Trojaner-Board - Antispy findet immer wieder IstBar Trojaner

F-Secure AntiSpy findet immer wieder einen IstBar Maleware Eintrag und es werden auch immer wieder verschiedene Trojaner gefunden, die zwar enfernt werden aber auch immer wieder auftauchen.
Hier der HiJackThis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 17:58:49, on 30.09.2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\154149\Program\SERVIC~1.EXE
C:\WINNT\System32\svchost.exe
C:\Programme\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Programme\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Programme\F-Secure Anti-Virus\backweb\154149\program\fsbwsys.exe
C:\Programme\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Programme\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\Programme\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Programme\Norton Internet Security\NISUM.EXE
C:\WINNT\System32\nvsvc32.exe
C:\Programme\F-Secure Anti-Virus\Common\FCH32.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Programme\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Programme\Norton Internet Security\SymProxySvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programme\Norton Internet Security\NISSERV.EXE
C:\Programme\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
C:\WINNT\Explorer.EXE
C:\Programme\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\F-Secure Anti-Virus\Common\FSM32.EXE
C:\Programme\Norton Internet Security\IAMAPP.EXE
C:\WINNT\System32\internat.exe
C:\Programme\F-Secure Anti-Virus\FSGUI\fsguiexe.exe
C:\Programme\F-Secure Anti-Virus\backweb\154149\Program\fspex.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Symantec\LiveUpdate\AUpdate.exe
E:\Toolz\CWS\HijackThis.exe
C:\Programme\Symantec\LiveUpdate\AUpdate.exe
C:\WINNT\system32\tftp.exe
C:\WINNT\system32\tftp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.web.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://www.msn.de/
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mouse] mouse.exe
O4 - HKLM\..\Run: [System Updates Service] updates.pif
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\F-Secure Anti-Virus\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [iamapp] C:\Programme\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\RunServices: [mouse] mouse.exe
O4 - HKLM\..\RunServices: [System Updates Service] updates.pif
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [System Updates Service] updates.pif
O4 - HKCU\..\RunServices: [System Updates Service] updates.pif
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - h**p://software-dl.real.com/1789dc935413ec945023/netzip/RdxIE601_de.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - h**p://a1540.g.akamai.net/7/1540/52/20030625/qtinstall.info.apple.com/abarth/de/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125743465999
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - h**p://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C5EFF12-B142-4DED-BAA5-9B3AD0A84942}: NameServer = 217.237.150.225 217.237.150.141
O23 - Service: F-Secure Anti-Virus 2005 - WEB.DE Edition (BackWeb Plug-in - 154149) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\154149\Program\SERVIC~1.EXE
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programme\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\F-Secure Anti-Virus\backweb\154149\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: Enables Java Support (Java) - Unknown owner - C:\WINNT\System32\winjava.exe (file missing)
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Programme\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Programme\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Programme\Norton Internet Security\SymProxySvc.exe

vielleicht ist da ja was zu sehen.
In Regedit taucht auch ein IstBar Ordner auf der aber nicht zu löschen ist.

[edit]
links entfernt
[/edit]