Rechner ist vollkommen verseucht

mmehltretter · 08.04.2006, 21:24

Hallo,
habe auf einem Rechner verschiedenste Viren,Spyware, Trojaner, ...
Mit Antivir und Ad_aware bin ich schon so einiges losgeworden aber nun ist meine Latein leider am Ende. nach jedem Neustart wird mir eine neue "Infektion mit TR/Drop.Zlob.JT.2 oder TR/Zlob.IT.3 oder TR/Dldr.Zlob.JS
angezeigt. Es popt auch immer wieder eine Security Meldung auf, über die angeblich Anti-Spyware-Software bezogen werden kann.
Hier das Logfile,vielleicht kann jemand helfen. Schon mal besten Dank für eure Bemühungen.

Logfile of HijackThis v1.99.1
Scan saved at 22:06:04, on 08.04.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
d:\treiber\IGDCTRL.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
D:\TREIBER\StCenter.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\DOKUME~1\***\LOKALE~1\Temp\Temporäres Verzeichnis 2 für hijackthis_199.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1und1.de/Herzlich_Willkommen/b1/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1 & 1 Internet AG
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ\ICQToolbar\toolbaru.dll
O2 - BHO: Nothing - {7a932ed2-1737-4ab8-b84d-c71779958551} - C:\WINDOWS\system32\hp956A.tmp (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Programme\Security Toolbar\Security Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Programme\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\G DATA Windows XP Styler\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PestTrap] C:\Program Files\PestTrap\PestTrap.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = D:\TREIBER\StCenter.exe
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {A461BF3E-96B0-488F-9ACA-202335DDCC4B} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.de/Herzlich_Willkommen/b1/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - d:\treiber\IGDCTRL.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\G DATA Windows XP Styler\StyleXPService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

dartus · 08.04.2006, 22:43

Hallo mmehltretter,

verfahre wie folgt:
http://www.trojaner-board.de/showthread.php?t=21709

"smitrem" ist eine selbstextrahierende Datei, ein Entpackungsprogramm wie Winrar ist nicht notwendig.

dartus

mmehltretter · 09.04.2006, 08:32

So, nun bin ich der Anleitung gefolgt. Habe aber den Verdacht, dass noch nicht alles entfernt wurde. Wie kann ich weiter verfahren? Hier die neuen Logs von HijackThis und eScan:

Logfile of HijackThis v1.99.1
Scan saved at 07:09:20, on 09.04.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
d:\treiber\IGDCTRL.EXE
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
D:\TREIBER\StCenter.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\DOKUME~1\***\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis_199.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1und1.de/Herzlich_Willkommen/b1/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1 & 1 Internet AG
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ\ICQToolbar\toolbaru.dll
O2 - BHO: Nothing - {7a932ed2-1737-4ab8-b84d-c71779958551} - C:\WINDOWS\system32\hp956A.tmp (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Programme\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\G DATA Windows XP Styler\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PestTrap] C:\Program Files\PestTrap\PestTrap.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = D:\TREIBER\StCenter.exe
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {A461BF3E-96B0-488F-9ACA-202335DDCC4B} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.de/Herzlich_Willkommen/b1/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - d:\treiber\IGDCTRL.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\G DATA Windows XP Styler\StyleXPService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Da das log-file von eScan in DinA4 Seiten übersetzt ca. 2500 Seiten lang geworden ist habe ich nur mal die gefundenen Infektionen, den Start und die Zusammenfassung hier gepostet. Hab ich beim erstellen des logs was falsch gemacht?

Sun Apr 09 04:40:54 2006 => **********************************************************
Sun Apr 09 04:40:54 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Sun Apr 09 04:40:54 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Sun Apr 09 04:40:54 2006 => **********************************************************
Sun Apr 09 04:40:54 2006 => Source: C:\DOKUME~1\Tobias\Desktop\mwav.exe
Sun Apr 09 04:40:54 2006 => Version 8.2.2 (C:\DOKUME~1\***\LOKALE~1\Temp\mexe.com)
Sun Apr 09 04:40:54 2006 => Log File: C:\DOKUME~1\***\LOKALE~1\Temp\MWAV.LOG
Sun Apr 09 04:40:54 2006 => MWAV Registered: FALSE.
Sun Apr 09 04:40:54 2006 => OS Type: Windows Workstation
Sun Apr 09 04:40:54 2006 => Local Fixed Drives: c:\,d:\,e:\
Sun Apr 09 04:40:54 2006 => MWAV Mode: Only Scan files.
Sun Apr 09 04:40:54 2006 => Latest Date of files inside MWAV: 06 Apr 2006 15:08:30.
Sun Apr 09 04:40:56 2006 => AV Library Loaded...
Sun Apr 09 04:40:56 2006 => MWAV doing self scanning...
Sun Apr 09 04:40:56 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\kavss.exe
Sun Apr 09 04:40:56 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\Getvlist.exe
Sun Apr 09 04:40:56 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\kavss.dll
Sun Apr 09 04:40:57 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\kavssdi.dll
Sun Apr 09 04:40:57 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\kavssi.dll
Sun Apr 09 04:40:57 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\kavvlg.dll
Sun Apr 09 04:40:57 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\msvlclnt.dll
Sun Apr 09 04:40:57 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\ipc.dll
Sun Apr 09 04:40:57 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\main.avi
Sun Apr 09 04:40:57 2006 => Scanning File C:\DOKUME~1\***\LOKALE~1\Temp\virus.avi
Sun Apr 09 04:40:57 2006 => MWAV files are clean.
Sun Apr 09 04:40:57 2006 => Virus Database Date: 4/6/2006
Sun Apr 09 04:40:57 2006 => Virus Database Count: 186553
Sun Apr 09 04:41:03 2006 => Downloading AntiVirus and Anti-Spyware Databases...
Sun Apr 09 04:41:45 2006 => Downloads Successful...
Sun Apr 09 04:41:48 2006 => Reload of AntiVirus Signatures successfully done.
Sun Apr 09 04:41:48 2006 => Virus Database Date: 4/9/2006
Sun Apr 09 04:41:48 2006 => Virus Database Count: 183020

Sun Apr 09 04:43:54 2006 => **********************************************************
Sun Apr 09 04:43:54 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Sun Apr 09 04:43:54 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Sun Apr 09 04:43:54 2006 =>
Sun Apr 09 04:43:54 2006 => Support: support@mwti.net
Sun Apr 09 04:43:54 2006 => Web: http://www.mwti.net
Sun Apr 09 04:43:54 2006 => **********************************************************
Sun Apr 09 04:43:54 2006 => Version 8.2.2 (C:\DOKUME~1\***\LOKALE~1\Temp\mexe.com)
Sun Apr 09 04:43:54 2006 => Log File: C:\DOKUME~1\***\LOKALE~1\Temp\MWAV.LOG
Sun Apr 09 04:43:54 2006 => User Account: ***
Sun Apr 09 04:43:54 2006 => Windows Root Folder: C:\WINDOWS
Sun Apr 09 04:43:54 2006 => Windows Sys32 Folder: C:\WINDOWS\system32
Sun Apr 09 04:43:54 2006 => OS: Windows XP
Sun Apr 09 04:43:54 2006 => Latest Date of files inside MWAV: 09 Apr 2006 04:16:55.

Sun Apr 09 04:43:54 2006 => Options Selected by User:
Sun Apr 09 04:43:54 2006 => Memory Check: Enabled
Sun Apr 09 04:43:54 2006 => Registry Check: Enabled
Sun Apr 09 04:43:54 2006 => StartUp Folder Check: Disabled
Sun Apr 09 04:43:54 2006 => System Folder Check: Disabled
Sun Apr 09 04:43:54 2006 => System Area Check: Disabled
Sun Apr 09 04:43:54 2006 => Services Check: Enabled
Sun Apr 09 04:43:54 2006 => Drive Check: Disabled
Sun Apr 09 04:43:54 2006 => All Drive Check :Enabled
Sun Apr 09 04:43:54 2006 => Folder Check: Disabled

Sun Apr 09 04:44:20 2006 => ERROR!!! Invalid Entry = C:\WINDOWS\system32\hp956A.tmp (in key Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7a932ed2-1737-4ab8-b84d-c71779958551}). No Action Taken.

Sun Apr 09 04:44:27 2006 => ERROR!!! Invalid Entry ICQ Lite = C:\Programme\ICQLite\ICQLite.exe -minimize (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
Sun Apr 09 04:44:27 2006 => ERROR!!! Invalid Entry BearShare = "C:\Programme\BearShare\BearShare.exe" /pause (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.

Sun Apr 09 04:44:28 2006 => ERROR!!! Invalid Entry Shareaza = "C:\Programme\Shareaza\Shareaza.exe" -tray (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.

Apr 09 04:44:29 2006 => ERROR!!! Invalid Entry PestTrap = C:\Program Files\PestTrap\PestTrap.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.

Sun Apr 09 04:46:20 2006 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\PestTrap.zip is Not Scanned

04:46:20 2006 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\PestTrap1.zip is Not Scanned

04:46:21 2006 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SpywareQuake.zip is Not Scanned

04:46:21 2006 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SpywareQuake1.zip is Not Scanned

04:46:21 2006 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\SpywareQuake2.zip is Not Scanned

04:46:21 2006 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WhenUSaveNow.zip is Not Scanned

04:46:21 2006 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WhenUSaveNow1.zip is Not Scanned

04:46:21 2006 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WhenUSearchDesktoptoolbar.zip is Not Scanned

04:46:21 2006 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsActiveDesktop.zip is Not Scanned

Apr 09 04:51:34 2006 => ERROR!!! MS_ScanAndClean return ffffffff

Apr 09 04:51:34 2006 => ERROR!!! ScanFile fails for C:\Dokumente und Einstellungen\***\Eigene Dateien\Spielstände\Battlefield 2\mods\bf2\cache\{D7B71E3E-4207-11CF-2468-5A2303C2CB35}_2442_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhascolormapglosshasdot3alphatesthashemiocclusion

Sun Apr 09 04:51:34 2006 => ERROR!!! MS_ScanAndClean return ffffffff

Sun Apr 09 04:51:34 2006 => ERROR!!! ScanFile fails for C:\Dokumente und Einstellungen\***\Eigene Dateien\Spielstände\Battlefield 2\mods\bf2\cache\{D7B71E3E-4207-11CF-2468-5A2303C2CB35}_2442_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhascolormapglosshasdot3alphatesthasshadowocclusi

Sun Apr 09 04:51:35 2006 => ERROR!!! MS_ScanAndClean return ffffffff

Sun Apr 09 04:51:35 2006 => ERROR!!! ScanFile fails for C:\Dokumente und Einstellungen\***\Eigene Dateien\Spielstände\Battlefield 2\mods\bf2\cache\{D7B71E3E-4207-11CF-2468-5A2303C2CB35}_2442_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhasstaticglosshasdot3alphatesthashemiocclusion.c

Sun Apr 09 04:51:35 2006 => ERROR!!! MS_ScanAndClean return ffffffff

Sun Apr 09 04:51:35 2006 => ERROR!!! ScanFile fails for C:\Dokumente und Einstellungen\***\Eigene Dateien\Spielstände\Battlefield 2\mods\bf2\cache\{D7B71E3E-4207-11CF-2468-5A2303C2CB35}_2442_3\rashaderbmhasuvanimationhasnormalmaphasgimaphasenvmapusehemimaphasshadowhasstaticglosshasdot3alphatesthasshadowocclusion

Sun Apr 09 04:54:22 2006 => Result: ERROR!!! File C:\pagefile.sys: Scanning Failure!!!

Sun Apr 09 04:54:22 2006 => ERROR!!! ScanFile fails for C:\pagefile.sys

Sun Apr 09 05:04:43 2006 => Result: ERROR!!! File C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask is Not Scanned
Sun Apr 09 05:04:43 2006 => C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask not Scanned. Possibly password protected...

Sun Apr 09 04:44:42 2006 => ***** Scanning Registry and File system for Adware/Spyware *****
Sun Apr 09 04:44:42 2006 => Loading Spyware Signatures from new External Database (Size: 154683).
Sun Apr 09 04:44:44 2006 => Indexed Spyware Databases Successfully Created...

Sun Apr 09 04:44:56 2006 => System found infected with stylexp Spyware/Adware ({c333cf63-767f-4831-94ac-e683d962c63c})! Action taken: No Action Taken.
Sun Apr 09 04:44:57 2006 => System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken.
Sun Apr 09 04:44:58 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\limewire !!!
Sun Apr 09 04:44:58 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Apr 09 04:44:58 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\security toolbar !!!
Sun Apr 09 04:44:58 2006 => Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.

Sun Apr 09 04:44:58 2006 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!!
Sun Apr 09 04:44:58 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Apr 09 04:44:58 2006 => Offending Key found: HKLM\Software\limewire !!!
Sun Apr 09 04:44:58 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Apr 09 04:44:59 2006 => Offending file found: C:\WINDOWS\system32\dfrgsrv.exe
Sun Apr 09 04:44:59 2006 => System found infected with spyfalcon Trojan (dfrgsrv.exe)! Action taken: No Action Taken.

Sun Apr 09 04:44:59 2006 => Offending Folder found: C:\Programme\limewire
Sun Apr 09 04:44:59 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Apr 09 04:44:59 2006 => Offending Folder found: C:\Dokumente und Einstellungen\***\Anwendungsdaten\limewire
Sun Apr 09 04:44:59 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Apr 09 04:45:01 2006 => Offending Folder found: C:\Dokumente und Einstellungen\***\Eigene Dateien\ea games\die sims 2\music\cas
Sun Apr 09 04:45:01 2006 => Object "casinoclient Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Apr 09 04:45:03 2006 => Offending Folder found: C:\Dokumente und Einstellungen\***\Eigene Dateien\spielstände\ea games\die sims 2\music\cas
Sun Apr 09 04:45:03 2006 => Object "casinoclient Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Apr 09 04:45:03 2006 => Offending Folder found: C:\Dokumente und Einstellungen\***\Startmenü\programme\limewire
Sun Apr 09 04:45:03 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Apr 09 04:45:03 2006 => Offending Folder found: C:\Dokumente und Einstellungen\***\Startmenü\Programme\limewire
Sun Apr 09 04:45:03 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Apr 09 04:45:05 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\online security guide.url
Sun Apr 09 04:45:05 2006 => System found infected with smitfraud variant Browser Hijacker (online security guide.url)! Action taken: No Action Taken.

Sun Apr 09 04:45:05 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\security troubleshooting.url
Sun Apr 09 04:45:05 2006 => System found infected with smitfraud variant Browser Hijacker (security troubleshooting.url)! Action taken: No Action Taken.

Sun Apr 09 05:24:06 2006 => File C:\WINDOWS\system32\dfrgsrv.exe infected by "Trojan-Downloader.Win32.Zlob.jx" Virus! Action Taken: No Action Taken.

Sun Apr 09 05:43:07 2006 => ***** Scanning complete. *****

Sun Apr 09 05:43:07 2006 => Total Objects Scanned: 67984
Sun Apr 09 05:43:07 2006 => Total Critical Objects: 16
Sun Apr 09 05:43:07 2006 => Total Disinfected Objects: 0
Sun Apr 09 05:43:07 2006 => Total Objects Renamed: 0
Sun Apr 09 05:43:07 2006 => Total Deleted Objects: 0
Sun Apr 09 05:43:07 2006 => Total Errors: 20
Sun Apr 09 05:43:07 2006 => Time Elapsed: 00:59:05
Sun Apr 09 05:43:07 2006 => Virus Database Date: 4/9/2006
Sun Apr 09 05:43:07 2006 => Virus Database Count: 183020

Sun Apr 09 05:43:07 2006 => Scan Completed.

irrlicht · 09.04.2006, 11:24

mmehltretter,
versuche das hier :http://virus-protect.org/artikel/spy...warequake.html
dieses mal hältst du dich aber genau an die Anleitung !!
Die EScan-Anleitung nochmal genau lesen,die Ergebniszusammenstellung muß anders aussehen.
Irrlicht

Rechner ist vollkommen verseucht

Log-Analyse und Auswertung: Rechner ist vollkommen verseucht