Hallo,

ich habe ein grosses Problem. Mein Rechner fährt ständig runter und ich weiss das ich einen Pokapoka79 in einem etb Ordner und noch einen Trojaner Name??? vielleicht sogar noch mehr , auf meinem Rechner habe. Mehrer Infos von anderen Foren, zwecks Löschung sind fehlgeschlagen. Eine liebe Freundin hat mir empfohlen Euch zu posten. Ein Logfile ist schon anbei. Ich hoffe das ihr mir helfen könnt, ihr seid echt meine letzte Möglichkeit.
Bitte um Nachsicht. Bin kein Computerprofi aber schnell lernfähig.

Ich danke Euch im vorraus. :aplaus:
LG Susann


Logfile of HijackThis v1.99.1
Scan saved at 23:09:37, on 29.09.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\explorer.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe
C:\Programme\DATA BECKER\Maximum Protection Antivirus 2004_2005\AntiVirus\avw.exe
C:\Programme\DATA BECKER\Maximum Protection Antivirus 2004_2005\AntiVirus\sp.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programme\T-Online\T-Online Internationaler Zugang\iPassConnectEngine.exe
C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~2\T-Online\T-ONLI~2\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~2\T-Online\T-ONLI~2\Notifier\Notifier.exe
C:\WINDOWS\etb\pokapoka79.exe
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_6\BROWSER\BROWSER.EXE
C:\WINDOWS\regedit.exe
C:\Dokumente und Einstellungen\Susann Müller\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search123forme.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search123forme.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search123forme.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vistano.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.de/e60/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search123forme.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe"
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\pmkji.dll (file missing)
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\vtsqp.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SWOD] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [elos] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [:C=e] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [System Updates Service] updates.pif
O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\8.tmp
O4 - HKLM\..\Run: [Compaq32 Service Drivers] ms32.exe
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [Microsoft Windows Game Updater] msgame32.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitevju32.exe
O4 - HKLM\..\Run: [77ao] C:\WINDOWS\mojfpxj.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [r"Ÿe„šVnRÖ§j÷©OVó×C:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\mojfpxj.exe
O4 - HKLM\..\Run: [r"Ÿe„š/‚²�ÆßfÏNb*»1C:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\mojfpxj.exe
O4 - HKLM\..\Run: [Nokia Check] nokiacheck.exe
O4 - HKLM\..\Run: [Compaqs Service Driver] copypad32.exe
O4 - HKLM\..\Run: [Wind Security] mswi32.pif
O4 - HKLM\..\Run: [MS DLL Library Manager] C:\WINDOWS\System32\dllsys64.exe
O4 - HKLM\..\Run: [iPCCheck] "C:\Programme\T-Online\T-Online Internationaler Zugang\downloader\ipccheck.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Programme\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [T-Online Dialerschutz-Software] "C:\Programme\T-Online\Dialerschutz-Software\defender.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P36 "EPSON Stylus DX3800 Series (Kopie 1)" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
O4 - HKLM\..\RunServices: [System Updates Service] updates.pif
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] ms32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Game Updater] msgame32.exe
O4 - HKLM\..\RunServices: [Nokia Check] nokiacheck.exe
O4 - HKLM\..\RunServices: [Compaqs Service Driver] copypad32.exe
O4 - HKLM\..\RunServices: [Wind Security] mswi32.pif
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [System Updates Service] updates.pif
O4 - HKCU\..\Run: [Compaq32 Service Drivers] ms32.exe
O4 - HKCU\..\Run: [WinFixer 2005] "C:\Programme\WinFixer 2005\WFX5.exe" /scan
O4 - HKCU\..\Run: [Nokia Check] nokiacheck.exe
O4 - HKCU\..\Run: [Compaqs Service Driver] copypad32.exe
O4 - HKCU\..\Run: [Wind Security] mswi32.pif
O4 - HKCU\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [shell] "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [WinMedia] c:\kbcd3072.exe
O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
O4 - HKCU\..\RunServices: [System Updates Service] updates.pif
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] ms32.exe
O4 - HKCU\..\RunServices: [Nokia Check] nokiacheck.exe
O4 - HKCU\..\RunServices: [Compaqs Service Driver] copypad32.exe
O4 - HKCU\..\RunServices: [Wind Security] mswi32.pif
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DATA BECKER - Virenwächter.lnk = C:\Programme\DATA BECKER\Maximum Protection Antivirus 2004_2005\AntiVirus\avw.exe
O4 - Global Startup: Quicken 2005 Zahlungserinnerung.lnk = C:\Programme\Quicken2005\billmind.exe
O4 - Global Startup: T-Online Internationaler Zugang.lnk = C:\Programme\T-Online\T-Online Internationaler Zugang\International.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung.de/DE/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159103282375
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159106328015
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all02.kundenserver.de/app/static/activex/msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8C66C1E-6F3A-41FC-9ED2-5B7C987121BE}: NameServer = 217.237.151.115 217.237.150.188
O20 - Winlogon Notify: pmkji - pmkji.dll (file missing)
O20 - Winlogon Notify: vtsqp - C:\WINDOWS\System32\vtsqp.dll
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\System32\eichopdh.dll (file missing)
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Dialerschutz Dienst (DFSVC) - Unknown owner - C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - T-Online International AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~2\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Microsoft SSL (ssl) - Unknown owner - C:\WINDOWS\System32\ssl.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe (file missing)
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: Windows Time Sync (wservtime) - Unknown owner - C:\WINDOWS\csrss.exe (file missing)

Du hast Dir das eingefangen:
http://www.sophos.de/security/analyses/w32rbotama.html

Der Grund ist u.a hier zu suchen:

Logfile of HijackThis v1.99.1
Scan saved at 22:45:21, on 29.09.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Hier die Anleitung zur Bereinigung:
http://www.trojaner-board.de/showthread.php?t=12154