Probleme mit Norton und Viren

[Bin Neu hier]

Hi, ich Hab Probleme mit meinem NAV 2005 und der Norton Personal Firewall!

Das Programm startes seit neuestem nicht mehr, seit ich einen neuen Virus draufbekommen hatte.

Er erstellte:

vnetbsh.dll
bbtlaaaa.dll
seclecli.ocx

Ich dachte ich hätte sie, aber sie kommen immer wieder.
RegEdit und Abgesicherter Modus ,sowie der Austausch der Dateien mit eigens kreierten Fake-Dateien nützen nichts.

Vor allem die "seclecli.ocx" gibt sich nicht geschlagen

Anbei die Log und StartUp Liste von HJT

Brauche dringend Hilfe !!!!!!!!!!!!

____________________________________________________________ ___

Code:

 LOGFILE

Logfile of HijackThis v1.99.1
Scan saved at 01:38:23, on 14.05.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Downloads\ANTI_VIRUS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startsearches.net/bar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freenet.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.startsearches.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SyncManager] C:\WINDOWS\cApp.exe /i
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ\ICQLite.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de
O15 - Trusted Zone: http://cgi.ebay.de
O15 - Trusted Zone: http://cgi1.ebay.de
O15 - Trusted Zone: http://signin.ebay.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{345D5EC0-250C-4E7B-8081-6A64F89DA362}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D791551-F4C8-4350-9136-5A64E54F3D0E}: NameServer = 192.168.178.20
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

____________________________________________________________ _____

STARTUP-LISTE


StartupList report, 14.05.2005, 01:41:38
StartupList version: 1.52.2
Started from : C:\Downloads\ANTI_VIRUS\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Downloads\ANTI_VIRUS\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Dokumente und Einstellungen\Holger\Startmenü\Programme\Autostart]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SyncManager = C:\WINDOWS\cApp.exe /i
CloneCDTray = "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
TkBellExe = "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
ControlPanel = C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
QuickTime Task = "C:\Programme\QuickTime\qttask.exe" -atboottime
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
ATIPTA = C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
ccApp = "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
Zone Labs Client = "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOn ce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOn ce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOn ce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOn ce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=
SCRNSAVE.EXE=C:\WINDOWS\System32\(T)RAU~1.SCR
drivers=

Shell & screensaver key from Registry:

Shell=Explorer.exe, msmsgs.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registrierungs-Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

Web assistant - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Meinen Computer prüfen - Holger.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Shockwave ActiveX Control]
CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/downlo...22/wmv9VCM.CAB

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\mswsock.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

a347bus: System32\DRIVERS\a347bus.sys (system)
a347scsi: System32\Drivers\a347scsi.sys (system)
Microsoft ACPI-Treiber: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel-Echounterdrückung: system32\drivers\aec.sys (manual start)
Umgebung für die AFD-Netzwerkunterstützung: \SystemRoot\System32\drivers\afd.sys (autostart)
Warndienst: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Gatewaydienst auf Anwendungsebene: %SystemRoot%\System32\alg.exe (manual start)
AMD K7-Prozessortreiber: System32\DRIVERS\amdk7.sys (system)
Anwendungsverwaltung: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASAPIW2K: System32\Drivers\ASAPIW2K.sys (manual start)
Aspi32: System32\drivers\aspi32.sys (autostart)
Asynchroner RAS -Medientreiber: System32\DRIVERS\asyncmac.sys (manual start)
Standard-IDE/ESDI-Festplattencontroller: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart)
ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)
ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)
Protokoll für ATM ARP-Client: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audiostubtreiber: System32\DRIVERS\audstub.sys (manual start)
Intelligenter Hintergrundübertragungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computerbrowser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Eumex 620 LAN: System32\drivers\capi20.sys (autostart)
Cdrdrv: System32\Drivers\Cdrdrv.sys (manual start)
CD-ROM-Laufwerktreiber: System32\DRIVERS\cdrom.sys (system)
Indexdienst: %SystemRoot%\system32\cisvc.exe (manual start)
Ablagemappe: %SystemRoot%\system32\clipsrv.exe (manual start)
C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start)
COM+-Systemanwendung: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Kryptografiedienste: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Telekom CapiPort: \SystemRoot\System32\drivers\detewecp.sys (autostart)
AVM FRITZ!web Routing Service: C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (disabled)
DHCP-Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Laufwerktreiber: System32\DRIVERS\disk.sys (system)
Verwaltungsdienst für die Verwaltung logischer Datenträger: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Treiber für die Verwaltung logischer Datenträger: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Verwaltung logischer Datenträger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel-DLS-Synthesizer: system32\drivers\DMusic.sys (manual start)
DNS-Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel-DRM-Audioentschlüsselung: system32\drivers\drmkaud.sys (manual start)
Telekom T-Eumex 520PC: System32\DRIVERS\dtwmnic5.sys (manual start)
EIO: \??\C:\WINDOWS\system32\drivers\EIO.sys (autostart)
ElbyCDFL: System32\Drivers\ElbyCDFL.sys (manual start)
ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart)
Fehlerberichterstattungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Ereignisprotokoll: %SystemRoot%\system32\services.exe (autostart)
COM+-Ereignissystem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Kompatibilität für schnelle Benutzerumschaltung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Diskettencontrollertreiber: System32\DRIVERS\fdc.sys (manual start)
Diskettenlaufwerktreiber: System32\DRIVERS\flpydisk.sys (manual start)
Treiber für Volume-Manager: System32\DRIVERS\ftdisk.sys (system)
Gameport-Enumerator: System32\DRIVERS\gameenum.sys (manual start)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
GEARSecurity: SYSTEM32\GEARSEC.EXE (autostart)
Standardpaketklassifizierung: System32\DRIVERS\msgpc.sys (manual start)
Hilfe und Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID-zu-Joystickanschlussaktivierung: System32\DRIVERS\hidgame.sys (manual start)
Eingabegerätezugang: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class-Treiber: System32\DRIVERS\hidusb.sys (manual start)
i8042-Tastatur- und PS/2-Mausanschluss-Treiber: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (manual start)
Filtertreiber für CD-Brennen: System32\DRIVERS\imapi.sys (system)
IMAPI-CD-Brenn-COM-Dienste: C:\WINDOWS\System32\imapi.exe (manual start)
Filtertreiber für IP-Verkehr: System32\DRIVERS\ipfltdrv.sys (manual start)
IP/IP-Tunneltreiber: System32\DRIVERS\ipinip.sys (manual start)
Übersetzer für IP-Netzwerkadressen: System32\DRIVERS\ipnat.sys (manual start)
IPSEC-Treiber: System32\DRIVERS\ipsec.sys (system)
IrDA-Protokoll: System32\DRIVERS\irda.sys (autostart)
IR-Enumeratordienst: System32\DRIVERS\irenum.sys (manual start)
Infrarotüberwachung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft serieller Infrarottreiber: System32\DRIVERS\irsir.sys (manual start)
PnP-ISA/EISA-Bus-Treiber: System32\DRIVERS\isapnp.sys (system)
I***Eng: C:\WINDOWS\System32\angelex.exe (disabled)
jnv4_mib: \??\C:\DOKUME~1\Holger\LOKALE~1\Temp\jnv4_mib.sys (manual start)
Tastaturklassentreiber: System32\DRIVERS\kbdclass.sys (system)
Tastatur-HID-Treiber: System32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel-Waveaudiomixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Arbeitsstationsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP-NetBIOS-Hilfsprogramm: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Nachrichtendienst: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting-Remotedesktop-Freigabe: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem-Datenstromfiltergerät: system32\drivers\MODEMCSA.sys (manual start)
Mausklassentreiber: System32\DRIVERS\mouclass.sys (system)
Maus-HID-Treiber: System32\DRIVERS\mouhid.sys (manual start)
Redirector für WebDav-Client: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Proxy für Streaming Quality Manager: system32\drivers\MSPQM.sys (manual start)
Microsoft MPU-401 MIDI UART-Treiber: system32\drivers\msmpu401.sys (manual start)
NAVENG: \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20050428.018\NAVE NG.Sys (manual start)
NAVEX15: \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20050428.018\NavE x15.Sys (manual start)
RAS-NDIS-TAPI-Treiber: System32\DRIVERS\ndistapi.sys (manual start)
NDIS-Benutzermodus-E/A-Protokoll: System32\DRIVERS\ndisuio.sys (manual start)
RAS-NDIS-WAN-Treiber: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS-Schnittstelle: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Netzwerk-DDE-Dienst: %SystemRoot%\system32\netdde.exe (manual start)
Netzwerk-DDE-Serverdienst: %SystemRoot%\system32\netdde.exe (manual start)
AVM FRITZ!web DSL PPP: System32\DRIVERS\NETFWDSL.SYS (manual start)
Anmeldedienst: %SystemRoot%\System32\lsass.exe (manual start)
Netzwerkverbindungen: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT-LM-Sicherheitsdienst: %SystemRoot%\System32\lsass.exe (manual start)
Wechselmedien: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Filtertreiber für IPX-Verkehr: System32\DRIVERS\nwlnkflt.sys (manual start)
Treiber für IPX-Verkehrsweiterleitung: System32\DRIVERS\nwlnkfwd.sys (manual start)
Treiber für parallelen Anschluss: System32\DRIVERS\parport.sys (manual start)
Pcatip: System32\DRIVERS\Pcatip.sys (manual start)
PCD65X2: \??\C:\DOKUME~1\Holger\LOKALE~1\Temp\PCD65X2.sys (manual start)
PCI-Bus-Treiber: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)
Plug & Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC-Dienste: %SystemRoot%\System32\lsass.exe (autostart)
WAN-Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Prozessortreiber: System32\DRIVERS\processr.sys (system)
StarForce Protection Environment Driver v6: \SystemRoot\System32\drivers\prodrv06.sys (system)
StarForce Protection Helper Driver v2: System32\drivers\prohlp02.sys (system)
StarForce Protection Synchronization Driver v1: System32\drivers\prosync1.sys (system)
Geschützter Speicher: %SystemRoot%\system32\lsass.exe (autostart)
QoS-Paketplaner: System32\DRIVERS\psched.sys (manual start)
Treiber für direkte Parallelverbindung: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Treiber für automatische RAS-Verbindung: System32\DRIVERS\rasacd.sys (system)
Verwaltung für automatische RAS-Verbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN-Miniport (IrDA): System32\DRIVERS\rasirda.sys (manual start)
WAN-Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
RAS-Verbindungsverwaltung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remotezugriff-PPPOE-Treiber: System32\DRIVERS\raspppoe.sys (manual start)
Parallelanschluss (direkt): System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Treiber für Terminalserver-Geräteumleitung: System32\DRIVERS\rdpdr.sys (manual start)
Sitzungs-Manager für Remotedesktophilfe: C:\WINDOWS\system32\sessmgr.exe (manual start)
Filtertreiber für digitale CD-Audiowiedergabe: System32\DRIVERS\redbook.sys (system)
Routing und RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote-Registrierung: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
RPC-Locator: %SystemRoot%\System32\locator.exe (manual start)
Remoteprozeduraufruf (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS-RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
NT-Treiber für Realtek RTL8029(AS)-basierter PCI-Ethernetadapter: System32\DRIVERS\RTL8029.SYS (manual start)
SaiH0109: System32\DRIVERS\SaiH0109.sys (manual start)
SaiMini: System32\DRIVERS\SaiMini.sys (manual start)
SaiNtBus: system32\drivers\SaiNtBus.sys (manual start)
SaiU0109: System32\DRIVERS\SaiU0109.sys (manual start)
Sicherheitskontenverwaltung: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\Programme\Norton AntiVirus\SAVRT.SYS (manual start)
SAVRTPEL: \??\C:\Programme\Norton AntiVirus\SAVRTPEL.SYS (system)
Security Agent: "C:\WINDOWS\system32\scagent.exe" start (disabled)
Smartcard-Hilfsprogramm: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smartcard: %SystemRoot%\System32\SCardSvr.exe (manual start)
Taskplaner: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Sekundäre Anmeldung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Systemereignisbenachrichtigung: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum-Filtertreiber: System32\DRIVERS\serenum.sys (manual start)
Treiber für seriellen Anschluss: System32\DRIVERS\serial.sys (system)
StarForce Protection Helper Driver: System32\drivers\sfhlp01.sys (system)
Shellhardwareerkennung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)
sony_ssm.sys: \??\C:\DOKUME~1\Holger\LOKALE~1\Temp\sony_ssm.sys (manual start)
SPBBCDrv: \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (manual start)
Microsoft Kernel-Audiosplitter: system32\drivers\splitter.sys (manual start)
Druckwarteschlange: %SystemRoot%\system32\spoolsv.exe (autostart)
Filtertreiber für Systemwiederherstellung: System32\DRIVERS\sr.sys (system)
Systemwiederherstellungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP-Suchdienst: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
SSHDRV65: \??\C:\WINDOWS\System32\drivers\SSHDRV65.sys (system)
SSHDRV76: \??\C:\WINDOWS\System32\drivers\SSHDRV76.sys (system)
SSHDRV77: \??\C:\WINDOWS\System32\drivers\SSHDRV77.sys (system)
SSHDRV84: \??\C:\WINDOWS\System32\drivers\SSHDRV84.sys (system)
SSHDRV85: \??\C:\WINDOWS\System32\drivers\SSHDRV85.sys (system)
Windows-Bilderfassung (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
SVKP: \??\C:\WINDOWS\System32\SVKP.sys (autostart)
Software-Bus-Treiber: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetablesynthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{61FC3190-0997-48F3-AED1-60AE0CD8F464} (manual start)
SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\Programme\Symantec\SYMEVENT.SYS (manual start)
SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
SYMIDSCO: \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20050303. 027\symidsco.sys (manual start)
symlcbrd: \??\C:\WINDOWS\System32\drivers\symlcbrd.sys (autostart)
SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
Microsoft Kernel-Systemaudiogerät: system32\drivers\sysaudio.sys (manual start)
Leistungsdatenprotokolle und Warnungen: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telefonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP-Protokolltreiber: System32\DRIVERS\tcpip.sys (system)
Terminal-Gerätetreiber: System32\DRIVERS\termdd.sys (system)
Terminaldienste: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Designs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)
Überwachung verteilter Verknüpfungen (Client): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TVICHW32: \??\C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS (manual start)
Telekom ISDN-Adapter (USB): System32\Drivers\ulisa.sys (manual start)
Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (disabled)
Microcode Updatetreiber: System32\DRIVERS\update.sys (manual start)
Upload-Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Universeller Plug & Play-Gerätehost: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Unterbrechungsfreie Stromversorgung: %SystemRoot%\System32\ups.exe (manual start)
Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller: System32\DRIVERS\usbehci.sys (manual start)
USB2-aktivierter Hub: System32\DRIVERS\usbhub.sys (manual start)
Miniporttreiber für Microsoft USB Open Host-Controller: System32\DRIVERS\usbohci.sys (manual start)
Microsoft USB-Druckerklasse: System32\DRIVERS\usbprint.sys (manual start)
USB-Scannertreiber: System32\DRIVERS\usbscan.sys (manual start)
USB-Massenspeichertreiber: System32\DRIVERS\USBSTOR.SYS (manual start)
uscbs108: System32\DRIVERS\uscbs108.sys (manual start)
uscsc108: System32\DRIVERS\uscsc108.sys (manual start)
SecuROM User Access Service (V7): C:\WINDOWS\System32\UAService7.exe (autostart)
U.S. Robotics 56K PCI Faxmodem Driver: System32\DRIVERS\USRpdA.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VOBID: System32\DRIVERS\vobid.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volumeschattenkopie: %SystemRoot%\System32\vssvc.exe (manual start)
Windows-Zeitgeber: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
RAS-IP-ARP-Treiber: System32\DRIVERS\wanarp.sys (manual start)
Treiber für Microsoft WINMM-WDM-Audiokompatibilität: system32\drivers\wdmaud.sys (manual start)
Webclient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows-Verwaltungsinstrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wlan1934: \??\C:\WINDOWS\System32\drivers\wlan1934.sys (autostart)
Dienst für Seriennummern der tragbaren Medien: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Treibererweiterungen für Windows-Verwaltungsinstrumentation: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI-Leistungsadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Konfigurationsfreie drahtlose Verbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Expl orer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Expl orer\Run

Ibs = C:\WINDOWS\ibs.exe
notepad.exe = msmsgs.exe
notepad2.exe = popuper.exe
winlogon.exe = msole32.exe
paint.exe = shnlog.exe

--------------------------------------------------

End of report, 34.506 bytes
Report generated in 0,141 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

[Ex McCloud]

LOG NACH ANWEISUG ENTFERNT

[Ex McCloud]

Excuse den Doppelpost

Desweiteren kann ich mich nicht mehr bei eBay Einloggen

PS: StartUp Liste


LOG NACH ANWEISUG ENTFERNT

[der_Tobi]

Dopplpost, >>>weiter geht's hier!!

[der_Tobi]

Hallo ExMcCloud,
bitte entferne das zweite Log durch editieren, da sein Informationsgehalt gen Null geht.

1. Lade Escan herunter: Escan Download
2. Entpacke die Datei mwav.exe oder mwav.zip in den Ordner c:\bases. Diesen Ordner musst Du vorher anlegen, und er muß genau so heißen.
3. Jetzt mit einem Doppelklick auf "kavupd.exe" erstmal aktualisieren.
4. Im abgesicherten Modus starten - dazu beim booten F8 drücken.
5. Doppelklick auf die Datei mwavscan.com im Ordner c:\bases.
6. Überprüfe die Einstellungen wie hier abgebildet:
   
7. Zum Schluss auf Scan drücken, dauert etwas länger. Wenn fertig, zurück in den normalen Modus wechseln.
8. Die Logdatei des Scans liegt ebenfalls unter C:\bases und heißt mwav.txt oder mwav.log. Diese öffnen. Daraus bitte nur die Zeilen, die ein "infected" enthalten, hier ins Forum kopieren. Tipp: Mit der Suchfunktion Strg+F findest Du sie schneller. Zum Schluss noch die Zusammenfassung ganz unten im Log posten.

Bitte starte Hijackthis. In der Anzeige, markiere die folgenden Punkte:
O4 - HKLM\..\Run: [SyncManager] C:\WINDOWS\cApp.exe /i
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
und drücke anschließend den "fix checked"-Button.
So, und jetzt ab ins Bett!
Gruß T

[Ex McCloud]

HJT hat geklappt, aber beim ausführen der KAVUpd.exe kommt das om DOS-Fenster:


KAV Updater DLL API
ANSI version.
Version: 4.0.2.5
Downloading
05/14/05 03:21:41 (STARTING) KAV Updater starts ''
05/14/05 03:21:41 (STARTING) Update from URL 'ftp://downloads1.kaspersky-labs.c
om/updates_x'
05/14/05 03:21:41 (CONNECTING) Connecting to the server 'downloads1.kaspersky-l
abs.com' processing...
05/14/05 03:21:41 (CONNECTING) Connecting to the Web-server 'downloads1.kaspers
ky-labs.com' Failed!
05/14/05 03:22:41 (STARTING) Update from URL 'ftp://downloads-us1.kaspersky-lab
s.com/updates_x'
05/14/05 03:22:41 (CONNECTING) Connecting to the server 'downloads-us1.kaspersk
y-labs.com' processing...
05/14/05 03:22:41 (CONNECTING) Connecting to the Web-server 'downloads-us1.kasp
ersky-labs.com' Failed!


mwavscan.com will nicht starten,weil es nicht aktuell ist.

Hab mir deshalb von http://www.mwti.net/antivirus/mwav.asp die neuste version geladen.

Aber dort verursacht mwavscan.com einen fehler und startet auch nicht.

PS: Ich hasse diese Probleme......

[Ex McCloud]

Hab das Problem gefixt.

Anbei die INFECTED-Liste:

Sat May 14 03:49:40 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Sat May 14 03:49:47 2005 => System found infected with IstBAR Spyware/Adware ({0985c112-2562-46f2-8da6-92648ba4630f})! Action

taken: No Action Taken.
Sat May 14 03:49:47 2005 => File System Found infected by "IstBAR Spyware/Adware" Virus. Action Taken: No Action Taken.

Sat May 14 03:49:47 2005 => System found infected with IstBAR Spyware/Adware ({67907b3c-a6ef-4a01-99ad-3fcd5f526429})! Action

taken: No Action Taken.
Sat May 14 03:49:47 2005 => File System Found infected by "IstBAR Spyware/Adware" Virus. Action Taken: No Action Taken.

Sat May 14 03:49:47 2005 => System found infected with Bargain Buddy Spyware/Adware ({8eee58d5-130e-4cbd-9c83-35a0564e2468})!

Action taken: No Action Taken.
Sat May 14 03:49:47 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action

Taken.

Sat May 14 03:49:47 2005 => System found infected with Bargain Buddy Spyware/Adware ({4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3})!

Action taken: No Action Taken.
Sat May 14 03:49:47 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action

Taken.

Sat May 14 03:49:47 2005 => System found infected with Bargain Buddy Spyware/Adware ({c6906a23-4717-4e1f-b6fd-f06ebed15678})!

Action taken: No Action Taken.
Sat May 14 03:49:47 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action

Taken.

Sat May 14 03:49:47 2005 => System found infected with Bargain Buddy Spyware/Adware ({8eee58d5-130e-4cbd-9c83-35a0564e5678})!

Action taken: No Action Taken.
Sat May 14 03:49:47 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action

Taken.

Sat May 14 03:49:48 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action

taken: No Action Taken.
Sat May 14 03:49:48 2005 => File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.

Sat May 14 03:49:48 2005 => System found infected with CoolWebSearch Spyware/Adware ({ee79d398-aaaf-47b1-8c9e-11f7d4c9111b})!

Action taken: No Action Taken.
Sat May 14 03:49:48 2005 => File System Found infected by "CoolWebSearch Spyware/Adware" Virus. Action Taken: No Action

Taken.

Sat May 14 03:49:48 2005 => System found infected with CoolWebSearch Spyware/Adware ({ac3f36d4-f905-4fe9-a926-eb937e66f591})!

Action taken: No Action Taken.
Sat May 14 03:49:48 2005 => File System Found infected by "CoolWebSearch Spyware/Adware" Virus. Action Taken: No Action

Taken.

Sat May 14 03:49:48 2005 => System found infected with adshooter Spyware/Adware ({c109664b-ceb1-420b-b353-d55a561536dd})!

Action taken: No Action Taken.
Sat May 14 03:49:48 2005 => File System Found infected by "adshooter Spyware/Adware" Virus. Action Taken: No Action Taken.

Sat May 14 03:49:48 2005 => System found infected with adshooter Spyware/Adware ({f43085a3-5fbd-4954-b7bf-00a8f1a1b9fe})!

Action taken: No Action Taken.
Sat May 14 03:49:48 2005 => File System Found infected by "adshooter Spyware/Adware" Virus. Action Taken: No Action Taken.

Sat May 14 03:49:49 2005 => Offending Folder C:\WINDOWS\nsdb present...
Sat May 14 03:49:49 2005 => System found infected with CoolWebSearch Spyware/Adware! Action taken: No Action Taken.
Sat May 14 03:49:49 2005 => File System Found infected by "CoolWebSearch Spyware/Adware" Virus. Action Taken: No Action

Taken.

Sat May 14 03:49:49 2005 => Offending value found in HKLM\Software\istsvc !!!
Sat May 14 03:49:49 2005 => System found infected with istbar Spyware/Adware! Action taken: No Action Taken.
Sat May 14 03:49:49 2005 => File System Found infected by "istbar Spyware/Adware" Virus. Action Taken: No Action Taken.

Sat May 14 03:49:49 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\DyF uCA !!!
Sat May 14 03:49:49 2005 => System found infected with DyFuCA Spyware/Adware! Action taken: No Action Taken.
Sat May 14 03:49:49 2005 => File System Found infected by "DyFuCA Spyware/Adware" Virus. Action Taken: No Action Taken.

Sat May 14 03:49:49 2005 => Offending value found in HKLM\Software\tmksoft !!!
Sat May 14 03:49:49 2005 => System found infected with CoolWebSearch Spyware/Adware! Action taken: No Action Taken.
Sat May 14 03:49:49 2005 => File System Found infected by "CoolWebSearch Spyware/Adware" Virus. Action Taken: No Action

Taken.

Sat May 14 03:49:49 2005 => Offending value found in HKCU\Software\ist !!!
Sat May 14 03:49:49 2005 => System found infected with istbar Spyware/Adware! Action taken: No Action Taken.
Sat May 14 03:49:49 2005 => File System Found infected by "istbar Spyware/Adware" Virus. Action Taken: No Action Taken.

Sat May 14 03:49:49 2005 => Offending value found in HKCU\Software\avenue media !!!
Sat May 14 03:49:49 2005 => Offending value found in HKCU\Software\policies\avenue media !!!
Sat May 14 03:49:49 2005 => System found infected with 180Solutions Spyware/Adware! Action taken: No Action Taken.
Sat May 14 03:49:49 2005 => File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.

Sat May 14 03:49:49 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\sea rchassistant

uninstall !!!
Sat May 14 03:49:49 2005 => System found infected with cws.blank Spyware/Adware! Action taken: No Action Taken.
Sat May 14 03:49:49 2005 => File System Found infected by "cws.blank Spyware/Adware" Virus. Action Taken: No Action Taken.

Sat May 14 03:49:49 2005 => Offending value found in HKLM\Software\bargains !!!
Sat May 14 03:49:49 2005 => System found infected with bargains Spyware/Adware! Action taken: No Action Taken.
Sat May 14 03:49:49 2005 => File System Found infected by "bargains Spyware/Adware" Virus. Action Taken: No Action Taken.

Sat May 14 03:49:49 2005 => Offending value found in HKLM\Software\cashback !!!
Sat May 14 03:49:49 2005 => System found infected with cashback Spyware/Adware! Action taken: No Action Taken.
Sat May 14 03:49:49 2005 => File System Found infected by "cashback Spyware/Adware" Virus. Action Taken: No Action Taken.

Sat May 14 03:49:49 2005 => Offending value found in HKCU\Software\iemenuextension !!!
Sat May 14 03:49:49 2005 => System found infected with iemenuextension Spyware/Adware! Action taken: No Action Taken.
Sat May 14 03:49:49 2005 => File System Found infected by "iemenuextension Spyware/Adware" Virus. Action Taken: No Action

Taken.

Sat May 14 03:49:49 2005 => Offending value found in HKLM\Software\exactutil !!!
Sat May 14 03:49:49 2005 => System found infected with exactutil Spyware/Adware! Action taken: No Action Taken.
Sat May 14 03:49:49 2005 => File System Found infected by "exactutil Spyware/Adware" Virus. Action Taken: No Action Taken.

Sat May 14 03:49:49 2005 => Offending value found in HKCU\Software\ezula !!!
Sat May 14 03:49:49 2005 => System found infected with mmod Spyware/Adware! Action taken: No Action Taken.
Sat May 14 03:49:49 2005 => File System Found infected by "mmod Spyware/Adware" Virus. Action Taken: No Action Taken.

Sat May 14 03:49:49 2005 => Offending value found in HKCU\Software\dr_s !!!
Sat May 14 03:49:49 2005 => System found infected with dr_s Spyware/Adware! Action taken: No Action Taken.
Sat May 14 03:49:49 2005 => File System Found infected by "dr_s Spyware/Adware" Virus. Action Taken: No Action Taken.

Sat May 14 03:49:50 2005 => System found infected with ezula Spyware/Adware (bbchk.exe)! Action taken: No Action Taken.
Sat May 14 03:49:50 2005 => File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.

Sat May 14 03:49:55 2005 => System found infected with cws.svcinit Spyware/Adware (mssys.exe)! Action taken: No Action Taken.
Sat May 14 03:49:55 2005 => File System Found infected by "cws.svcinit Spyware/Adware" Virus. Action Taken: No Action Taken.

Sat May 14 03:49:55 2005 => System found infected with cws.xplugin Spyware/Adware (xplugin.dll)! Action taken: No Action

Taken.
Sat May 14 03:49:55 2005 => File System Found infected by "cws.xplugin Spyware/Adware" Virus. Action Taken: No Action Taken.

Sat May 14 03:49:56 2005 => System found infected with cws.winproc32 Spyware/Adware (winproc32.exe)! Action taken: No Action

Taken.
Sat May 14 03:49:56 2005 => File System Found infected by "cws.winproc32 Spyware/Adware" Virus. Action Taken: No Action

Taken.

Sat May 14 03:50:17 2005 => File C:\WINDOWS\System32\b5s.dll infected by "Trojan-Dropper.Win32.Small.op" Virus. Action Taken:

No Action Taken.

Sat May 14 03:51:12 2005 => File C:\WINDOWS\System32\mcicgdec.dll infected by "Backdoor.Win32.PPdoor.j" Virus. Action Taken:

No Action Taken.

Sat May 14 03:55:29 2005 => File C:\Dokumente und

Einstellungen\Holger\Anwendungsdaten\Mozilla\Firefox\Profile s\79wxexnq.default\Cache\A3D23E5Bd01 infected by

"Trojan.Win32.Dialer.ht" Virus. Action Taken: No Action Taken.

Sat May 14 03:57:56 2005 => File C:\Downloads\ANTI_VIRUS\backups\backup-20050503-153106-507.dll infected by

"not-a-virus:AdWare.MediaTickets.f" Virus. Action Taken: No Action Taken.

Sat May 14 04:21:32 2005 => File C:\System Volume

Information\_restore{A401759C-14D6-473B-BE2E-369A71FFBB12}\RP254\A0264510.exe infected by "Trojan-Dropper.Win32.Small.ue"

Virus. Action Taken: No Action Taken.

Information\_restore{A401759C-14D6-473B-BE2E-369A71FFBB12}\RP254\A0265977.exe infected by "Trojan-Downloader.Win32.Small.ate"

Virus. Action Taken: No Action Taken.

Sat May 14 04:30:17 2005 => File C:\WINDOWS\system32\b5s.dll infected by "Trojan-Dropper.Win32.Small.op" Virus. Action Taken:

No Action Taken.

Sat May 14 04:36:31 2005 => File C:\WINDOWS\system32\mcicgdec.dll infected by "Backdoor.Win32.PPdoor.j" Virus. Action Taken:

No Action Taken.





Sat May 14 04:42:45 2005 => ***** Scanning complete. *****
Sat May 14 04:42:45 2005 => Virus Database Date: 2005/05/12
Sat May 14 04:42:45 2005 => Virus Database Count: 129400

Sat May 14 04:42:45 2005 => Scan Completed.


Sat May 14 04:42:46 2005 => Total Objects Scanned: 36289
Sat May 14 04:42:46 2005 => Total Virus(es) Found: 41
Sat May 14 04:42:46 2005 => Total Disinfected Files: 0
Sat May 14 04:42:46 2005 => Total Files Renamed: 0
Sat May 14 04:42:46 2005 => Total Deleted Objects: 0
Sat May 14 04:42:46 2005 => Total Errors: 23
Sat May 14 04:42:46 2005 => Time Elapsed: 00:53:45
Sat May 14 04:42:58 2005 => Virus Database Date: 2005/05/12
Sat May 14 04:42:58 2005 => Virus Database Count: 129400

[der_Tobi]

Hallo,
bitte lade
>>>Spybot Search& Detroy (kostenlos)<<< und
>>>CWShredder (kostenlos, Testversion)<<< herunter. Installiere und update beides und lasse damit Deinen PC reinigen. Die Reinigung selbstverständlich im abgesicherten Modus vornehmen lassen!
Gruß T

Edit: Außerdem möchte ich Dir folgende Lektüre empfehlen:
>>>Kochrezept, Schritt 2 und 3<<<
>>>Systempflege<<<
Du solltest die Verwendung des InternetExplorer als Browser überdenken. Alternativen wie Firefox und Opera haben einen deutlichen Sicherheitsvorsprung behalten, obwohl sie immer beliebter werden.

[Ex McCloud]

OK hab alles gemacht, spybot hat noch ca 40 gefunden und behoben, aber die Probleme bleiben.

Aba das wird sich nächste Woche erübrigen, da ich mich entschieden habe, alles zu formatieren.

Dann kommen vielleicht auch keine fehlermeldungen mehr, wenn ich Win XP SP2 installieren will.

PS: THX für die Hilfe und das Kochrezept, ich hab ne Menge gelernt