Hi,

hier noch das E-scan log zu mener Frage:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Mon Jul 25 13:13:43 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Mon Jul 25 13:13:43 2005 => Total Virus(es) Found: 0
Mon Jul 25 13:13:43 2005 => Total Errors: 8
Mon Jul 25 13:13:43 2005 => Time Elapsed: 00:51:11
Mon Jul 25 13:13:43 2005 => Total Objects Scanned: 42687
Mon Jul 25 12:21:53 2005 => Virus Database Date: 2005/07/25
Mon Jul 25 13:13:43 2005 => Virus Database Date: 2005/07/25
Mon Jul 25 13:15:17 2005 => Virus Database Date: 2005/07/25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

Kann mir jetzt jemand helfen??

Gruß
Laithy

Kann mir keiner helfen?
Hab ich was falsch formuliert oder ungenau gefragt?????

Gruß
Laithy

Sehr ungenau gefragt.

Ok. Sorry.

Also auf ein Neues:

Seit ca. 14 Tagen bekomme ich massenweise (1000-1500) Mails als unzustellbare Rückläufer in mein Postfach. Ich denke also, das ich einen Wurm habe, der Spam über meinen Rechner sendet. F-Secure (neu installiert) hat auch einiges gefunden.
Trotzdem habe ich übers WE das ganze System neu aufgesetzt - und kriege immernoch massenweise Rückläufer.

Heute morgen habe ich einen Scan mit HijackThis und E-Scan gemacht. Logs sind hier angehängt.

Könnt Ihr mir bitte helfen. Ist mein Rechner noch infiziert oder liegt das Problem woanders???
Um die Logs auszuwerten fehlts mir leider an Sachverstand...

Danke schon mal...

HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 10:14:56, on 25.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\adobe acrobat\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\adobe acrobat\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\adobe acrobat\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [F-Secure Manager] "E:\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "E:\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "E:\F-Secure Anti-Virus\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Acrobat Assistant.lnk = E:\adobe acrobat\Distillr\acrotray.exe
O4 - Global Startup: ISDNWatch.lnk = E:\FRITZ!\IWatch.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3106143A-135D-49D5-9925-89D9A1E5F8F1}: NameServer = 192.168.120.252,192.168.120.253
O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) - Unknown owner - E:\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - E:\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - E:\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\F-Secure Anti-Virus\Common\FSMA32.EXE


E-Scan mit find.bat:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Mon Jul 25 13:13:43 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Mon Jul 25 13:13:43 2005 => Total Virus(es) Found: 0
Mon Jul 25 13:13:43 2005 => Total Errors: 8
Mon Jul 25 13:13:43 2005 => Time Elapsed: 00:51:11
Mon Jul 25 13:13:43 2005 => Total Objects Scanned: 42687
Mon Jul 25 12:21:53 2005 => Virus Database Date: 2005/07/25
Mon Jul 25 13:13:43 2005 => Virus Database Date: 2005/07/25
Mon Jul 25 13:15:17 2005 => Virus Database Date: 2005/07/25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

Wieso immer diese Doppelpostings

http://www.trojaner-board.de/showthread.php?t=20150

Hallo,

im zweiten Posting hab ich das E-Scan Log mitgeschickt...

Da muss noch was sein. Eben hab ich wieder 237 Mails runtergeladen -seit 14:30 Uhr!!!

Als Beispiel hier eine Mail:

-die Adresse TrevonATyachtie.de habe ich nicht!!-

The original message was received at Mon, 25 Jul 2005 10:38:06 -0400
from ipn36373-b06114.cidr.lightship.net [216.204.227.2]

----- The following addresses had permanent fatal errors -----
<geo***prodigy.net>
(reason: 554 delivery error: dd This user doesn't have a prodigy.net account (geo***prodigy.net) [0] - mta121.sbc.mail.re2.yahoo.com)

----- Transcript of session follows -----
... while talking to mx1.sbc.mail.yahoo.com.:

>>>>>> DATA

<<< 554 delivery error: dd This user doesn't have a prodigy.net account (geo***prodigy.net) [0] - mta121.sbc.mail.re2.yahoo.com
554 5.0.0 Service unavailable



Reporting-MTA: dns; ylpvm44.prodigy.net
Received-From-MTA: DNS; ipn36373-b06114.cidr.lightship.net
Arrival-Date: Mon, 25 Jul 2005 10:38:06 -0400

Final-Recipient: RFC822; ge***prodigy.net
Action: failed
Status: 5.0.0
Remote-MTA: DNS; mx1.sbc.mail.yahoo.com
Diagnostic-Code: SMTP; 554 delivery error: dd This user doesn't have a prodigy.net account (geo***prodigy.net) [0] - mta121.sbc.mail.re2.yahoo.com
Last-Attempt-Date: Mon, 25 Jul 2005 10:38:08 -0400



Betreff:
Shooting Stars Stox Reports
Von:
Kristian <Trevon@yachtie.de>
Datum:
Mon, 25 Jul 2005 10:35:53 -0400
An:
geo***prodigy.net

penn y sto ck pic ks every week !!!

The profile for the month of JULY is
W S M I
- Wisdom International, Inc. - JUST ANNOUNCED $5.2M contract

Ground Breaking News:
W S MI
announced on Friday after the close $5.2M contract!!! The company stock will go crazy next week!! Everybody is looking at
W SM I
as $2.50 - $3 stock after this contract was released.
_________________________________________________
Symbol:
WSM I
Price: $1.15
Expected possible price in next 5 days: $3.20
_________________________________________________

Breaking News Announced : Ground Breaking News:
W SMI
announced on Friday after the close $5.2M contract!!!

_________________________________________________
Symbol: WSMI
Price: $1.15
Expected possible price in next 5 days: $3.20
_________________________________________________

Wisdom International Corporation is a diversified holding company. Wisdom's reinsurance activities are conducted through its subsidiary, International Reinsurance Company, Ltd, with offices in Nevis, West Indies, Norwich, England and Dallas, Texas. Wisdom Global Mining conducts mining operations of organic agricultural, and health related products.

News Releases
---------------------------++++++++++++++++++++++++++++++++++++

Wisdom International (WSMI) is pleased to announce that its mining operation has received a significant new order.

Wisdom International has entered into an agreement to provide and fulfill an order for 5.2 million dollars ($5,200,000) of it Organic Miracle product. Organic Miracle is a non-nitrogen based fertilizer that can be applied by itself or as supplement to more expensive fertilizer products. Since its introduction, Organic Miracle has generated high interest levels, both in the U.S. and abroad.

Based on the revenues expected through the dynamic growth pattern of its re-insurance subsidiary and the Company's mining operation, Wisdom International projects its 2005 profits to exceed 3.5 million dollars ($3,500,000).

_________________________________________________
Symbol:
WS M I

Price: $1.15
Expected possible price in next 5 days: $3.20
_________________________________________________

+++++++++++++++++++++++++++++++++++++++

Read This before you do anything else:

Information within this email contains "forward looking statements" within the meaning of Section 27A of the Securities Act of 1933 and Section 21B of the Securities Exchange Act of 1934. Any statements that express or involve discussions with respect to predictions, goals, expectations, beliefs, plans, projections, objectives, assumptions or future events or performance are not statements of historical fact and may be "forward looking statements." Forward looking statements are based on expectations, estimates and projections at the time the statements are made that involve a number of risks and uncertainties which could cause actual results or events to differ materially from those presently anticipated. Forward looking statements in this action may be identified through the use of words such as: "projects", "foresee", "expects", "estimates," "believes," "understands" "will," "! ;part of: "anticipates," or that by statements indicating certain actions "may," "could," or "might" occur. All information provided within this email pertaining to investing, stocks, securities must be understood as information provided and not investment advice. Emerging Equity Alert advises all readers and subscribers to seek advice from a registered professional securities representative before deciding to trade in stocks featured within this email. None of the material within this report shall be construed as any kind of investment advice. Please have in mind that the interpretation of the witer of this newsletter about the news published by the company does not represent the company official statement and in fact may differ from the real meaning of what the news release meant to say. Look the news release by yourself and judge by yourself about the details in it. In compliance with Section 17(b), we disclose the holding of WSMI ! shares prior to the publication of this report. Be aware of an inheren t conflict of interest resulting from such holdings due to our intent to profit from the liquidation of these shares. Shares may be sold at any time, even after positive statements have been made regarding the above company. Since we own shares, there is an inherent conflict of interest in our statements and opinions. Readers of this publication are cautioned not to place undue reliance on forward-looking statements, which are based on certain assumptions and expectations involving various risks and uncertainties, that could cause results to differ materially from those set forth in the forward- looking statements. "Expected Speculative price" should not be accepted as price projection its only for informational purposes. Please be advised that nothing within this email shall constitute a solicitation or an invitation to get position in or sell any security mentioned herein. This newsletter is neither a registered investment advisor nor affiliated with any broker o! r dealer. This newsletter was paid $23500 from third party (Raginbulls) to send this report. All statements made are our express opinion only and should be treated as such. We may own, take position and sell any securities mentioned at any time. This report includes forward-looking statements within the meaning of The Private Securities Litigation Reform Act of 1995. These statements may include terms as "expect", "believe", "may", "will", "move","undervalued" , "speculative target price" and "intend" or similar terms.