier helfen den scheiß von about blank krieg ich einfach nicht raus.hab schon so ziemlich alles probiert.hoffe mir kann jemand hier helfen.ich verzweifle schon an der sache

Hallo,
bitte ein Log mit diesem Programm erstellen:

www.Hijackthis.de

Inhalt hier in den Thread posten.

habe es gemacht.und weiter??? hier das log

Logfile of HijackThis v1.99.0
Scan saved at 11:54:36, on 29.12.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\WINDOWS\Mixer.exe
C:\Programme\FRITZ!DSL\Awatch.exe
C:\WINDOWS\system32\sdkac32.exe
C:\Programme\BullsEye Network\bin\bargains.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\FRITZ!DSL\FritzDsl.exe
C:\WINDOWS\Kaffeetasse.bmp:brdqb
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\ralf\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis_199.zip\HijackThis.exe

Dies ist kein vollständiges Log-File.
Versuche es erneut:
Öffne nochmal das hijackthis.log -> Strg+A (alles markieren) -> Strg+C (kopieren) -> Strg+V (hier in den Thread einfügen)

so hier nochmal das log:

Logfile of HijackThis v1.99.0
Scan saved at 17:01:04, on 29.12.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\sdkac32.exe
C:\Programme\BullsEye Network\bin\bargains.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\FRITZ!DSL\FritzDsl.exe
C:\WINDOWS\Kaffeetasse.bmp:brdqb
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\ralf\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ctdle.dll/sp.html#33111
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ctdle.dll/sp.html#33111
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ctdle.dll/sp.html#33111
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ctdle.dll/sp.html#33111
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ctdle.dll/sp.html#33111
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ctdle.dll/sp.html#33111
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ctdle.dll/sp.html#33111
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4C7D3C5F-2A2C-6D88-350C-CC5AF574F6A5} - C:\WINDOWS\msyb32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [sais] c:\programme\180solutions\sais.exe
O4 - HKLM\..\Run: [smss32host] C:\WINDOWS\System32\winrunexpoler.exe
O4 - HKLM\..\Run: [discspoolx] C:\WINDOWS\System32\host.exe %srun%
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AWatch] C:\Programme\FRITZ!DSL\Awatch.exe
O4 - HKLM\..\Run: [iekk.exe] C:\WINDOWS\system32\iekk.exe
O4 - HKLM\..\Run: [sdkac32.exe] C:\WINDOWS\system32\sdkac32.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Programme\BullsEye Network\bin\bargains.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: FRITZ!dsl.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093946989171
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {FF521631-31DA-48AC-B4E9-390A7694C906} (EGEGAUTH Class) - http://akamai.downloadv3.com/binarie..._1_4_EN_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D9605C2-656E-4E7E-8238-8B339FBF0862}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{98B61CA5-CDD4-4FB5-B430-81DFA4BC6ADA}: NameServer = 192.168.122.252,192.168.122.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D9605C2-656E-4E7E-8238-8B339FBF0862}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D9605C2-656E-4E7E-8238-8B339FBF0862}: NameServer = 192.168.120.252,192.168.120.253
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)
O23 - Service: AVM FRITZ!web Routing Service - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\Kaffeetasse.bmp:brdqb.exe (file missing)



und jetzt

Upss, was ist denn das?
Also, wenn du dir Zeit und Nerven sparen willst, mach die Möhre platt.
Ansonsten gehe erst einmal so vor:
Automatische HJT benutzen und alles rote abarbeiten.
Abgesichert natürlich.

C:\Programme\BullsEye Network\bin\bargains.exe, dass muss noch manuell gelöscht werden.
Neues HJT posten und falls wir das einigermaßen sauber bekommen sollten, könnte ein update auch nicht schaden.
LG, Charlie

Das sieht in der Tat nicht gut aus, las mal noch E-Scan wie beschrieben updaten und durchlaufen, suche im Log die "infected"_Einträge und poste sie.

http://www.trojaner-board.de/42731-escan-anleitung.html

so das erste log:

Logfile of HijackThis v1.99.0
Scan saved at 00:00:24, on 30.12.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\WINDOWS\Mixer.exe
C:\Programme\FRITZ!DSL\Awatch.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\FRITZ!DSL\FritzDsl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\DOKUME~1\ralf\LOKALE~1\Temp\mwavscan.com
C:\DOKUME~1\ralf\LOKALE~1\Temp\kavss.exe
C:\Dokumente und Einstellungen\ralf\Lokale Einstellungen\Temp\Temporäres Verzeichnis 3 für hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AWatch] C:\Programme\FRITZ!DSL\Awatch.exe
O4 - Startup: FRITZ!dsl.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093946989171
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D9605C2-656E-4E7E-8238-8B339FBF0862}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{98B61CA5-CDD4-4FB5-B430-81DFA4BC6ADA}: NameServer = 192.168.122.252,192.168.122.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D9605C2-656E-4E7E-8238-8B339FBF0862}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D9605C2-656E-4E7E-8238-8B339FBF0862}: NameServer = 192.168.120.252,192.168.120.253
O23 - Service: AVM FRITZ!web Routing Service - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe

und escan läuft aber was der der noch alles find ich glaub ich werde wahnsinnig

Du postest aber schon von einem anderen Rechner und eScan scannt gerade im abgesicherten Modus den kompromittierten Rechner, oder?

escan läuft im abgesichtern modus wieso???

R3 - Default URLSearchHook is missing
Das erst einmal noch löschen, hast du die 015 Einträge selbst gestattet, sonst noch löschen.
Hmm und wie bist du online?
Liebe Grüße, Charlie

Mich würde interessieren, was E-Scan z.Bsp. zu den Dateien sagt:

O4 - HKLM\..\Run: [smss32host] C:\WINDOWS\System32\winrunexpoler.exe
O4 - HKLM\..\Run: [discspoolx] C:\WINDOWS\System32\host.exe %srun%

Mich auch, werden wir ja sehen, falls das Board beim Logfile von E-Scan nicht schon aus den Nähten platzt. :D

so hier das log von escan:

File C:\WINDOWS\System32\angelex.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\apiax32.exe infected by "Trojan-Downloader.Win32.Agent.al" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\appfm32.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\apppo32.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\atldq.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\atlml32.exe infected by "Trojan-Downloader.Win32.Agent.al" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\atlwo.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\atlya.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\crsc32.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\d3bp32.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\d3ws.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\d3yq32.exe infected by "Trojan-Downloader.Win32.Agent.al" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dpojs.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dxmtd.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\fkwab.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\gjsff.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\hvajy.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ihdmg.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ipfn.exe infected by "Trojan-Downloader.Win32.Agent.al" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ipli.exe infected by "Trojan-Downloader.Win32.Agent.al" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ippb.exe infected by "Trojan-Downloader.Win32.Agent.al" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\jad.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\javagp32.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\kbcsq.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\kcszs.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\localNRD.dll infected by "not-a-virus:AdWare.BiSpy.s" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ltmht.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\lywdl.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\mshw32.exe infected by "Trojan-Downloader.Win32.Agent.al" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\msok.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\msvy32.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\mwnpw.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\netxw32.exe infected by "Trojan-Downloader.Win32.Agent.al" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ntgj.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\nzlck.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\n_cqvhyn.log infected by "Trojan-Downloader.Win32.Agent.db" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\n_eaofrb.txt infected by "Trojan-Downloader.Win32.Agent.db" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\n_fkrgib.txt infected by "Trojan-Downloader.Win32.Agent.db" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\n_gtogrf.dat infected by "Trojan-Downloader.Win32.Agent.db" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\n_itwmus.txt infected by "Trojan-Downloader.Win32.Agent.db" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\n_kqbutc.log infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\n_lcoplc.txt infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\n_mxnruw.log infected by "Trojan-Downloader.Win32.Agent.db" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\n_nbymap.log infected by "Trojan-Downloader.Win32.Agent.db" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\n_qfyxhd.log infected by "Trojan-Downloader.Win32.Agent.db" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\n_rmfdpl.log infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\n_wdrhhp.txt infected by "Trojan-Downloader.Win32.Agent.db" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\n_ykicdv.dat infected by "Trojan-Downloader.Win32.Agent.db" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\n_yydxfj.txt infected by "Trojan-Downloader.Win32.Agent.db" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\oavul.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ozcwz.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\pfebs.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\preInMPP.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\preInsln.exe infected by "not-a-virus:AdWare.BiSpy.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\rrkpj.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\rrmhy.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ruouw.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\sysad.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\sysve32.exe infected by "Trojan-Downloader.Win32.Agent.al" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\sysvz.exe infected by "Trojan-Downloader.Win32.Agent.al" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\tdlms.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\vwova.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\vzacq.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\winpa.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wpjbd.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wshve.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\xlpxy.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\addhp.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\angelex.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\appio32.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\atlbe32.exe infected by "Trojan-Downloader.Win32.Agent.al" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\atloq32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\atlrr.exe infected by "Trojan-Downloader.Win32.Agent.al" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\awobm.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\bjeze.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\cbejx.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ctdle.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\d3ad.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\d3ew32.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\d3si.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\d3yb32.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\d3yf32.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\evhvk.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\evpdr.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\exdl.exe infected by "not-a-virus:AdWare.BargainBuddy.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\exdl0.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\exul.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ezbrd.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ezpys.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\fastvideoplayer.dll infected by "Trojan-Downloader.Win32.Dyfuca.dn" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\flbbz.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\grszm.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\iepx.exe infected by "Trojan-Downloader.Win32.Agent.al" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\iesf.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ievj.exe infected by "Trojan-Downloader.Win32.Agent.al" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File C:\WINDOWS\system32\javabf32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\javaff32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\javexulm.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\jhcdr.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\kufdl.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\lccsi.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\lkwdi.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mfcev32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mfciy32.exe infected by "Trojan-Downloader.Win32.Agent.al" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mfcrt.exe infected by "Trojan-Downloader.Win32.Agent.al" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mqexdlm.srg infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\msah32.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\msbf32.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\msxs32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ndfcv.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\netdd32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\netof.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\netut80ex.vxd infected by "not-a-virus:AdWare.BargainBuddy.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\netws.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ntjw.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ntwb.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\odjor.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\oeaws.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\osxst.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\outfg.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\pzoaf.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\qnmvx.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\system32\sdkac32.exe infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\sdkds.exe infected by "Trojan-Downloader.Win32.Agent.al" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\sdkez.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\sglcz.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\skdle.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\vbiab.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\windb.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\yaypc.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\bb.exe infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\delwbi.tmp tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\ICD1.tmp\WinAdCtlX.dll infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\ICD2.tmp\WinAdCtlX.dll infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI196B.tmp\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI196B.tmp\preInMPP.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI1DE7.tmp\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.s" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI1DE7.tmp\preInMPP.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI213A.tmp\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.s" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI213A.tmp\preInMPP.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI2A01.tmp\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI2A01.tmp\preInMPP.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI2A43.tmp\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.s" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI2A43.tmp\preInMPP.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI2DFC.tmp\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI2DFC.tmp\preInMPP.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI42B7.tmp\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI42B7.tmp\preInMPP.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI451C.tmp\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI451C.tmp\preInMPP.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI5145.tmp\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI5145.tmp\preInMPP.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI5771.tmp\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI5771.tmp\preInMPP.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI5F6A.tmp\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI5F6A.tmp\preInMPP.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI62FD.tmp\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.s" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI62FD.tmp\preInMPP.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI64CC.tmp\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI64CC.tmp\preInMPP.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI6797.tmp\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI6797.tmp\preInMPP.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI730A.tmp\localNRD.dll infected by "not-a-virus:AdWare.BiSpy.s" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI730A.tmp\preInsln.exe infected by "not-a-virus:AdWare.BiSpy.o" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI7724.tmp\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THI7724.tmp\preInMPP.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THIEA7.tmp\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THIEA7.tmp\preInMPP.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THIFE4.tmp\multimpp.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\THIFE4.tmp\preInMPP.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\Temp\webrebates.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\ralf\LOKALE~1\TEMPOR~1\Content.IE5\2TG3I1E5\bbi8033[1].exe infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.

Also das Einfachste wäre wahrscheinlich wirklich:

http://board.protecus.de/showtopic.p...me=1097944155&

Ansonsten ist das erste, das du amchen musst windowsupdate, installiere service pack 2 und alle anderen empfohlenen Patche. Lösche dann das, was E-Scan gefunden hat im abgesicherten Modus und poste ein neues HJT-Log.

Auf jeden Fall musst du DRINGEND an deinen Surfgewohnheiten arbeiten. Tips dazu findest du hier:

http://www.mathematik.uni-marburg.de...ompromise.html
http://www.forum-3dcenter.org/vbulle...d.php?t=163074

@ icerose, geil das Logfile, also ich bin immer noch der Meinung, Plattmachen, denn die schöne Zeit und wenn ich das sage, will das schon was heißen.
Und falls du das nicht möchtest, oder nicht kannst besorge dir Scanner die automatisch löschen, denn wenn du es zu „Fuß“ machen willst, bist du erst zu Ostern wieder hier.
Liebe Grüße, Charlie

und was meinst du mit surfgewohnheiten????

Das werden dir gleich andere posten, so nun weiter im Text, schicke erst mal www.clearprog.de und Ewido drüber, dann sehen wir weiter.
LG, Charlie

Hier kannst du Ewirdo haben: http://www.ewido.net/de/

Diese Masse an Schädlingen gelangt nicht aus heiterem Himmel oder grundlos auf deinen Rechner, sondern weil du deine Software nicht richtig auswählst und konfigurierst, sowie bestimmte Regeln nicht beachtest (wo lade ich was herunter, welche mailanhänge öffne ich). Das fällt unter Surfgewohnheiten und es steht, wie gesagt, eigentlich alles in den Links. Tu dir den Gefallen, setze dein System neu auf und setze dann auf einem sauberen Rechner das um, was an Ratschlägen gepostet wurde.

so ich kann leider nichts dafür was auf meinem rechner ist.ich war 7 wochen im krankenhaus und als ich zurückkam hat mein mann mir erst gesagt was überhaupt los ist.und da konnte ich nichts mehr anderes machen.

so hier das neue hJT log:

Logfile of HijackThis v1.99.0
Scan saved at 08:28:56, on 06.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\WINDOWS\Mixer.exe
C:\Programme\FRITZ!DSL\Awatch.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\FRITZ!DSL\FritzDsl.exe
C:\DOKUME~1\ralf\LOKALE~1\Temp\Temporäres Verzeichnis 5 für hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rtl.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AWatch] C:\Programme\FRITZ!DSL\Awatch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093946989171
O17 - HKLM\System\CCS\Services\Tcpip\..\{6715E1A8-9A1D-480D-8862-06FCF563FFFA}: NameServer = 192.168.122.252,192.168.122.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C7336D-3500-4FC3-B433-64B410B4030F}: NameServer = 192.168.120.252,192.168.120.253
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: AVM FRITZ!web Routing Service - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe