Ich hatte vor gut einer Woche Probleme mit Istbar.exe oder InetGet ! Diese konnte ich aber (scheinbar) beheben.

Seit ein Paar Tagen fehlt die obere Leiste des Taskmanagers !
In letzten Tagen hat die Datei spoolsv.exe beim Systemstart versucht aufs Internet zuzugreifen.Das tut sie nun nicht mehr.

Jedoch versucht nun die Datei mc-58-12-0000140.exe beim Systemstart aufs Internet zuzugreifen ! Da kann irgendetwas nicht stimmen !
Ich benutze McAffe / Asquared / Spybot / Adaware / Antivir / alle finden nichts trots aktuellstem Update:

Habe jedoch mal die Dateien
mc-58-12-0000140.exe und die Datei system32.dll aus den ...Gemeinsamen Dateinen Ordner bei h**p://virusscan.jotti.org/de/ checken lassen :

Datei: system32.dll
Status: INFIZIERT/MALWARE (Anmerkung: diese Datei wurde bereits vorher gescannt. Die Scanergebnisse werden daher nicht in der Datenbank gespeichert.)

AntiVir Keine Viren gefunden
ArcaVir Adware.Maxifiles.A gefunden
Avast Win32:Trojan-gen. gefunden
AVG Antivirus Downloader.Agent.PN gefunden
BitDefender Trojan.Downloader.Agent.RV gefunden
ClamAV Keine Viren gefunden
Dr.Web Keine Viren gefunden
F-Prot Antivirus W32/Downloader.GQL gefunden
Fortinet W32/CQG.C-tr gefunden
Kaspersky Anti-Virus not-a-virus:AdWare.Win32.Maxifiles.a gefunden
NOD32 Win32/Adware.Maxifiles application gefunden
Norman Virus Control W32/DLoader.GQM gefunden
UNA TrojanDownloader.Win32.Agent gefunden
VBA32 Trojan-Downloader.Win32.Agent.rv gefunden

die andere:

Datei: mc-12.exe
Status: INFIZIERT/MALWARE (Anmerkung: diese Datei wurde bereits vorher gescannt. Die Scanergebnisse werden daher nicht in der Datenbank gespeichert.)

AntiVir Keine Viren gefunden
ArcaVir Trojan.Clicker.Small.Ht gefunden
Avast Keine Viren gefunden
AVG Antivirus Keine Viren gefunden
BitDefender Trojan.Msdrop.EN gefunden
ClamAV Keine Viren gefunden
Dr.Web Trojan.DownLoader.4473 gefunden
F-Prot Antivirus Keine Viren gefunden
Fortinet Keine Viren gefunden
Kaspersky Anti-Virus Keine Viren gefunden
NOD32 Keine Viren gefunden
Norman Virus Control Keine Viren gefunden
UNA Adware.Maxifiles gefunden
VBA32 Keine Viren gefunden

und mein HijackThis log sieht so aus:



Logfile of HijackThis v1.99.1
Scan saved at 12:32:07, on 10.10.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programme\QuickTime\qttask.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
C:\Programme\Network Associates\Common Framework\UpdaterUI.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Programme\Skype\Phone\Skype.exe
C:\WINNT\system32\rundll32.exe
C:\Programme\Gemeinsame Dateien\mc-58-12-0000140.exe
C:\WINNT\explorer.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\LASISL~1\LOKALE~1\Temp\Rar$EX00.781\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Programme\DNS\Catcher.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DNS] C:\Programme\Gemeinsame Dateien\mc-58-12-0000140.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Preispiraten 2.1.1 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: eBay Homepage - {D4951B60-8FF9-4813-B716-FF3E75386E74} - h**p://w*w.preispiraten.de/cgi-bin/e/tracker_short.pl?h**p://w*w.ebay.de
(file missing)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - h**p://www.spywarestormer.com/files2/Install.cabO16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - h**p://ww.windowsecurity.com/trojanscan/axscan.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lir-home.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC2B7205-EF7B-466F-A089-845624253F43}: NameServer = 192.168.88.51,192.168.88.52
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lir-home.de
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lir-home.de
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe



Ich hoffe mir kann auf Grund der Informationen irgentjemand kompetentes helfen. Würde mich sehr freuen !

Servus, smike!
Lass´mal escan nach Cidres Anleitung http://www.trojaner-board.de/showthread.php?t=17492 im abgesicherten Modus laufen.
Bitte halte Dich genau an die Anleitung (Speicherort, Update der Signaturen vor dem Scan, Spracheinstellung Englisch, Häkchen richtig setzten) damit Haui45´s "find.bat" wie in der Anleitung beschrieben auch wirklich funktioniert!
Poste deren Ergebnis anschließend. Habe Geduld, der Scan läuft bei richtigen Einstellungen >1 Stunde und länger.
bis dann, stupormundi

hier der log (allerdings nicht alle >ca.30 Seiten) ! :

Mon Oct 10 17:02:32 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Mon Oct 10 17:02:32 2005 => Loading Spyware Signatures from new External Database (Size: 145065).
Mon Oct 10 17:02:34 2005 => Indexed Spyware Databases Successfully Created...

Mon Oct 10 17:02:47 2005 => System found infected with spywareno!/spysheriff Commercial KeyLogger ({0c1f87ae-ae62-11d3-911c-00105a17b608})! Action taken: No Action Taken.
Mon Oct 10 17:02:47 2005 => System found infected with spywareno!/spysheriff Commercial KeyLogger ({371d0743-7a57-11d2-ad5a-00105a17b608})! Action taken: No Action Taken.
Mon Oct 10 17:02:47 2005 => System found infected with spywareno!/spysheriff Commercial KeyLogger ({39fda070-61ba-11d2-ad84-00105a17b608})! Action taken: No Action Taken.
Mon Oct 10 17:02:47 2005 => System found infected with spywareno!/spysheriff Commercial KeyLogger ({4f99a075-5227-11d2-ad06-00105a17b608})! Action taken: No Action Taken.
Mon Oct 10 17:02:47 2005 => System found infected with spywareno!/spysheriff Commercial KeyLogger ({a1eedaa7-c4d8-11d2-ad9c-00105a17b608})! Action taken: No Action Taken.
Mon Oct 10 17:02:47 2005 => System found infected with spywareno!/spysheriff Commercial KeyLogger ({b22fe43c-d1e8-432a-a862-9f83d5f04732})! Action taken: No Action Taken.
Mon Oct 10 17:02:47 2005 => System found infected with spywareno!/spysheriff Commercial KeyLogger ({ca4fc24b-c65c-11d1-aa6f-000000000000})! Action taken: No Action Taken.
Mon Oct 10 17:02:47 2005 => System found infected with spywareno!/spysheriff Commercial KeyLogger ({ddd136ce-517b-11d2-ad03-00105a17b608})! Action taken: No Action Taken.
Mon Oct 10 17:02:47 2005 => System found infected with spywareno!/spysheriff Commercial KeyLogger ({e9d55102-9683-11d2-ba68-0040053687fe})! Action taken: No Action Taken.
Mon Oct 10 17:02:47 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Mon Oct 10 17:07:44 2005 => System found infected with betterinternet Spyware/Adware ({09049e4f-8d9e-4c8a-a952-5baf1a115c59})! Action taken: No Action Taken.
Mon Oct 10 17:07:44 2005 => System found infected with begin2search Spyware/Adware ({94984402-b480-45c7-ad2d-84e5eb52cfcd})! Action taken: No Action Taken.
Mon Oct 10 17:07:45 2005 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\dashbar !!!
Mon Oct 10 17:07:45 2005 => Object "gain dashbar Spyware/Adware" found in File System! Action Taken: No Action Taken.


Mon Oct 10 17:07:45 2005 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\gain publishing !!!
Mon Oct 10 17:07:45 2005 => Object "claria Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Oct 10 17:07:45 2005 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\precisiontime !!!
Mon Oct 10 17:07:45 2005 => Object "precisiontime Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Oct 10 17:07:45 2005 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\dashbar !!!
Mon Oct 10 17:07:45 2005 => Object "gain dashbar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Oct 10 17:07:45 2005 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\gain publishing !!!
Mon Oct 10 17:07:45 2005 => Object "claria Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Oct 10 17:07:45 2005 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\precisiontime !!!
Mon Oct 10 17:07:45 2005 => Object "precisiontime Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Oct 10 17:07:46 2005 => Offending file found: C:\WINNT\farmmext.ini
Mon Oct 10 17:07:46 2005 => System found infected with farmmext Spyware/Adware (farmmext.ini)! Action taken: No Action Taken.



Mon Oct 10 17:07:46 2005 => Offending file found: C:\WINNT\farmmext.ini
Mon Oct 10 17:07:46 2005 => System found infected with farmmext Spyware/Adware (farmmext.ini)! Action taken: No Action Taken.

Mon Oct 10 17:07:46 2005 => Offending file found: C:\WINNT\system32\a.exe
Mon Oct 10 17:07:46 2005 => System found infected with bridge Spyware/Adware (a.exe)! Action taken: No Action Taken.

Mon Oct 10 17:07:46 2005 => Offending file found: C:\WINNT\system32\bszip.dll
Mon Oct 10 17:07:46 2005 => System found infected with casinoonnet Spyware/Adware (bszip.dll)! Action taken: No Action Taken.

Mon Oct 10 17:07:46 2005 => Offending file found: C:\WINNT\system32\dartsock.dll
Mon Oct 10 17:07:46 2005 => System found infected with spywareno!/spysheriff Commercial KeyLogger (dartsock.dll)! Action taken: No Action Taken.

Mon Oct 10 17:07:46 2005 => Offending file found: C:\WINNT\system32\ide21201.vxd
Mon Oct 10 17:07:46 2005 => System found infected with windupdate Spyware/Adware (ide21201.vxd)! Action taken: No Action Taken.




Mon Oct 10 17:07:50 2005 => Offending file found: C:\Dokumente und Einstellungen\*\Eigene Dateien\post_mortem saves\config.dat
Mon Oct 10 17:07:50 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken.

Mon Oct 10 17:07:52 2005 => Offending file found: C:\Dokumente und Einstellungen\**\Recent\image.lnk
Mon Oct 10 17:07:52 2005 => System found infected with powerreg scheduler Spyware/Adware (image.lnk)! Action taken: No Action Taken.

Mon Oct 10 17:07:54 2005 => Offending file found: C:\Dokumente und Einstellungen\*\Lokale Einstellungen\temporary internet files\content.ie5\e1at8hkr\ads[1].htm
Mon Oct 10 17:07:54 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.

Mon Oct 10 17:07:54 2005 => Offending file found: C:\Dokumente und Einstellungen\*\Lokale Einstellungen\temporary internet files\content.ie5\gb8ny5gr\ads[1].htm
Mon Oct 10 17:07:54 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.

Mon Oct 10 17:07:54 2005 => Offending file found: C:\Dokumente und Einstellungen\*\Lokale Einstellungen\temporary internet files\content.ie5\n3lbrd0s\ads[1].htm
Mon Oct 10 17:07:54 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.

Mon Oct 10 17:07:54 2005 => Offending file found: C:\Dokumente und Einstellungen\*\Lokale Einstellungen\temporary internet files\content.ie5\p0ovtt85\show_ads[2].js
Mon Oct 10 17:07:54 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.

Mon Oct 10 17:07:54 2005 => Offending file found: C:\Dokumente und Einstellungen\*\Lokale Einstellungen\temporary internet files\content.ie5\ub43inyp\ads[1].htm
Mon Oct 10 17:07:54 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.

Mon Oct 10 17:07:55 2005 => Offending file found: C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Temporary Internet Files\content.ie5\e1at8hkr\ads[1].htm
Mon Oct 10 17:07:55 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.

Mon Oct 10 17:07:55 2005 => Offending file found: C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Temporary Internet Files\content.ie5\gb8ny5gr\ads[1].htm
Mon Oct 10 17:07:55 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.

Mon Oct 10 17:07:55 2005 => Offending file found: C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Temporary Internet Files\content.ie5\n3lbrd0s\ads[1].htm
Mon Oct 10 17:07:55 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.

Mon Oct 10 17:07:55 2005 => Offending file found: C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Temporary Internet Files\content.ie5\p0ovtt85\show_ads[2].js
Mon Oct 10 17:07:55 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.

Mon Oct 10 17:07:55 2005 => Offending file found: C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Temporary Internet Files\content.ie5\ub43inyp\ads[1].htm
Mon Oct 10 17:07:55 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.

Mon Oct 10 17:07:56 2005 => Offending file found: C:\Dokumente und Einstellungen\*\Eigene Dateien\post_mortem saves\config.dat
Mon Oct 10 17:07:56 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken.




Mon Oct 10 17:14:11 2005 => Scanning File C:\Dokumente und Einstellungen\*\Eigene Dateien\Downloads\Grim Fandango (1).zip
Mon Oct 10 17:14:11 2005 => File C:\Dokumente und Einstellungen\*\Eigene Dateien\Downloads\Grim Fandango (1).zip infected by "P2P-Worm.Win32.Wupeer.a" Virus! Action Taken: No Action Taken.



Mon Oct 10 18:24:59 2005 => File C:\Programme\MsUpdate\a.zip infected by "P2P-Worm.Win32.Wupeer.a" Virus! Action Taken: No Action Taken.





Mon Oct 10 20:26:45 2005 => ***** Checking for specific ITW Viruses *****
Mon Oct 10 20:26:45 2005 => Checking for Welchia Virus...
Mon Oct 10 20:26:45 2005 => Checking for LovGate Virus...
Mon Oct 10 20:26:45 2005 => Checking for CodeRed Virus...
Mon Oct 10 20:26:45 2005 => Checking for OpaServ Virus...
Mon Oct 10 20:26:45 2005 => Checking for Sobig.e Virus...
Mon Oct 10 20:26:45 2005 => Checking for Winupie Virus...
Mon Oct 10 20:26:45 2005 => Checking for Swen Virus...
Mon Oct 10 20:26:45 2005 => Checking for JS.Fortnight Virus...
Mon Oct 10 20:26:45 2005 => Checking for Novarg Virus...
Mon Oct 10 20:26:45 2005 => Checking for Pagabot Virus...
Mon Oct 10 20:26:45 2005 => Checking for Parite.b Virus...
Mon Oct 10 20:26:45 2005 => Checking for Parite.a Virus...
Mon Oct 10 20:26:45 2005 => Checking for Adware.SeekSeek Virus...

Mon Oct 10 20:26:45 2005 => ***** Scanning complete. *****

Mon Oct 10 20:26:45 2005 => Total Objects Scanned: 78208
Mon Oct 10 20:26:45 2005 => Total Virus(es) Found: 42
Mon Oct 10 20:26:45 2005 => Total Disinfected Files: 0
Mon Oct 10 20:26:45 2005 => Total Files Renamed: 0
Mon Oct 10 20:26:45 2005 => Total Deleted Objects: 0
Mon Oct 10 20:26:45 2005 => Total Errors: 491
Mon Oct 10 20:26:45 2005 => Time Elapsed: 03:24:26
Mon Oct 10 20:26:45 2005 => Virus Database Date: 2005/10/10
Mon Oct 10 20:26:45 2005 => Virus Database Count: 153275

Mon Oct 10 20:26:45 2005 => Scan Completed.

Mon Oct 10 22:20:01 2005 => Virus Database Date: 2005/10/10
Mon Oct 10 22:20:01 2005 => Virus Database Count: 153275
Mon Oct 10 22:20:11 2005 => AV Library Unloaded (3)...

Servus, smike!
Hast eine PN!
Arbeite einmal den Link http://www.trojaner-board.de/showthread.php?t=21709 hier durch

Lass´ anschließend clearprog http://www.clearprog.de/ (VS. 1.4.1 final auswählen) und lösche ebenfalls im abgesicherten Modus damit alle temporär Dateien (am besten links unten "alles löschen" anklicken)
Wegen dem Fund

Zitat:

Mon Oct 10 17:14:11 2005 => Scanning File C:\Dokumente und Einstellungen\*\Eigene Dateien\Downloads\Grim Fandango (1).zip
Mon Oct 10 17:14:11 2005 => File C:\Dokumente und Einstellungen\*\Eigene Dateien\Downloads\Grim Fandango (1).zip infected by "P2P-Worm.Win32.Wupeer.a" Virus! Action Taken: No Action Taken.
Mon Oct 10 18:24:59 2005 => File C:\Programme\MsUpdate\a.zip infected by "P2P-Worm.Win32.Wupeer.a" Virus! Action Taken: No Action Taken.

- Hast Du die schon mal entpackt? Wenn nein, diese Datei ebenfalls im abgesicherten Modus bei deaktivierter Systemwiederherstellung http://www.systemwiederherstellung-d...indows-xp.html löschen!
Nachdem Du alle Punkte abgearbeitet hast, neuer escan und HJT-Logfile
bis dann, stupormundi

hier der logfile von escan (erst nach dem check fiel mir ein Grim Fandango.zip ...noch zu löschen,daher hier noch die meldung s.u. ) :


Tue Oct 11 09:54:59 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Tue Oct 11 09:54:59 2005 => Loading Spyware Signatures from new External Database (Size: 145065).
Tue Oct 11 09:54:59 2005 => Indexed Spyware Databases Successfully Created...

Tue Oct 11 09:55:38 2005 => System found infected with spywareno!/spysheriff Commercial KeyLogger ({0c1f87ae-ae62-11d3-911c-00105a17b608})! Action taken: No Action Taken.
Tue Oct 11 09:55:38 2005 => System found infected with spywareno!/spysheriff Commercial KeyLogger ({371d0743-7a57-11d2-ad5a-00105a17b608})! Action taken: No Action Taken.
Tue Oct 11 09:55:39 2005 => System found infected with spywareno!/spysheriff Commercial KeyLogger ({39fda070-61ba-11d2-ad84-00105a17b608})! Action taken: No Action Taken.
Tue Oct 11 09:55:39 2005 => System found infected with spywareno!/spysheriff Commercial KeyLogger ({4f99a075-5227-11d2-ad06-00105a17b608})! Action taken: No Action Taken.
Tue Oct 11 09:55:39 2005 => System found infected with spywareno!/spysheriff Commercial KeyLogger ({a1eedaa7-c4d8-11d2-ad9c-00105a17b608})! Action taken: No Action Taken.
Tue Oct 11 09:55:39 2005 => System found infected with spywareno!/spysheriff Commercial KeyLogger ({b22fe43c-d1e8-432a-a862-9f83d5f04732})! Action taken: No Action Taken.
Tue Oct 11 09:55:39 2005 => System found infected with spywareno!/spysheriff Commercial KeyLogger ({ca4fc24b-c65c-11d1-aa6f-000000000000})! Action taken: No Action Taken.
Tue Oct 11 09:55:39 2005 => System found infected with spywareno!/spysheriff Commercial KeyLogger ({ddd136ce-517b-11d2-ad03-00105a17b608})! Action taken: No Action Taken.
Tue Oct 11 09:55:39 2005 => System found infected with spywareno!/spysheriff Commercial KeyLogger ({e9d55102-9683-11d2-ba68-0040053687fe})! Action taken: No Action Taken.
Tue Oct 11 09:55:39 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Tue Oct 11 09:55:39 2005 => System found infected with betterinternet Spyware/Adware ({09049e4f-8d9e-4c8a-a952-5baf1a115c59})! Action taken: No Action Taken.
Tue Oct 11 09:55:39 2005 => System found infected with begin2search Spyware/Adware ({94984402-b480-45c7-ad2d-84e5eb52cfcd})! Action taken: No Action Taken.
Tue Oct 11 09:55:41 2005 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\dashbar !!!
Tue Oct 11 09:55:41 2005 => Object "gain dashbar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue Oct 11 09:55:41 2005 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\gain publishing !!!
Tue Oct 11 09:55:41 2005 => Object "claria Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue Oct 11 09:55:41 2005 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\precisiontime !!!
Tue Oct 11 09:55:41 2005 => Object "precisiontime Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue Oct 11 09:55:41 2005 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\dashbar !!!
Tue Oct 11 09:55:41 2005 => Object "gain dashbar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue Oct 11 09:55:41 2005 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\gain publishing !!!
Tue Oct 11 09:55:41 2005 => Object "claria Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue Oct 11 09:55:41 2005 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\precisiontime !!!
Tue Oct 11 09:55:41 2005 => Object "precisiontime Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue Oct 11 09:55:42 2005 => Offending file found: C:\WINNT\farmmext.ini
Tue Oct 11 09:55:42 2005 => System found infected with farmmext Spyware/Adware (farmmext.ini)! Action taken: No Action Taken.

Tue Oct 11 09:55:42 2005 => Offending file found: C:\WINNT\system32\a.exe
Tue Oct 11 09:55:42 2005 => System found infected with bridge Spyware/Adware (a.exe)! Action taken: No Action Taken.

Tue Oct 11 09:55:42 2005 => Offending file found: C:\WINNT\system32\bszip.dll
Tue Oct 11 09:55:42 2005 => System found infected with casinoonnet Spyware/Adware (bszip.dll)! Action taken: No Action Taken.

Tue Oct 11 09:55:42 2005 => Offending file found: C:\WINNT\system32\dartsock.dll
Tue Oct 11 09:55:42 2005 => System found infected with spywareno!/spysheriff Commercial KeyLogger (dartsock.dll)! Action taken: No Action Taken.

Tue Oct 11 09:55:43 2005 => Offending file found: C:\WINNT\system32\ide21201.vxd
Tue Oct 11 09:55:43 2005 => System found infected with windupdate Spyware/Adware (ide21201.vxd)! Action taken: No Action Taken.

Tue Oct 11 09:55:44 2005 => Offending file found: C:\Dokumente und Einstellungen\**\Eigene Dateien\post_mortem saves\config.dat
Tue Oct 11 09:55:44 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken.

Tue Oct 11 09:55:45 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Recent\image.lnk
Tue Oct 11 09:55:45 2005 => System found infected with powerreg scheduler Spyware/Adware (image.lnk)! Action taken: No Action Taken.

Tue Oct 11 09:55:47 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Eigene Dateien\post_mortem saves\config.dat
Tue Oct 11 09:55:47 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken.


Tue Oct 11 09:59:29 2005 => Scanning File C:\Dokumente und Einstellungen\**\Eigene Dateien\Downloads\Grim Fandango .zip
Tue Oct 11 09:59:29 2005 => File C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\Grim Fandango .zip infected by "P2P-Worm.Win32.Wupeer.a" Virus! Action Taken: No Action Taken.


Tue Oct 11 10:29:01 2005 => File C:\Programme\MsUpdate\a.zip infected by "P2P-Worm.Win32.Wupeer.a" Virus! Action Taken: No Action Taken.



Tue Oct 11 11:19:02 2005 => ***** Checking for specific ITW Viruses *****
Tue Oct 11 11:19:02 2005 => Checking for Welchia Virus...
Tue Oct 11 11:19:02 2005 => Checking for LovGate Virus...
Tue Oct 11 11:19:02 2005 => Checking for CodeRed Virus...
Tue Oct 11 11:19:03 2005 => Checking for OpaServ Virus...
Tue Oct 11 11:19:03 2005 => Checking for Sobig.e Virus...
Tue Oct 11 11:19:03 2005 => Checking for Winupie Virus...
Tue Oct 11 11:19:03 2005 => Checking for Swen Virus...
Tue Oct 11 11:19:03 2005 => Checking for JS.Fortnight Virus...
Tue Oct 11 11:19:03 2005 => Checking for Novarg Virus...
Tue Oct 11 11:19:03 2005 => Checking for Pagabot Virus...
Tue Oct 11 11:19:03 2005 => Checking for Parite.b Virus...
Tue Oct 11 11:19:03 2005 => Checking for Parite.a Virus...
Tue Oct 11 11:19:03 2005 => Checking for Adware.SeekSeek Virus...

Tue Oct 11 11:19:03 2005 => ***** Scanning complete. *****

Tue Oct 11 11:19:03 2005 => Total Objects Scanned: 77822
Tue Oct 11 11:19:03 2005 => Total Virus(es) Found: 32
Tue Oct 11 11:19:03 2005 => Total Disinfected Files: 0
Tue Oct 11 11:19:03 2005 => Total Files Renamed: 0
Tue Oct 11 11:19:03 2005 => Total Deleted Objects: 0
Tue Oct 11 11:19:03 2005 => Total Errors: 495
Tue Oct 11 11:19:04 2005 => Time Elapsed: 01:24:24
Tue Oct 11 11:19:04 2005 => Virus Database Date: 2005/10/11
Tue Oct 11 11:19:04 2005 => Virus Database Count: 153395

Tue Oct 11 11:19:04 2005 => Scan Completed.

Tue Oct 11 11:20:16 2005 => Virus Database Date: 2005/10/11
Tue Oct 11 11:20:16 2005 => Virus Database Count: 153395
Tue Oct 11 11:20:24 2005 => AV Library Unloaded (3)...

so hier ist der rest: (habe den link auch komplett durchgearbeitet - hat aber keine halbe std. gedauert mit der runthis.bat - *wunder* )

achja und spybot hat jedemenge immunisiert und noch die google toolbar angezeigt, die hab ich nicht markiert weils da mal probleme mit deinstallieren gab, bin mir aber nicht sicher ??)


Logfile of HijackThis v1.99.1
Scan saved at 11:58:46, on 11.10.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Programme\QuickTime\qttask.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
C:\Programme\Network Associates\Common Framework\UpdaterUI.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Programme\Skype\Phone\Skype.exe
C:\WINNT\system32\rundll32.exe
C:\Programme\Gemeinsame Dateien\mc-58-12-0000140.exe
C:\WINNT\system32\cmd.exe
C:\Programme\Gemeinsame Dateien\services.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\~1\LOKALE~1\Temp\Rar$EX00.531\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htp://***.google.de
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Programme\DNS\Catcher.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DNS] C:\Programme\Gemeinsame Dateien\mc-58-12-0000140.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Preispiraten 2.1.1 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: eBay Homepage - {D4951B60-8FF9-4813-B716-FF3E75386E74} - htp://***.preispiraten.de/cgi-bin/e/tracker_short.pl?htt://***.ebay.de(file missing)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} ht://***.spywrestormer.co/files2/Install.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - htp://***.windowsecurity.com/trojanscan/axscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lir-home.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC2B7205-EF7B-466F-A089-845624253F43}: NameServer = 192.168.88.51,192.168.88.52
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lir-home.de
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lir-home.de
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe


..viel erfolg !!