Trojaner-Board - Hijacker u. Escan-Log (Tip von Chaosman)

Hab nei Escan nur die gefunde Objekte gepostet, d sonst zu viele Zeilen sind.

Escan
------
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "WhenU.SaveNow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SpywareNo!/SpySheriff Commercial KeyLogger" found in File System! Action Taken: No Action Taken.
Object "SpywareNo!/SpySheriff Commercial KeyLogger" found in File System! Action Taken: No Action Taken.
Object "SpywareNo!/SpySheriff Commercial KeyLogger" found in File System! Action Taken: No Action Taken.
Object "SpywareNo!/SpySheriff Commercial KeyLogger" found in File System! Action Taken: No Action Taken.
Object "SpywareNo!/SpySheriff Commercial KeyLogger" found in File System! Action Taken: No Action Taken.
Object "SpywareNo!/SpySheriff Commercial KeyLogger" found in File System! Action Taken: No Action Taken.
Object "SpywareNo!/SpySheriff Commercial KeyLogger" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SmartFinder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "WhenU/SaveNow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "EasySearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "roings Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SpywareNo!/SpySheriff Commercial KeyLogger" found in File System! Action Taken: No Action Taken.
File C:\DOKUME~1\Sven\LOKALE~1\TEMPOR~1\Content.IE5\KNZXQ3GR\1[1].htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\DOKUME~1\Sven\LOKALE~1\TEMPOR~1\Content.IE5\KNZXQ3GR\count[1].htm infected by "Trojan-Downloader.JS.Inor.a" Virus! Action Taken: No Action Taken.
File C:\DOKUME~1\Sven\LOKALE~1\TEMPOR~1\Content.IE5\KNZXQ3GR\outxxx[1].jpg infected by "Trojan-Downloader.Win32.Small.azk" Virus! Action Taken: No Action Taken.
File C:\DOKUME~1\Sven\LOKALE~1\TEMPOR~1\Content.IE5\KNZXQ3GR\s14[1].htm infected by "Exploit.Win32.MS05-013.gen" Virus! Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Sven\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KNZXQ3GR\1[1].htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Sven\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KNZXQ3GR\count[1].htm infected by "Trojan-Downloader.JS.Inor.a" Virus! Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Sven\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KNZXQ3GR\outxxx[1].jpg infected by "Trojan-Downloader.Win32.Small.azk" Virus! Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Sven\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KNZXQ3GR\s14[1].htm infected by "Exploit.Win32.MS05-013.gen" Virus! Action Taken: No Action Taken.
File C:\ms32.tmp infected by "Trojan-Downloader.Win32.Small.azk" Virus! Action Taken: No Action Taken.

HiJackThis
---------
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\SoundMAX\SMTray.exe
C:\Programme\ASUS\Probe\AsusProb.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programme\Internet Explorer\iexplore.exe
G:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.12.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://192.168.12.199
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ASUS Probe] C:\Programme\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [apidw.exe] C:\WINDOWS\system32\apidw.exe
O4 - HKLM\..\Run: [sdkep.exe] C:\WINDOWS\sdkep.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\ypager.exe" -quiet
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar3.dll/cmsimilar.html
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O15 - Trusted Zone: http://www.tomtech.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB15DA7-5370-47FD-B9FC-2E82F2484194}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{890746E3-CB38-4027-9A49-7AEBD8354409}: NameServer = 85.255.113.124,85.255.112.15

Also ich hab keine Ahnung was ich jetzt noch weiter machen soll. Scheinbar kriegt kein Killer diese Mist runter.

Thx, Sven