Trojaner-Board - HijackThis Log... bitte um Auswertung!

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - HijackThis Log... bitte um Auswertung! (https://www.trojaner-board.de/14186-hijackthis-log-bitte-um-auswertung.html)

HijackThis Log... bitte um Auswertung!

Hallo!

Ich bin das erste mal hier und wollte euch fragen, ob ihr mir sagen könnt,
was da nicht reingehört?
Hab das Problem, dass ich ne Verbindung aufbauen kann, aber der Explorer sowie auch Firefox keine Seiten anzeigt!

MfG und Danke für die Hilfe!
Danny
Logfile of HijackThis v1.99.0
Scan saved at 14:25:09, on 20.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Softwin\BitDefender8\bdswitch.exe
C:\Programme\Softwin\BitDefender8\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
G:\Antivirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet3_88.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\programme\newdotnet\newdotnet3_88.dll' missing
O23 - Service: BitDefender Scan Server - Unknown - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield - Unknown - C:\Programme\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe

Hallo,

1.) eScan runterladen und updaten (noch nicht scannen). Anleitung vorher komplett lesen, am besten ausdrucken.
LSP-Fix runterladen!

2.) Falls vorhanden NewdotNet/new.net o.ä. über Systemsteuerung-> Software entfernen.

3.) boote in den abgesicherten Modus.
fixe mit Hijackthis (mit HjT scannen, Haken setzen und "fix checked" anklicken)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet3_88.dll (file missing)

O10 - Broken Internet access because of LSP provider 'c:\programme\newdotnet\newdotnet3_88.dll' missing

lösche manuell:
c:\programme\newdotnet

Scanne jetzt mit eScan und lösche die gefundenen Dateien manuell (Vorsicht bei Dateien, die als "not-a-virus" erkannt werden).

4.) Neustart

Wenn du Probleme hast, ins Netz zu kommen, repariere deine Winsocks mit LSP-Fix.

Falls nicht schon getan, bitte einen alternativen Browser verwenden!

5.) Neues HijackThis-Logfile posten. Problem gelöst?

PS: Falls du Probleme hast, die Dateien zu finden, nimm bitte folgende Einstellungen vor:
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren
+
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren

Hallo nach dem ich deine Punkte abgearbeitet hatte, sieht das Logfile nun so aus:

Logfile of HijackThis v1.99.0
Scan saved at 19:20:01, on 22.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Softwin\BitDefender8\bdswitch.exe
C:\Programme\Softwin\BitDefender8\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\wuauclt.exe
G:\Antivirus\HiJacker entfernung\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: BitDefender Scan Server - Unknown - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield - Unknown - C:\Programme\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe

Herzlichen Dank! :party:

@ DannyA4

Dein Log-File sieht wieder sauber aus.

Lesenswerte Lektüre die zur weiteren Absicherung deines Systems dient:
http://www.trojaner-board.de/showthread.php?t=13150
http://www.mathematik.uni-marburg.de...ompromise.html
http://faq.underflow.de/#SECTION000110000000000000000

Hallo Leute!

Habe jetzt einen anderen Rechner da, auf dem HijackThis auch was gefunden hat!
Wollte deswegen nicht gleich einen neuen Thread aufmachen..hier das File:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\Programme\Trend Micro\Internet Security\Tmntsrv.exe
C:\Programme\Trend Micro\Internet Security\tmproxy.exe
C:\Programme\Trend Micro\Internet Security\pccguide.exe
C:\Programme\Trend Micro\Internet Security\PCClient.exe
C:\Programme\Trend Micro\Internet Security\TMOAgent.exe
C:\Programme\Trend Micro\Internet Security\PccPfw.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
F:\Antivirus\HiJacker entfernung\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://a-search.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F2 - REG:system.ini: UserInit=Userinit.exe,TGBRFV_
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programme\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Programme\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Programme\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - Global Startup: Erinnerungen für Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT!http://d.dialer2004.com//paxan/main.chm::/load.exe
O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O23 - Service: InCD File System Service - AHEAD Software - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: Trend Micro Personal Firewall - Trend Micro Incorporated. - C:\Programme\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Incorporated. - C:\Programme\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service - Trend Micro Incorporated. - C:\Programme\Trend Micro\Internet Security\tmproxy.exe

und schonmal herzlichen Dank, für die Auswertung!!! :party:

Schaut es euch doch bitte mal kurz an!

Folgendes sollte gefixt werden:

Zitat:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://a-search.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
...
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT!http://d.dialer2004.com//paxan/main.chm::/load.exe
O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab

Lösche anschließend -sofern noch vorhanden- die folgenden Dateien manuell:

Zitat:

C:\MAIN.MHT
c:\programme\pl.exe
c:\explorer.cab

Super!!! Ist echt ein ganz tolles Forum hier!!
Hätte da noch ein Logfile...

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Programme\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\SoundMAX\Smtray.exe
C:\Programme\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Programme\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Programme\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\ICQ\ICQNet.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\freescan\freescan.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\WINDOWS\System32\wuauclt.exe
F:\Antivirus\HiJacker entfernung\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-search.cc/index.php?v=6&aff=4462246
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://best-search.cc/index.php?v=6&aff=4462246
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://best-search.cc/index.php?v=6&aff=4462246
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programme\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Programme\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Programme\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-DCCD-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.questnet.de/soft/ieloader.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mp3.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - C:\Programme\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Programme\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

Würdet ihr mir bitte noch einmal helfen?
:)
Hab übrigens bei diesem Kunden AD-Aware durchlaufen lassen und es wurden
tatsächlich 1592 Kritische Objekte gefunden!!!!

lass eScan drüberlaufen und poste hier die ergebnisse

download: http://www.mwti.net/antivirus/mwav.asp
anleitung: http://www.trojaner-board.de/42731-escan-anleitung.html

Hallo Leute...ihr habt es so gewollt! Hier das Logfile von eScan: ;-)

File C:\WINDOWS\System32\srpcsrv32.dll infected by "not-a-virus:AdWare.Xawm.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\spoolsrv32.exe infected by "not-a-virus:AdWare.FindSpy.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\spoolsrv32.exe infected by "not-a-virus:AdWare.FindSpy.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Gamer.AG-geg-10001.exe infected by "not-a-virus:PornWare.Dialer.Star" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\installer[ewa-10011,de].exe infected by "not-a-virus:PornWare.Dialer.Star" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\installer[hun-10051,de].exe infected by "not-a-virus:PornWare.Dialer.Intexdial" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ite-10031.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File C:\WINDOWS\System32\mac80ex.idf infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\netut80ex.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\srpcsrv32.dll infected by "not-a-virus:AdWare.Xawm.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\txfdb32.dll infected by "not-a-virus:AdWare.Xawm.a" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\PFLLER~1\LOKALE~1\Temp\~YG11.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Pfüller\Lokale Einstellungen\Temp\~YG11.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\Program Files\Altnet\Download Manager\adm.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Altnet\Download Manager\adm25.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Altnet\Download Manager\adm4.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Altnet\Download Manager\admdata.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Altnet\Download Manager\admdloader.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Altnet\Download Manager\admfdi.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Altnet\Download Manager\admprog.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GController.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP59\A0043540.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP59\A0043548.exe infected by "Trojan-Downloader.Win32.Small.alx" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP59\A0046029.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP59\A0046037.exe tagged as not-a-virus:Cracker.Game.HotHook. No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP59\A0046154.dll infected by "not-a-virus:AdWare.Altnet.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP59\A0046983.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP59\A0047175.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP59\A0047246.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP59\A0047336.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP59\A0047378.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP59\A0048393.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP62\A0052762.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP62\A0052796.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP62\A0052799.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP62\A0052802.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP62\A0053973.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0055359.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0055434.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0055491.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0055541.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0055610.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0055696.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0055746.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0055797.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0055921.dll infected by "not-a-virus:AdWare.Altnet.e" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0055934.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0055942.exe tagged as not-a-virus:Cracker.Game.HotHook. No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0055966.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0059226.dll infected by "not-a-virus:AdWare.ToolBar.SideFind" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0059228.dll infected by "not-a-virus:AdWare.ToolBar.SideFind" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0059230.exe infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0059232.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0059233.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0059236.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0059237.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0059238.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0059239.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0059240.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0059241.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0059242.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0059313.EXE infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP64\A0059314.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B803E234-B695-4EE5-919F-7605CE8A3A95}\RP66\A0059427.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\browserxtras\pn\remove.exe infected by "Trojan-Downloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Gamer.AG-geg-10001.exe infected by "not-a-virus:PornWare.Dialer.Star" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\installer[ewa-10011,de].exe infected by "not-a-virus:PornWare.Dialer.Star" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\installer[hun-10051,de].exe infected by "not-a-virus:PornWare.Dialer.Intexdial" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ite-10031.exe infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File C:\WINDOWS\system32\mac80ex.idf infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\netut80ex.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\srpcsrv32.dll infected by "not-a-virus:AdWare.Xawm.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\txfdb32.dll infected by "not-a-virus:AdWare.Xawm.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Adware\Setup_PerfectNav.exe infected by "Trojan-Downloader.Win32.Small.alx" Virus. Action Taken: No Action Taken.

Na, ihr wisst bestimmt nicht, wo ihr anfangen sollt oder? :lach:

Zitat:

Hallo Leute...ihr habt es so gewollt!

nein Du hast es so gewollt :)

Deinstalliere das Programm GTM und CMEII
lösche die Ordner dann kommplett
wechsle in den abgesicherten Modus Systemwiederherstellung deaktivieren
und lösche von Hand alle von eScan gefundenen dateien
lösche Deine temporary Internet Files

Zitat:

C:\System Volume Information\

die in dem Ordner stehen brauchst Du nicht von Hand löschen die sind nach einem Neustart weg
wenn Du das gemacht hast eScan nochmal im abgesicherten Modus laufen
lassen ergebnis mitteilen

Hallo Leute!

Hab schon wieder einen Rechner mit so einem Mist drauf!
Schaut doch bitte nochmal rein...

Logfile of HijackThis v1.99.0
Scan saved at 14:45:01, on 07.03.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {00615F9F-62B3-43CD-ABB3-B77A584A776D} - C:\WINDOWS\SYSTEM\APNE.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programme\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Programme\Trend Micro\Internet Security\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Programme\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Programme\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Programme\Trend Micro\Internet Security\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PccPfw] C:\Programme\Trend Micro\Internet Security\PccPfw.exe
O4 - HKLM\..\RunServices: [tmproxy] C:\Programme\Trend Micro\Internet Security\tmproxy.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\AOLACSD.EXE"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: AOL 8.0 Tray-Symbol.lnk = C:\Programme\AOL 8.0\aoltray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O18 - Filter: text/html - {89B9103D-C207-4525-AAC3-FD9570C4148C} - C:\WINDOWS\SYSTEM\APNE.DLL
O18 - Filter: text/plain - {89B9103D-C207-4525-AAC3-FD9570C4148C} - C:\WINDOWS\SYSTEM\APNE.DLL

Hab das Ding immer noch drauf! Hab ein wenig im Forum gelesen...braucht man einfach das SeSpfix - Tool drübelaufen zu lassen und gut is?

Zitat:

braucht man einfach das SeSpfix - Tool drübelaufen zu lassen und gut is?

So sollte es eigentlich mittlerweile sein! ;)
Teste es bitte einmal aus und berichte anschließend.
Danke!