hallo,
bin neu hier und kenn mich leider auch mit vieren, trojanern... noch wenig aus. ändert sich aber gerade
antivier hatte bei mir vieren gefunden. nach kurzer recherche hier im forum habe ich mal einen escan gemacht:


File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP105\A0009511.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP105\A0009512.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010239.dll infected by "not-a-virus:AdWare.ToolBar.DashBar.b" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010240.exe infected by "not-a-virus:AdWare.ToolBar.DashBar.d" Virus. Action Taken: No Action Taken.


File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010241.exe infected by "not-a-virus:AdWare.ToolBar.DashBar.d" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010589.exe infected by "not-a-virus:AdWare.ToolBar.DashBar.d" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010590.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010591.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010592.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010593.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010594.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010595.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010596.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010597.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010598.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010600.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010601.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010602.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010633.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010634.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010635.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010636.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010637.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010638.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010639.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010641.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0012976.exe infected by "not-a-virus:AdWare.Gator.6040" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0012979.exe infected by "not-a-virus:AdWare.Gator.6040" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0013430.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0013434.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0014431.exe infected by "Trojan.Win16.Bearded" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0014436.exe tagged as not-a-virus:Simulator.Win16.Click. No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0017631.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0017732.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.






dann habe ich alles mögliche gelöscht (inklusive papierkorb) und einen zweiten scan gemacht:




File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP105\A0009511.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP105\A0009512.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010239.dll infected by "not-a-virus:AdWare.ToolBar.DashBar.b" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010240.exe infected by "not-a-virus:AdWare.ToolBar.DashBar.d" Virus. Action Taken: No Action Taken.


File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010241.exe infected by "not-a-virus:AdWare.ToolBar.DashBar.d" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010589.exe infected by "not-a-virus:AdWare.ToolBar.DashBar.d" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010590.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010591.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010592.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010593.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010594.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010595.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010596.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010597.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010598.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010600.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010601.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010602.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010633.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010634.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010635.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010636.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010637.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010638.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010639.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0010641.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0012976.exe infected by "not-a-virus:AdWare.Gator.6040" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0012979.exe infected by "not-a-virus:AdWare.Gator.6040" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0013430.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0013434.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0014431.exe infected by "Trojan.Win16.Bearded" Virus. Action Taken: No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0014436.exe tagged as not-a-virus:Simulator.Win16.Click. No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0017631.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\System Volume Information\_restore{2DA43912-92F7-4753-8BDD-56F783EC77D4}\RP108\A0017732.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.


ja und das ist mein logfile von hijachThis:

Logfile of HijackThis v1.99.1
Scan saved at 21:28:52, on 14.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.msn.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - Global Startup: Microsoft Office Shortcut-Leiste.lnk = C:\Programme\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.de/
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/23ea10ff...dxIE601_de.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

kann mir jemand sagen wie stark mein system befallen ist? und was ich gegen die vieren tun kann.
wäre für jede hilfe dankbar.
gruss hagen

deaktiviere die Systemwiederherstellung neu booten Systemwiederherstellung wieder aktivieren, im normalen Modus ein neues HJT erstellen und posten

Hallo,

Zitat:

sind das vieren???

Ich würde sogar sagen, dass es sich hiebei um fünfen handelt.
Spass beiseite, die Dinger heissen Viren.

Das Problem sollte mit der Abarbeitung von Gigamail's Empfehlung erledigt sein.

viren!!!!!!!!!!! richtig....sah doch gleich so komisch aus. ich sollte weniger und ist mir scheinbar schon zu spät...
aber schon mal vielen dank für eure schnelle hilfe. hier das neue HijackThis logfile

soll ich nun den escan wieder drüber laufen lassen???
gruss hagen

Logfile of HijackThis v1.99.1
Scan saved at 22:39:31, on 14.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Programme\Microsoft Office\Office\MSOFFICE.EXE
C:\Programme\Microsoft Office\Office\FINDFAST.EXE
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\winlogon.exe
D:\download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.msn.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - Global Startup: Microsoft Office Shortcut-Leiste.lnk = C:\Programme\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.de/
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/23ea10ff...dxIE601_de.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Dein Log-File sieht sauber aus.
Zur weiteren Vorsorge solltest du die Links unter 'Lesenswerte Lektüre...' in meiner Signatur lesen und abarbeiten.

Zitat:

soll ich nun den escan wieder drüber laufen lassen???

Kann nicht schaden.

vielen dank