Hallo zusammen, habe auch den BDS/Agent.AY auf meiner Platte.

Vorweg, ich benutze den IE nicht, Firefox ist viel schneller! *g*

Ich poste hier mal meine hjt.log


Logfile of HijackThis v1.98.2
Scan saved at 19:04:24, on 24.11.2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\Anti Virus Personal\AVGUARD.EXE
C:\Programme\Anti Virus Personal\AVWUPSRV.EXE
C:\WINNT\system32\hidserv.exe
C:\intranet\Jana2\janad.exe
C:\intranet\mysql\bin\mysqld-nt.exe
C:\PROGRA~1\NAVNT\navapsvc.exe
C:\PROGRA~1\NAVNT\npssvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\NAVNT\alertsvc.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe
C:\Programme\Logitech\2.20\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\9.73\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programme\ahead\InCD\InCD.exe
C:\Programme\Logitech\9.73\MouseWare\system\em_exec.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\uptodate.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\Programme\NAVNT\POPROXY.EXE
C:\PROGRA~1\WINPAT~1\WinPatrol.exe
C:\Programme\winamp 5.03\winampa.exe
C:\Programme\ZoneAlarm\zlclient.exe
C:\Programme\Anti Virus Personal\AVGNT.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Programme\NoPopUp 2003\nopopup.exe
C:\Programme\Star Downloader\stardown.exe
C:\Programme\VirtualDVR\VirtualDVR.exe
C:\Programme\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\TVgenial\TVgenial.exe
C:\WINNT\twain_32\C6U14K\WATCH.exe
C:\WINNT\BA47.exe
C:\Programme\NAVNT\navapw32.exe
C:\Programme\Firebird\MozillaFirebird.exe
C:\bases\mwavscan.com
C:\bases\kavss.exe
C:\WINNT\system32\taskmgr.exe
G:\unzipped\Viren Worms Trojaner Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aon.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.topfivesearch.com/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.topfivesearch.com/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.topfivesearch.com/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von Lycos Europe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.aon.at:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: IPInsigtObj Class - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINNT\IPINSIGT.DLL
O2 - BHO: F1 Organizer Class - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - C:\WINNT\System32\mpz300.dll
O2 - BHO: CBho404 Object - {087173EF-9829-4F49-8340-A524177D3F60} - C:\WINNT\system32\inetp60.dll
O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: FeaturedResultsBHO Class - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINNT\system32\msiefr40.dll
O2 - BHO: NetPal Class - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} - C:\WINNT\System32\NetPal.dll
O2 - BHO: BRedObj Class - {665ACD90-4541-4836-9FE4-062386BB8F05} - C:\Programme\Flt\Flt.dll
O2 - BHO: IEHooks Class - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Programme\ClearSearch\IE_ClrSch.DLL
O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINNT\AdRoar.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINNT\AdRoar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\2.20\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\9.73\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [InCD] C:\Programme\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINNT\uptodate.exe
O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINNT\system32\msiefr40.dll,DllRunServer
O4 - HKLM\..\Run: [MSDIconsAndLabels] rundll32 C:\WINNT\system32\ShellExt\MsdServ.dll,Start C:\WINNT\system32\ShellExt\MSDIconsAndLabels.exe
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINNT\ARUpdate.exe
O4 - HKLM\..\Run: [websearch] wjview /cp "C:\Programme\websearch\System\Code" Main lp: "C:\Programme\websearch"
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\NAVNT\npscheck.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NAVNT\defalert.exe
O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINNT\system32\inetp60.dll,DllRunServer
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Programme\NAVNT\POPROXY.EXE
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\winamp 5.03\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\Anti Virus Personal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NoPopUp] C:\Programme\NoPopUp 2003\nopopup.exe /autorun
O4 - HKCU\..\Run: [YAW Autostart] "C:\Programme\YAW3\yaw.exe"
O4 - HKCU\..\Run: [Star Downloader] C:\Programme\Star Downloader\stardown.exe
O4 - HKCU\..\Run: [VirtualDVR] C:\Programme\VirtualDVR\VirtualDVR.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [TVgenial] C:\Programme\TVgenial\TVgenial.exe -d
O4 - Startup: WIN.ECO Secure-Mailer.lnk = C:\Programme\Secure-Mailer\WESecureMailer1.exe
O4 - Global Startup: Watch.lnk = C:\WINNT\twain_32\C6U14K\WATCH.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Programme\NAVNT\navapw32.exe
O8 - Extra context menu item: Download &All by FD - C:\Programme\FreshDownload\fdiectx2.htm
O8 - Extra context menu item: Download with &FD - C:\Programme\FreshDownload\fdiectx.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Programme\Star Downloader\sdie.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Browser Pal Toolbar - {07B7F771-1B8E-4B7B-823E-FFAC1732AA9F} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: PicGrab - {7830F8A6-59CC-44E8-9EEB-F3018BD38CF6} - C:\Programme\PicGrab\iestarter.exe (HKCU)
O9 - Extra button: (no name) - {8E0FA780-A2FE-4D8A-A5BD-17566FA4D5D9} - C:\Programme\PicGrab\iestarter.exe (HKCU)
O9 - Extra 'Tools' menuitem: &PicGrab starten - {8E0FA780-A2FE-4D8A-A5BD-17566FA4D5D9} - C:\Programme\PicGrab\iestarter.exe (HKCU)
O16 - DPF: ChatSpace Full Java Client 2.1.0.91 - http://213.229.33.36/java/cs4fs091.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
O16 - DPF: {6ABC861A-31E7-4D91-B43B-D3C98F22A5C0} (SecureWeb Class) - http://secure.aconti.net/(ji0w3u2ami3cig45atuq5ay3)/secureweb/SecureWeb.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://a1964.g.akamai.net/f/1964/273.../SNDriveBy.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4412701C-7B98-4370-AC12-328B1A804514}: NameServer = 195.3.96.67,195.3.96.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CE959B1-EB57-477F-B19E-4C02BF6B54EE}: NameServer = 192.168.0.1

Was ist denn eine AdWare

Fortsetzung folgt

Fortsetzung 1:

eScan hab ich laufen lassen:

Virus Found 127
Disinfected 0
Deleted 0
Renamed 0
Errors 13

Virus Log Information:

File C:\Programme\ClearSearch\IE_ClrSch.DLL tagged as not-a-virus:AdWare.ClearSearch.i. No Action Taken.
File C:\WINNT\system32\inetp60.dll tagged as not-a-virus:AdWare.ToolBar.Bymoh. No Action Taken.
File C:\WINNT\system32\msiefr40.dll tagged as not-a-virus:AdWare.Toolbar.Cash. No Action Taken.
File C:\WINNT\uptodate.exe infected by "TrojanDownloader.Win32.Braidupdate" Virus. Action Taken: No Action Taken.
File C:\WINNT\System32\mpz300.dll infected by "TrojanDownloader.Win32.BHO" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\inetp60.dll tagged as not-a-virus:AdWare.ToolBar.Bymoh. No Action Taken.
File C:\WINNT\system32\msiefr40.dll tagged as not-a-virus:AdWare.Toolbar.Cash. No Action Taken.
File C:\WINNT\System32\NetPal.dll infected by "TrojanDownloader.Win32.BHO" Virus. Action Taken: No Action Taken.
File C:\Programme\ClearSearch\IE_ClrSch.DLL tagged as not-a-virus:AdWare.ClearSearch.i. No Action Taken.
File C:\WINNT\AdRoar.dll infected by "TrojanDownloader.Win32.Adroar" Virus. Action Taken: No Action Taken.
File C:\WINNT\uptodate.exe infected by "TrojanDownloader.Win32.Braidupdate" Virus. Action Taken: No Action Taken.
File C:\WINNT\uptodate.exe infected by "TrojanDownloader.Win32.Braidupdate" Virus. Action Taken: No Action Taken.
File C:\WINNT\MSView.DLL tagged as not-a-virus:AdWare.BiSpy.m. No Action Taken.
File C:\WINNT\MSVprep.exe tagged as not-a-virus:AdWare.BiSpy.r. No Action Taken.
File C:\WINNT\ast_2to3.exe infected by "TrojanDownloader.Win32.VB.ah" Virus. Action Taken: No Action Taken.
File C:\WINNT\ast_1to2.exe infected by "TrojanDownloader.Win32.VB.ah" Virus. Action Taken: No Action Taken.
File C:\WINNT\cpruninst.exe infected by "TrojanDownloader.Win32.Adroar" Virus. Action Taken: No Action Taken.
File C:\WINNT\ARUpdate.exe infected by "TrojanDownloader.Win32.Adroar" Virus. Action Taken: No Action Taken.
File C:\WINNT\AdRoar.dll infected by "TrojanDownloader.Win32.Adroar" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\mpz300.dll infected by "TrojanDownloader.Win32.BHO" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\NLNP13.dll tagged as not-a-virus:AdWare.IGetNet. No Action Taken.
File C:\WINNT\system32\inetp60.dll tagged as not-a-virus:AdWare.ToolBar.Bymoh. No Action Taken.
File C:\WINNT\system32\msbb.dll tagged as not-a-virus:AdWare.180Solutions. No Action Taken.
File C:\WINNT\system32\NLNP!3.exe tagged as not-a-virus:AdWare.IGetNet. No Action Taken.
File C:\WINNT\system32\ast_.dll infected by "TrojanDownloader.Win32.VB.ah" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\cd_clint.dll tagged as not-a-virus:AdWare.Cydoor. No Action Taken.
File C:\WINNT\system32\msiefr40.dll tagged as not-a-virus:AdWare.Toolbar.Cash. No Action Taken.
File C:\WINNT\system32\msbb1.dll tagged as not-a-virus:AdWare.180Solutions. No Action Taken.
File C:\WINNT\system32\netpal.dll infected by "TrojanDownloader.Win32.BHO" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\e6f1873b.dll infected by "TrojanDownloader.Win32.Braidupdate.d" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\pr1ze5.dll infected by "Trojan.Win32.RCSync" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\NLNP131.dll tagged as not-a-virus:AdWare.IGetNet. No Action Taken.
File C:\WINNT\system32\H@tKeysH@@k.DLL tagged as not-a-virus:Cracker.Game.HotHook.dll. No Action Taken.
File C:\WINNT\system32\prizesurfer_setup.exe infected by "Trojan.Win32.RCSync" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\ClrSchP0121.dll infected by "Backdoor.Ruledor.c" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\mbho.dll tagged as not-a-virus:AdWare.WurldMedia. No Action Taken.
File C:\WINNT\system32\ClrSchP012.dlltmp infected by "Backdoor.Ruledor.c" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\nostalgia.dll tagged as not-a-virus:AdWare.BiSpy.m. No Action Taken.
File C:\WINNT\system32\MSView.exe tagged as not-a-virus:AdWare.BiSpy.m. No Action Taken.
File C:\WINNT\system32\ezStubtt.exe tagged as not-a-virus:AdWare.EZula.a. No Action Taken.
File C:\WINNT\system32\ezStubi.dll tagged as not-a-virus:AdWare.EZula.a. No Action Taken.
File C:\WINNT\system32\mpz300.dll infected by "TrojanDownloader.Win32.BHO" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\NLNP13.dll tagged as not-a-virus:AdWare.IGetNet. No Action Taken.
File C:\WINNT\system32\inetp60.dll tagged as not-a-virus:AdWare.ToolBar.Bymoh. No Action Taken.
File C:\WINNT\system32\msbb.dll tagged as not-a-virus:AdWare.180Solutions. No Action Taken.
File C:\WINNT\system32\NLNP!3.exe tagged as not-a-virus:AdWare.IGetNet. No Action Taken.
File C:\WINNT\system32\ast_.dll infected by "TrojanDownloader.Win32.VB.ah" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\cd_clint.dll tagged as not-a-virus:AdWare.Cydoor. No Action Taken.
File C:\WINNT\system32\msiefr40.dll tagged as not-a-virus:AdWare.Toolbar.Cash. No Action Taken.
File C:\WINNT\system32\msbb1.dll tagged as not-a-virus:AdWare.180Solutions. No Action Taken.
File C:\WINNT\system32\netpal.dll infected by "TrojanDownloader.Win32.BHO" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\e6f1873b.dll infected by "TrojanDownloader.Win32.Braidupdate.d" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\pr1ze5.dll infected by "Trojan.Win32.RCSync" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\NLNP131.dll tagged as not-a-virus:AdWare.IGetNet. No Action Taken.
File C:\WINNT\system32\H@tKeysH@@k.DLL tagged as not-a-virus:Cracker.Game.HotHook.dll. No Action Taken.
File C:\WINNT\system32\prizesurfer_setup.exe infected by "Trojan.Win32.RCSync" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\ClrSchP0121.dll infected by "Backdoor.Ruledor.c" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\mbho.dll tagged as not-a-virus:AdWare.WurldMedia. No Action Taken.
File C:\WINNT\system32\ClrSchP012.dlltmp infected by "Backdoor.Ruledor.c" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\nostalgia.dll tagged as not-a-virus:AdWare.BiSpy.m. No Action Taken.
File C:\WINNT\system32\MSView.exe tagged as not-a-virus:AdWare.BiSpy.m. No Action Taken.
File C:\WINNT\system32\ezStubtt.exe tagged as not-a-virus:AdWare.EZula.a. No Action Taken.
File C:\WINNT\system32\ezStubi.dll tagged as not-a-virus:AdWare.EZula.a. No Action Taken.
File C:\WINNT\system\Install_All.DLL tagged as not-a-virus:AdWare.IGetNet.b. No Action Taken.
File C:\WINNT\system\RSP001.DLL tagged as not-a-virus:AdWare.IGetNet. No Action Taken.
File C:\WINNT\system\Update_com.DLL tagged as not-a-virus:AdWare.IGetNet. No Action Taken.
File C:\WINNT\system\BHO001.DLL tagged as not-a-virus:AdWare.IGetNet. No Action Taken.
File C:\WINNT\Downloaded Program Files\gsda.dll tagged as not-a-virus:RiskWare.Downloader.SpyGame. No Action Taken.
File C:\WINNT\uptodate.exe infected by "TrojanDownloader.Win32.Braidupdate" Virus. Action Taken: No Action Taken.
File C:\WINNT\MSView.DLL tagged as not-a-virus:AdWare.BiSpy.m. No Action Taken.
File C:\WINNT\MSVprep.exe tagged as not-a-virus:AdWare.BiSpy.r. No Action Taken.
File C:\WINNT\ast_2to3.exe infected by "TrojanDownloader.Win32.VB.ah" Virus. Action Taken: No Action Taken.
File C:\WINNT\ast_1to2.exe infected by "TrojanDownloader.Win32.VB.ah" Virus. Action Taken: No Action Taken.
File C:\WINNT\cpruninst.exe infected by "TrojanDownloader.Win32.Adroar" Virus. Action Taken: No Action Taken.
File C:\WINNT\ARUpdate.exe infected by "TrojanDownloader.Win32.Adroar" Virus. Action Taken: No Action Taken.
File C:\WINNT\AdRoar.dll infected by "TrojanDownloader.Win32.Adroar" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{638118BA-FD4B-4B60-9E88-63D28E619E91}\Message Store\Attachments\DivX5Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{638118BA-FD4B-4B60-9E88-63D28E619E91}\Message Store\Attachments\{B89449C0-3233-45ED-97FD-F8BC7B21EC4C}\DivX5Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{638118BA-FD4B-4B60-9E88-63D28E619E91}\Message Store\Attachments\burp.exe.zip tagged as not-a-virus:Joke.Win32.Rubis. No Action Taken.
File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{638118BA-FD4B-4B60-9E88-63D28E619E91}\Message Store\Attachments\Morph20.rar tagged as not-a-virus:AdWare.WurldMedia. No Action Taken.
File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{638118BA-FD4B-4B60-9E88-63D28E619E91}\Message Store\Attachments\{0B90D3BD-6CBB-410C-B605-72B322C9082E}\DivX5Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IM\Identities\{638118BA-FD4B-4B60-9E88-63D28E619E91}\Message Store\Attachments\Herzfrequenzbeschleuniger (2).exe.safe infected by "not-virus:Joke.Win32.Badgame" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\GMT.exe tagged as not-a-virus:AdWare.Gator.6041. No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken.

Fortsetzung 2

File C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe tagged as not-a-virus:AdWare.Gator.6034. No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe tagged as not-a-virus:AdWare.Gator.6041. No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe tagged as not-a-virus:AdWare.Gator.6034. No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GController.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll tagged as not-a-virus:AdWare.Gator.6041. No Action Taken.
File C:\Programme\ICQ\Received Files\Kera\burp.exe.zip tagged as not-a-virus:Joke.Win32.Rubis. No Action Taken.
File C:\Programme\iMesh\Client\cd_install_202.exe tagged as not-a-virus:AdWare.Cydoor. No Action Taken.
File C:\Programme\iMesh\Client\imesh_336.exe tagged as not-a-virus:AdWare.NewDotNet. No Action Taken.
File C:\Programme\iMesh\Client\cd_Install_2023.exe tagged as not-a-virus:AdWare.Cydoor. No Action Taken.
File C:\Programme\Anti Virus Personal\INFECTED\TMP1B.TMP.VIR tagged as not-a-virus:AdWare.180Solutions. No Action Taken.
File C:\Programme\Anti Virus Personal\INFECTED\TMEG3DD2.DLL.VIR tagged as not-a-virus:AdWare.BiSpy.m. No Action Taken.
File C:\Programme\Anti Virus Personal\INFECTED\TMEG3DD3.EXE.VIR tagged as not-a-virus:AdWare.BiSpy.f. No Action Taken.
File C:\Programme\Anti Virus Personal\INFECTED\TMEG3DE1.DLL.VIR tagged as not-a-virus:AdWare.BiSpy.m. No Action Taken.
File C:\Programme\Anti Virus Personal\INFECTED\TMEG3DE2.EXE.VIR tagged as not-a-virus:AdWare.BiSpy.f. No Action Taken.
File C:\Programme\Anti Virus Personal\INFECTED\TMEG3DEA.EXE.VIR infected by "TrojanDownloader.Win32.Alchemic" Virus. Action Taken: No Action Taken.
File C:\Programme\Anti Virus Personal\INFECTED\TMP2C.TMP.VIR tagged as not-a-virus:AdWare.180Solutions. No Action Taken.
File C:\Programme\Anti Virus Personal\INFECTED\TMP30.TMP.VIR tagged as not-a-virus:AdWare.180Solutions. No Action Taken.
File C:\Programme\Anti Virus Personal\INFECTED\TMP39.TMP.VIR infected by "Backdoor.Ruledor.c" Virus. Action Taken: No Action Taken.
File C:\Programme\Anti Virus Personal\INFECTED\TMP3D.TMP.VIR infected by "Backdoor.Ruledor.c" Virus. Action Taken: No Action Taken.
File C:\Programme\Anti Virus Personal\INFECTED\TMYOA833.DLL.VIR tagged as not-a-virus:AdWare.BiSpy.m. No Action Taken.
File C:\Programme\Anti Virus Personal\INFECTED\TMYOA834.EXE.VIR tagged as not-a-virus:AdWare.BiSpy.f. No Action Taken.
File C:\Programme\Anti Virus Personal\INFECTED\TMYOA842.DLL.VIR tagged as not-a-virus:AdWare.BiSpy.m. No Action Taken.
File C:\Programme\Anti Virus Personal\INFECTED\TMYOA843.EXE.VIR tagged as not-a-virus:AdWare.BiSpy.f. No Action Taken.
File C:\Programme\Anti Virus Personal\INFECTED\TMYOA84B.EXE.VIR infected by "TrojanDownloader.Win32.Alchemic" Virus. Action Taken: No Action Taken.
File C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL tagged as not-a-virus:AdWare.Toolbar.MyWay.b. No Action Taken.
File C:\Programme\ClearSearch\IE_ClrSch.DLL tagged as not-a-virus:AdWare.ClearSearch.i. No Action Taken.
File C:\Programme\ClearSearch\CSSS.DLL tagged as not-a-virus:AdWare.ClearSearch. No Action Taken.
File C:\Programme\ClearSearch\CSZT.DLL tagged as not-a-virus:AdWare.ClearSearch. No Action Taken.
File C:\Programme\websearch\websearch_grock.exe tagged as not-a-virus:AdWare.HelpExpress. No Action Taken.
File C:\Quake III Arena\Extras\WorldNet\PCVKIT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Quake III Arena\Check for Quake III Arena Updates.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Wie soll es jetzt weitergehen mit meiner Festplatte.
Hat jemand eine Lösung für mich?

mfg Rene

So, nun hab ich einige Sachen von der Platte entfernt und HJT ausgeführt

Logfile of HijackThis v1.98.2
Scan saved at 22:46:25, on 24.11.2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\Anti Virus Personal\AVGUARD.EXE
C:\Programme\Anti Virus Personal\AVWUPSRV.EXE
C:\WINNT\system32\hidserv.exe
C:\intranet\Jana2\janad.exe
C:\intranet\mysql\bin\mysqld-nt.exe
C:\PROGRA~1\NAVNT\navapsvc.exe
C:\PROGRA~1\NAVNT\npssvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\NAVNT\alertsvc.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe
C:\Programme\Logitech\2.20\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\9.73\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programme\ahead\InCD\InCD.exe
C:\Programme\Logitech\9.73\MouseWare\system\em_exec.exe
C:\WINNT\uptodate.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\Programme\NAVNT\POPROXY.EXE
C:\PROGRA~1\WINPAT~1\WinPatrol.exe
C:\Programme\winamp 5.03\winampa.exe
C:\Programme\ZoneAlarm\zlclient.exe
C:\Programme\Anti Virus Personal\AVGNT.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Programme\NoPopUp 2003\nopopup.exe
C:\Programme\VirtualDVR\VirtualDVR.exe
C:\Programme\TVgenial\TVgenial.exe
C:\WINNT\twain_32\C6U14K\WATCH.exe
C:\Programme\NAVNT\navapw32.exe
C:\WINNT\3568.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aon.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.topfivesearch.com/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.topfivesearch.com/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.topfivesearch.com/search.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von Lycos Europe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.aon.at:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: IPInsigtObj Class - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINNT\IPINSIGT.DLL
O2 - BHO: CBho404 Object - {087173EF-9829-4F49-8340-A524177D3F60} - C:\WINNT\system32\inetp60.dll
O2 - BHO: FeaturedResultsBHO Class - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINNT\system32\msiefr40.dll
O2 - BHO: NetPal Class - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} - C:\WINNT\System32\NetPal.dll
O2 - BHO: IEHooks Class - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Programme\ClearSearch\IE_ClrSch.DLL
O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINNT\AdRoar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINNT\AdRoar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\2.20\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\9.73\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [InCD] C:\Programme\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINNT\uptodate.exe
O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINNT\system32\msiefr40.dll,DllRunServer
O4 - HKLM\..\Run: [MSDIconsAndLabels] rundll32 C:\WINNT\system32\ShellExt\MsdServ.dll,Start C:\WINNT\system32\ShellExt\MSDIconsAndLabels.exe
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINNT\ARUpdate.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\NAVNT\npscheck.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NAVNT\defalert.exe
O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINNT\system32\inetp60.dll,DllRunServer
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Programme\NAVNT\POPROXY.EXE
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\winamp 5.03\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\Anti Virus Personal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NoPopUp] C:\Programme\NoPopUp 2003\nopopup.exe /autorun
O4 - HKCU\..\Run: [YAW Autostart] "C:\Programme\YAW3\yaw.exe"
O4 - HKCU\..\Run: [VirtualDVR] C:\Programme\VirtualDVR\VirtualDVR.exe
O4 - HKCU\..\Run: [TVgenial] C:\Programme\TVgenial\TVgenial.exe -d
O4 - Global Startup: Watch.lnk = C:\WINNT\twain_32\C6U14K\WATCH.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Programme\NAVNT\navapw32.exe
O8 - Extra context menu item: Download &All by FD - C:\Programme\FreshDownload\fdiectx2.htm
O8 - Extra context menu item: Download with &FD - C:\Programme\FreshDownload\fdiectx.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O16 - DPF: ChatSpace Full Java Client 2.1.0.91 - http://213.229.33.36/java/cs4fs091.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
O16 - DPF: {6ABC861A-31E7-4D91-B43B-D3C98F22A5C0} (SecureWeb Class) - http://secure.aconti.net/(ji0w3u2ami3cig45atuq5ay3)/secureweb/SecureWeb.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://a1964.g.akamai.net/f/1964/273.../SNDriveBy.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4412701C-7B98-4370-AC12-328B1A804514}: NameServer = 195.3.96.67,195.3.96.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CE959B1-EB57-477F-B19E-4C02BF6B54EE}: NameServer = 192.168.0.1
O18 - Protocol hijack: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}

Hat hier noch jemand etwas gefunden was nach Trojaner, Wurm oder Virus aussieht?

mfg Rene

Hallo Rene_joe,

Du hast nicht nur eine sehr vielseitige sondern auch eine sehr gefährliche Virensammlung auf dem System. Unter anderem einen Ableger der zahlreichen Familie der Rbots W32/Rbot- und andere Viren mit Backdoor-Funktionalität.

Die einzige Antwort, die cih Dir geben kann, ist daher: formatieren und neu aufsetzen, entsprechend Lutz' Datensicherung und Cidre's Rat.

Ein löschen dieser Malware genügt nicht. Siehe dazu: Entfernung von Schädlingen und Kompromittierung unvermeidbar?.

Zu Deiner Adware-Frage eine ausführliche Antwort.

SD

So, nun hab ich den ganzen nachmittag investiert, um mein Win2000 zu retten.
So sieht jetzt meine HJT.log aus:

Logfile of HijackThis v1.98.2
Scan saved at 17:15:05, on 25.11.2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\Anti Virus Personal\AVGUARD.EXE
C:\Programme\Anti Virus Personal\AVWUPSRV.EXE
C:\WINNT\system32\hidserv.exe
C:\intranet\Jana2\janad.exe
C:\intranet\mysql\bin\mysqld-nt.exe
C:\PROGRA~1\NAVNT\navapsvc.exe
C:\PROGRA~1\NAVNT\npssvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\NAVNT\alertsvc.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe
C:\Programme\Logitech\2.20\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\9.73\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programme\ahead\InCD\InCD.exe
C:\Programme\Logitech\9.73\MouseWare\system\em_exec.exe
C:\Programme\NAVNT\POPROXY.EXE
C:\PROGRA~1\WINPAT~1\WinPatrol.exe
C:\Programme\winamp 5.03\winampa.exe
C:\Programme\ZoneAlarm\zlclient.exe
C:\Programme\Anti Virus Personal\AVGNT.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Programme\NoPopUp 2003\nopopup.exe
C:\Programme\VirtualDVR\VirtualDVR.exe
C:\WINNT\53B4.exe
C:\Programme\TVgenial\TVgenial.exe
C:\WINNT\twain_32\C6U14K\WATCH.exe
C:\Programme\NAVNT\navapw32.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aon.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von Lycos Europe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.aon.at:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\2.20\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\9.73\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [InCD] C:\Programme\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MSDIconsAndLabels] rundll32 C:\WINNT\system32\ShellExt\MsdServ.dll,Start C:\WINNT\system32\ShellExt\MSDIconsAndLabels.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\NAVNT\npscheck.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NAVNT\defalert.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Programme\NAVNT\POPROXY.EXE
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\winamp 5.03\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\Anti Virus Personal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NoPopUp] C:\Programme\NoPopUp 2003\nopopup.exe /autorun
O4 - HKCU\..\Run: [YAW Autostart] "C:\Programme\YAW3\yaw.exe"
O4 - HKCU\..\Run: [VirtualDVR] C:\Programme\VirtualDVR\VirtualDVR.exe
O4 - HKCU\..\Run: [TVgenial] C:\Programme\TVgenial\TVgenial.exe -d
O4 - Global Startup: Watch.lnk = C:\WINNT\twain_32\C6U14K\WATCH.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Programme\NAVNT\navapw32.exe
O8 - Extra context menu item: Download &All by FD - C:\Programme\FreshDownload\fdiectx2.htm
O8 - Extra context menu item: Download with &FD - C:\Programme\FreshDownload\fdiectx.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O16 - DPF: ChatSpace Full Java Client 2.1.0.91 - http://213.229.33.36/java/cs4fs091.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4412701C-7B98-4370-AC12-328B1A804514}: NameServer = 195.3.96.67,195.3.96.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CE959B1-EB57-477F-B19E-4C02BF6B54EE}: NameServer = 192.168.0.1

Ist doch schon viel besser als gestern, oder?

mfg Rene

eScan 4.6.7 hab nicht gecheckt wie ich das Updaten kann, gibt es da eine Registerkarte oder wie?

@ Rene_joe,

wie Du eScan updaten kannst, steht in der Anleitung. Ich halte es nicht für in Ordnung, dass Du dieses System beibehalten willst. Meiner Ansicht ist es kompromittiert, da Du Backdoor-Programme auf dem Rechner hast, die sich nicht so ohne Weiteres löschen lassen ...

Du setzt Deine eigene Sicherheit auf's Spiel und die Sicherheit derer, die mit Dir und Deinem System in Verbindung stehen.

MfG
Shadowdance

Hi Shadowdance.

Hab es mir mittlerweile überlegt, bin schon beim Sichern, werd mein System neu aufsetzen.

Ist zwar eine heidn Arbeit aber i werds schön langsam machen.

mfg Rene