tag allerseits..
ich hab ngroßes problem mit unserem "wg-computer"! da ich in unserer wg der einzige bin der sich wenigstens ein bischen mit diesem kram auskennt ist es meine aufgabe die kiste am laufen zu halten.eigentlich gibt es keine größeren ersichtlichen probleme...
ich überprüfe ständig mit AntiVir XP, Ad-Aware SE Personal, Spybot - Search & Destroy sowie CWShredder (außerdem noch tuneup utilities +RegOptimierer und ClearProg,tut hier aber glaub ich nichts zur sache)
firewall oder ähnliches ist nicht vorhanden,ebenfalls kein service pack 2 da ich irgendwo mal gehört hatte das es nicht vorteilhaft beim online-zocken sei...

jetzt habe ich mal e-scan durchlaufen lassen:

Sat Oct 01 16:37:43 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Sat Oct 01 16:37:43 2005 => Loading Spyware Signatures from new External Database (Size: 144406).
Sat Oct 01 16:37:45 2005 => Indexed Spyware Databases Successfully Created...

Sat Oct 01 16:38:02 2005 => System found infected with istbar Spyware/Adware ({d128e6c8-6ae7-4ecd-939e-e2e6ca7d035d})! Action taken: No Action Taken.
Sat Oct 01 16:38:03 2005 => Offending Key found: HKLM\Software\gnu !!!
Sat Oct 01 16:38:03 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Oct 01 16:38:03 2005 => Offending Key found: HKLM\Software\msbb !!!
Sat Oct 01 16:38:03 2005 => Object "msbb Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Oct 01 16:38:03 2005 => Offending Key found: HKLM\Software\windupdates !!!
Sat Oct 01 16:38:03 2005 => Object "windupdate Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Oct 01 16:38:03 2005 => Offending Key found: HKCU\Software\gnu !!!
Sat Oct 01 16:38:03 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Oct 01 16:38:03 2005 => Offending Key found: HKCU\Software\msbb !!!
Sat Oct 01 16:38:03 2005 => Object "msbb Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Oct 01 16:38:05 2005 => Offending file found: C:\WINDOWS\alchem.ini
Sat Oct 01 16:38:05 2005 => System found infected with abetterinternet Spyware/Adware (alchem.ini)! Action taken: No Action Taken.

Sat Oct 01 16:38:05 2005 => Offending file found: C:\WINDOWS\conscorr.ini
Sat Oct 01 16:38:05 2005 => System found infected with ezula Spyware/Adware (conscorr.ini)! Action taken: No Action Taken.

Sat Oct 01 16:38:05 2005 => Offending Folder found: C:\WINDOWS\DOWNLO~1\conflict.1
Sat Oct 01 16:38:05 2005 => Object "180solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Oct 01 16:38:05 2005 => Offending file found: C:\WINDOWS\System32\msxslab.dll
Sat Oct 01 16:38:05 2005 => System found infected with coolwebsearch parasite variant Spyware/Adware (msxslab.dll)! Action taken: No Action Taken.


Sat Oct 01 16:38:15 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\asinst.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\basis.xml". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\bridge.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\bridge.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\bridge.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1019.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1019.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.5\HDPlugin1019.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HDPlugin1015.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\jao.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\nav.bmp". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\PremiumConnectLoad.ocx". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\QDow_AS2.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\tl7000.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\toolbar.crc". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\version.txt". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\win32.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WUInst.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\EPlugin.ocx". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\LiveService_3.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program files\Robin Hood - DotC\GAMESAVE\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Gemeinsame Dateien\Symantec Shared\Help\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Call of Duty\uo\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton AntiVirus\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program files\Hidden & Dangerous 2\Text\english\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program files\Hidden & Dangerous 2\Text\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program files\Hidden & Dangerous 2\Text\english\subtitles\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program files\Sierra\SWAT 4\Content\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program files\Sierra\SWAT 4\Content\System\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program files\Sierra\SWAT 4\Content\Maps\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program files\Sierra\SWAT 4\Content\Classes\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program files\Sierra\SWAT 4\Content\StaticMeshes\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Ad-aware 6 Professional". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "BargainBuddy". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Blitzkrieg". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "bridge". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Call of Duty". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DivX Player". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "EliteBar Internet Explorer Toolbar". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "GameSpy Arcade". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Hidden & Dangerous 2 SP Demo". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "iexpedition". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB810243". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB817778". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB820291". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821253". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB822603". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826942". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828028". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB829558". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveReg". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveUpdate". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "localNRD". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA Display Driver". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q322011". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814995". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SearchAssistant Uninstall". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SiSLan". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Spyware Doctor_is1". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "T-Online Copas". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Vietcong". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "XBTB00000.XBTB00000IEToolbar". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ZoneAlarm Pro". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4B35F00C-E63D-40DC-9839-DF15A33EAC46}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{511A5609-446A-11D5-9FA6-0060087051D5}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{663DAC6E-AC75-4A07-A94C-11BC1E214AC0}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{83437081-8186-4F63-BD39-4BE8A691E055}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8ADFC4160D694100B5B8A22DE9DCABD9}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{95D1FD8D-9209-4C68-B7E4-95536D21BBD1}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A99968BE-C155-474C-0089-33239DEE1CE2}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C270BC04-1540-4673-960F-A546B2C860CD}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D1EE91BE-1EE1-4884-94CD-3CAD26463AC6}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}". Action Taken: No Action Taken.

Sat Oct 01 16:38:17 2005 => Entry "HKCR\CLSID\{31E0DFD7-2621-11D2-AFD7-006097C9A284}" refers to invalid object "E:\Microsoft Office\Office10\1031\MSOHELP.EXE". Action Taken: No Action Taken.

Sat Oct 01 16:38:18 2005 => Entry "HKCR\CLSID\{86FC1FD1-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "D:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken.

Sat Oct 01 16:38:18 2005 => Entry "HKCR\CLSID\{86FC1FD3-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "D:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken.

Sat Oct 01 16:38:18 2005 => Entry "HKCR\CLSID\{B58C2440-A1A3-11D2-B024-006097C9A284}" refers to invalid object "E:\Microsoft Office\Office10\1031\MSOHELP.EXE". Action Taken: No Action Taken.

Sat Oct 01 16:38:18 2005 => Entry "HKCR\CLSID\{B58C2441-A1A3-11D2-B024-006097C9A284}" refers to invalid object "E:\Microsoft Office\Office10\1031\MSOHELP.EXE". Action Taken: No Action Taken.

Sat Oct 01 16:38:19 2005 => Entry "HKCR\CLSID\{FACF11A2-5095-11D3-A9DE-00C0268E5C48}" refers to invalid object "D:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken.

Sat Oct 01 16:38:21 2005 => Entry "HKCR\Rar-Archiv\shell\open\command" refers to invalid object ""D:\cock sparrer\WinAce\WinAce.exe" "%1"". Action Taken: No Action Taken.

puh da ist jetzt ne ganze menge ...ich poste noch mein hijackthis-log wobei ich meine das dort alles in ordnung ist:

Logfile of HijackThis v1.97.7
Scan saved at 18:02:16, on 01.10.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\TuneUp Utilities 2004\MemOptimizer.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\DOKUME~1\STEFAN~1\LOKALE~1\Temp\mwavscan.com
C:\DOKUME~1\STEFAN~1\LOKALE~1\Temp\kavss.exe
C:\WINDOWS\notepad.exe
C:\Dokumente und Einstellungen\Stefan Ruck\Eigene Dateien\Meine empfangenen Dateien\HijackThis.exe

O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)


Jetzt lautet meine Frage :
ist der pc hoffnungslos verseucht, oder seht ihr noch ne chance ihn wieder "sauber" zu bekommen?!?
falls die antwort lautet : pc platt machen, bitte ich um eine anweisung
oder n link wie ich das am besten mache!!!ebenfalls wären n paar vorschläge hilfreich wie ich so ein chaos in zukunft vermeiden kann...
fettes merci schon im vorraus

@hatecrimes

Lade dir
HijackThis v1.99.1
Deine Version ist alt & poste dein komplette HJT Log

Gruss
Expert

Logfile of HijackThis v1.99.1
Scan saved at 18:43:33, on 01.10.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\TuneUp Utilities 2004\MemOptimizer.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Dokumente und Einstellungen\Stefan Ruck\Eigene Dateien\Meine empfangenen Dateien\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

@hatecrimes
im logfile ist ausser veraltetes BS nichts besonderes zu sehen
poste mal die escan ergebnisse nach dieser anleitung
http://www.trojaner-board.de/showthread.php?t=17492


chaosman

Alternativ:
Öffne die 'mwav.log' im Ordner 'C:\Bases_X' -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen
.
File C:\Programme\AVPersonal\INFECTED\winldra.VIR infected by "Backdoor.Win32.Dumador.bh" Virus!

C:\Programme\AVPersonal\INFECTED\winldra.VIR

File C:\Programme\AVPersonal\INFECTED\DVPD.DLL.VIR infected by "Backdoor.Win32.Dumador.az" Virus!

C:\Programme\AVPersonal\INFECTED\DVPD.DLL.VIR

C:\Programme\AVPersonal\INFECTED\*.*

C:\WINDOWS\System32\msxslab.dll
System found infected with coolwebsearch parasite variant Spyware/Adware (msxslab.dll)

C:\WINDOWS\conscorr.ini
System found infected with ezula Spyware/Adware (conscorr.ini)!

C:\WINDOWS\alchem.ini
System found infected with abetterinternet Spyware/Adware (alchem.ini)

System found infected with istbar Spyware/Adware ({d128e6c8-6ae7-4ecd-939e-e2e6ca7d035d})!

C:\Programme\AVPersonal\INFECTED\winldra.VIR infiziert von "Backdoor.Win32.Dumador.bh" Virus

C:\Programme\AVPersonal\INFECTED\winldra.VIR

C:\Programme\AVPersonal\INFECTED\DVPD.DLL.VIR infiziert von "Backdoor.Win32.Dumador.az" Virus

C:\Programme\AVPersonal\INFECTED\DVPD.DLL.VIR

C:\Programme\AVPersonal\INFECTED\*.*

C:\WINDOWS\System32\msxslab.dll
System found infected with coolwebsearch parasite variant Spyware/Adware (msxslab.dll)

C:\WINDOWS\conscorr.ini
System found infected with ezula Spyware/Adware (conscorr.ini)

C:\WINDOWS\alchem.ini
System found infected with abetterinternet Spyware/Adware (alchem.ini)

System found infected with istbar Spyware/Adware ({d128e6c8-6ae7-4ecd-939e-e2e6ca7d035d})

C:\WINDOWS\System32\msxslab.dll
System found infected with coolwebsearch parasite variant Spyware/Adware (msxslab.dll)

C:\WINDOWS\conscorr.ini
System found infected with ezula Spyware/Adware (conscorr.ini)

C:\WINDOWS\alchem.ini
System found infected with abetterinternet Spyware/Adware (alchem.ini)

System found infected with istbar Spyware/Adware ({d128e6c8-6ae7-4ecd-939e-e2e6ca7d035d})

Total Objects Scanned: 32393
Total Virus(es) Found: 12
Total Disinfected Files: 0

mhmm..waren dann ja doch nicht so viele...wiederholen sich ja teilweise..tue ich die nun einfach im gesicherten modus löschen???
die im av personal ordner sind doch eigentlich ungefährlich, oder??
wie lösche ich z.bsp. sowas-->{d128e6c8-6ae7-4ecd-939e-e2e6ca7d035d} ?

@ chaosman

woran siehts du das veraltete BS (-->betriebsystem?)

Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


daran sieht man es ! du hast nur ServicePack 1 drauf ! aktuell waere SP2 und nachfolgende windowsupdates ! und du kannst SP2 beruhigt installieren , ich merke da keine nachteile beim onlinezocken

@ haze
ok mal anders gefragt,was hat den sp2 für vorteile/veränderungen??
nur mal so ganz grob...

@all
was machw ich nun mit meinen unliebsamen mitbewohnern in meinem pc???
einfach nur löschen??

Hi,
hier gibt es nur eine Verfahrensweise: Bei der Veseuchung durch mind. 2 Backdoortrojaner hilft nur eines:
Neuaufsetzen des Systems!
Leider kann ich Dir keine andere Antwort geben. Auch wenn die Dateien "nur" im Quarantäneordner von Antivir sitzen, weißt du nicht, was sie schon alles gemacht haben... Und was die Dinger alles können, siehst du hier.
cacatoa

mhmm..ok werde ich das mal in angriff nehmen...danke für die schnelle antwort...werde dann im gleiche zuge sp2 installieren...zu was für einer firewall ratest du mir oder ist die vom sp2 ausreichend???

Hi,
zum Thema Software-Firewall solltest Du mal die Boardsuche bemühen. Ich persönlich halte davon nichts, ich benutze auch keine.
cacatoa

mhmm ok..ich war bisher auch kein freund davon,habe mich nur auf norton oder antivir beschränkt....das sp2 hat doch ne firewall,liege ich da richtig?hast du die an oder ausgeschalten bzw benutzerdef. eingestellt?

Servus,
ich hab sie ausgeschaltet und das System nach dingens.org konfiguriert.
cacatoa