Hi Leute!
Ich hab mal im abgesicherten Modus mit eScan meinen Rechner durchscannen lassen. Nun hab ich das Problem, dass ich mit den Meldungen nicht so viel anfangen kann Was muss ich als nächstes tun?? Wär sehr dankbar für nen Ratschlag!!
Ausserdem hab ich noch nen HiJackThis-Log, den ich leider auch nicht selbst auswerten kann
Also, wenn jemand ein bisschen Zeit finden könnte, um mir zu helfen, wär das wirklich super

Hier mal die Logs

eScan-log:

File C:\WINDOWS\Dit.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.

Object "Alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "Claria Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "CWS.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\PdpPlugin5094.dll". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\O2CPlayer.OCX". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "F:\player\WMMP.EXE". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "F:\player\WMMP.EXE". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "F:\player\WMMP.EXE". Action Taken: No Action Taken.

File C:\WINDOWS\DitExp.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.

File C:\Dokumente und Einstellungen\Gorana\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6L3S5S7Y\sd150000[1].cab tagged as not-a-virus:Garbage.Java.Chart. No Action Taken.

File C:\Java\demo\applets\BarChart\BarChart.class tagged as not-a-virus:Garbage.Java.Chart. No Action Taken.

File C:\Java\demo\plugin\applets\BarChart\BarChart.class tagged as not-a-virus:Garbage.Java.Chart. No Action Taken.

File C:\Programme\Gemeinsame Dateien\Java\Update\Base Images\jdk1.5.0.b64\demos.zip tagged as not-a-virus:Garbage.Java.Chart. No Action Taken.

File C:\Programme\Opera\ow32enen800.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File C:\Programme\Opera\uninst\unwise.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File C:\Programme\TI Education\Derive 6 Demo\unwise.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File C:\RECYCLER\NPROTECT\00371823.exe tagged as not-a-virus:Tool.Win32.HTPatch.a. No Action Taken.

File C:\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File C:\WINDOWS\DitExp.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.

File D:\Ad-Ware\aaw6181.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\Ad-Ware\Ad-aware 6\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\ICQ\ICQLite\Unwise32.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\IncrediMail\IncrediMail\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\IncrediMail\IncrediMailSetup_de.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\Programme\derive6-demo6_10-german.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\Programme\iMPload\complete MP3pro\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.




so und das HiJackThis-log:

Logfile of HijackThis v1.99.0
Scan saved at 18:34:44, on 02.07.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\0900WA~1\WARN0900.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
D:\ICQ\ICQLite\ICQLite.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\0900WA~1\w0svc.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\Kerio Firewall\Personal Firewall 4\kpf4ss.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Programme\Kerio Firewall\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Kerio Firewall\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\IZarc\IZArc\IZArc.exe
C:\DOKUME~1\...\LOKALE~1\Temp\ARC18\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h p://www.arcor.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.arcor.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0

\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.

dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [0900 Warner] C:\PROGRA~1\0900WA~1\WARN0900.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [ICQ Lite] D:\ICQ\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\ICQ\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\INCRED~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Java\jre1.5.0_02\bin\npjpi150_

02.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.arcor.de
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://h**p://v5.windowsupdate.micro...om/v5consumer/

V5Controls/en/x86/client/wuweb_site.cab?1093790713796
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - h**p://security.symantec.com/sscv6/

SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - h**p://www.pandasoftware.com/activescan/

as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A48E95A8-076E-4804-A9AD-C302F5F9BD7B}: NameServer = 192.168.120.252,192.168.120.

253
O23 - Service: 0190/0900 Warner Überwachungsdienst - Mirko Böer - C:\PROGRA~1\0900WA~1\w0svc.exe
O23 - Service: AVM FRITZ!web Routing Service - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: Kerio Personal Firewall 4 - Kerio Technologies - C:\Programme\Kerio Firewall\Personal Firewall 4\kpf4ss.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton

AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton

Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec

Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security

Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe




Lieben Gruß
moony

Hallo,

dein Log-File ist soweit in Ordnung.
Bereinige deine Registry mit Hilfe von RegSeeker und setze zuvor einen Haken bei 'Sichern vor Löschen', damit ein Backup angelegt wird.

Installiere das SP2 und benutze zukünftig Firefox als Browser.

btw:
HJT sollte nicht temporär entpackt werden!