Warning: your computer might be infected with spyware...

#1 Guten Tag,

Habe die Meldung aus dem Titel auf meinem Bildschirm gehabt und in Panik viele Sachen gemacht, die den PC volkommen lahmlegten.

Ein Freund hat ihn wenigstens wieder zum Laufen gebracht.

Ich kann aber nicht das SP2 über den IE runterladen. Der IE hat zwar die
Verbindung zu Microsoft, aber zeigt dann nichts mehr an.

Die Suche-Funktion aus rechte-Maustaste-Start erstellt zwar den Rahmen, aber die Funktionen erscheinen nicht.

Ausserdem habe ich die Datei mssearchnet.exe unter dem Pfad c:/windows/system32.

Soviel erstmal zu meinen Problemen.

Logfile of HijackThis v1.99.1
Scan saved at 15:37:54, on 04.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\DOKUME~1\Siegmar\LOKALE~1\Temp\Temporäres Verzeichnis 4 für hijackthis_199.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Programme\Security Toolbar\Security Toolbar.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MedionShop - {07E3F115-C445-480D-94CB-ECA914A353CE} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04a30f04300bfbf27206/netzip/RdxIE601_de.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://www2.service.t-online.de/dyn/c/23/34/15/2334156.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE60CE46-C8A7-4F46-9B82-19496EE1E875}: NameServer = 217.237.150.33 217.237.151.161
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O23 - Service: IS Service (ISSVC) - Unknown owner - C:\Programme\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Unknown owner - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Für Hilfe vielen Dank im Voraus.

Grüsse

#2 Bei dir herscht etwas Chaos. Sprich es gibt viel was halbherzig gereinigt wurde. Ich kann mir schon vorstellen, das dein Rechner zur Zeit deshalb etwas durcheinander ist.
Vieleicht reicht das entfernen folgender Dinge ja, aber ich wuerde doch eher zu neu aufsetzen raten.

Kopiere Hijackthis bitte in einen extra Ordner und fie das(anhaken und fix checked druecken)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Programme\Security Toolbar\Security Toolbar.dll (file missing)
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04a30f04300bfbf27206/netzip/RdxIE601_de.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://www2.service.t-online.de/dyn/c/23/34/15/2334156.html
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O23 - Service: IS Service (ISSVC) - Unknown owner - C:\Programme\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Unknown owner - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

schaue, ob du unter Software noch Symantec oder Norton Eintraege finden kannst, die du noh deinstalliert bekommst.

Nachtrag: Bist du wirklich auf "Google Desktop Search" angewiesen? Also hier at das auf einen Rechner nicht viel gebracht, ausser, das die Performance total in dn Keller gegangen ist.
__________
MfG Ralf
SEO-Spam Hunter

#3 So, hab ich gemacht.

Kein weiterer Eintrag für Norton in Software zu finden.

Sicher, kann ich auf "Google Desktop Search" verzichten, wenn der PC nur wieder sicher läuft.

Hier das neue Log.

Logfile of HijackThis v1.99.1
Scan saved at 19:40:14, on 04.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\DOKUME~1\Siegmar\LOKALE~1\Temp\$wc\HIJACK~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MedionShop - {07E3F115-C445-480D-94CB-ECA914A353CE} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE60CE46-C8A7-4F46-9B82-19496EE1E875}: NameServer = 217.237.150.33 217.237.151.161
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O23 - Service: IS Service (ISSVC) - Unknown owner - C:\Programme\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Hab aber auch noch weitere Probleme.
Dafür ein Virusscan von Escan. Ich glaube, das ist sehr beeindruckend. Mich hats ganz schön erschreckt.

Neu aufsetzen wäre für mich die schlechtere Lösung. Hab nach 2 Umzügen die CD oder DVD (weiß noch nicht mal mehr das), die es zum Computer gab, aus den Augen verloren.


--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: -------------------- INFECTED --------------------
2: 1: Fri Nov 04 16:47:06 2005 => System found infected with netster Spyware/Adware ({56336bcb-3d8a-11d6-a00b-0050da18de71})! Action taken: No Action Taken.
3: 2: Fri Nov 04 16:47:06 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
4: 3: Fri Nov 04 16:47:06 2005 => System found infected with netster Spyware/Adware ({56336bcb-3d8a-11d6-a00b-0050da18de71})! Action taken: No Action Taken.
5: 4: Fri Nov 04 16:47:07 2005 => Offending file found: C:\WINDOWS\TEMP\nis\support\helpmsi\external\disable.dll
6: 5: Fri Nov 04 16:47:07 2005 => System found infected with clientman Spyware/Adware (disable.dll)! Action taken: No Action Taken.
7: 6: Fri Nov 04 16:47:10 2005 => Offending file found: C:\Dokumente und Einstellungen\Siegmar\Lokale Einstellungen\temp\nav\support\help\external\common\symshare\help\disable.dll
8: 7: Fri Nov 04 16:47:10 2005 => System found infected with clientman Spyware/Adware (disable.dll)! Action taken: No Action Taken.
9: 8: Fri Nov 04 16:47:10 2005 => Offending file found: C:\Dokumente und Einstellungen\Siegmar\Lokale Einstellungen\temp\nis\support\helpmsi\external\disable.dll
10: 9: Fri Nov 04 16:47:10 2005 => System found infected with clientman Spyware/Adware (disable.dll)! Action taken: No Action Taken.
11: 10: Fri Nov 04 16:47:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Siegmar\Lokale Einstellungen\temporary internet files\content.ie5\0x234123\common[1].js
12: 11: Fri Nov 04 16:47:14 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
13: 12: Fri Nov 04 16:47:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Siegmar\Lokale Einstellungen\temporary internet files\content.ie5\89a78deb\common[1].js
14: 13: Fri Nov 04 16:47:14 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
15: 14: Fri Nov 04 16:47:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Siegmar\Lokale Einstellungen\temporary internet files\content.ie5\gdifkhin\common[1].js
16: 15: Fri Nov 04 16:47:14 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
17: 16: Fri Nov 04 16:47:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Siegmar\Lokale Einstellungen\temporary internet files\content.ie5\olmrspuv\common[1].js
18: 17: Fri Nov 04 16:47:15 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
19: 18: Fri Nov 04 16:47:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Siegmar\Lokale Einstellungen\Temporary Internet Files\content.ie5\0x234123\common[1].js
20: 19: Fri Nov 04 16:47:15 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
21: 20: Fri Nov 04 16:47:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Siegmar\Lokale Einstellungen\Temporary Internet Files\content.ie5\89a78deb\common[1].js
22: 21: Fri Nov 04 16:47:15 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
23: 22: Fri Nov 04 16:47:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Siegmar\Lokale Einstellungen\Temporary Internet Files\content.ie5\gdifkhin\common[1].js
24: 23: Fri Nov 04 16:47:15 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
25: 24: Fri Nov 04 16:47:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Siegmar\Lokale Einstellungen\Temporary Internet Files\content.ie5\olmrspuv\common[1].js
26: 25: Fri Nov 04 16:47:15 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
27: 26: Fri Nov 04 16:47:16 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
28: 27: Fri Nov 04 16:47:16 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
29: 28: Fri Nov 04 16:47:16 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client(3)\settings.dat
30: 29: Fri Nov 04 16:47:16 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
31: 30: Fri Nov 04 16:47:16 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client(4)\settings.dat
32: 31: Fri Nov 04 16:47:16 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
33: 30: Fri Nov 04 16:47:16 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client(4)\settings.dat
34: 32: Fri Nov 04 16:48:41 2005 => File C:\WINDOWS\system32\mscornet.exe infected by "Trojan-Dropper.Win32.Agent.zv" Virus! Action Taken: No Action Taken.
35: 33: Fri Nov 04 16:48:46 2005 => File C:\WINDOWS\system32\mssearchnet.exe infected by "Trojan-Downloader.Win32.Zlob.ap" Virus! Action Taken: No Action Taken.
36: 34: Fri Nov 04 16:48:53 2005 => File C:\WINDOWS\system32\nvctrl.exe infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
37: 35: Fri Nov 04 16:56:42 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
38: 36: Fri Nov 04 17:14:11 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP103\A0060767.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
39: 37: Fri Nov 04 17:14:12 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP103\A0062767.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
40: 38: Fri Nov 04 17:14:13 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0062783.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
41: 39: Fri Nov 04 17:14:41 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063226.exe infected by "not-virus:Hoax.Win32.Renos.b" Virus! Action Taken: No Action Taken.
42: 40: Fri Nov 04 17:14:41 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063237.exe infected by "not-virus:Hoax.Win32.Renos.b" Virus! Action Taken: No Action Taken.
43: 41: Fri Nov 04 17:14:41 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063241.exe infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken.
44: 42: Fri Nov 04 17:14:41 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063242.exe infected by "Trojan-Downloader.Win32.Small.vu" Virus! Action Taken: No Action Taken.
45: 43: Fri Nov 04 17:14:41 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063243.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken.
46: 44: Fri Nov 04 17:14:52 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063411.exe infected by "Trojan-Downloader.Win32.Zlob.ap" Virus! Action Taken: No Action Taken.
47: 45: Fri Nov 04 17:14:52 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063412.exe infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
48: 46: Fri Nov 04 17:14:52 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063413.exe infected by "Trojan-Dropper.Win32.Agent.zv" Virus! Action Taken: No Action Taken.
49: 47: Fri Nov 04 17:15:17 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0063789.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
50: 48: Fri Nov 04 17:15:20 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0063899.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
51: 49: Fri Nov 04 17:15:20 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0063907.exe infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
52: 50: Fri Nov 04 17:15:21 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0063913.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
53: 51: Fri Nov 04 17:15:21 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0063925.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
54: 52: Fri Nov 04 17:15:21 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0064925.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
55: 53: Fri Nov 04 17:15:22 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0064939.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
56: 54: Fri Nov 04 17:15:22 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0065934.exe infected by "Trojan-Downloader.Win32.Small.vu" Virus! Action Taken: No Action Taken.
57: 55: Fri Nov 04 17:15:22 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0065939.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
58: 56: Fri Nov 04 17:15:23 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0065956.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
59: 57: Fri Nov 04 17:15:43 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066345.exe infected by "not-virus:Hoax.Win32.Renos.b" Virus! Action Taken: No Action Taken.
60: 58: Fri Nov 04 17:15:43 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066348.exe infected by "not-virus:Hoax.Win32.Renos.b" Virus! Action Taken: No Action Taken.
61: 59: Fri Nov 04 17:15:43 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066352.exe infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken.
62: 60: Fri Nov 04 17:15:43 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066353.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken.
63: 61: Fri Nov 04 17:16:01 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066764.exe infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
64: 62: Fri Nov 04 17:16:07 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066788.exe infected by "Trojan-Downloader.Win32.Zlob.ap" Virus! Action Taken: No Action Taken.
65: 63: Fri Nov 04 17:16:07 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066789.exe infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
66: 64: Fri Nov 04 17:16:07 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066790.exe infected by "Trojan-Dropper.Win32.Agent.zv" Virus! Action Taken: No Action Taken.
67: 65: Fri Nov 04 17:16:10 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066801.exe infected by "Trojan-Downloader.Win32.Zlob.ap" Virus! Action Taken: No Action Taken.
68: 66: Fri Nov 04 17:16:10 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066802.exe infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
69: 67: Fri Nov 04 17:16:10 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066803.exe infected by "Trojan-Dropper.Win32.Agent.zv" Virus! Action Taken: No Action Taken.
70: 68: Fri Nov 04 17:16:11 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0066829.exe infected by "Trojan-Downloader.Win32.Zlob.ap" Virus! Action Taken: No Action Taken.
71: 69: Fri Nov 04 17:16:11 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0066830.exe infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
72: 70: Fri Nov 04 17:16:11 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0066831.exe infected by "Trojan-Dropper.Win32.Agent.zv" Virus! Action Taken: No Action Taken.
73: 71: Fri Nov 04 17:16:24 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0069085.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
74: 72: Fri Nov 04 17:16:25 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0070085.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
75: 73: Fri Nov 04 17:16:25 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0071085.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
76: 74: Fri Nov 04 17:16:25 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0072085.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
77: 75: Fri Nov 04 17:16:26 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0073085.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
78: 76: Fri Nov 04 17:16:26 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0074085.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
79: 77: Fri Nov 04 17:16:27 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0075085.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
80: 78: Fri Nov 04 17:16:27 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0076085.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
81: 79: Fri Nov 04 17:16:28 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP109\A0076101.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
82: 80: Fri Nov 04 17:18:24 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP112\A0080037.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
83: 81: Fri Nov 04 17:18:24 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP112\A0080038.exe infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.
84: 82: Fri Nov 04 17:37:25 2005 => File C:\WINDOWS\system32\mscornet.exe infected by "Trojan-Dropper.Win32.Agent.zv" Virus! Action Taken: No Action Taken.
85: 83: Fri Nov 04 17:37:29 2005 => File C:\WINDOWS\system32\mssearchnet.exe infected by "Trojan-Downloader.Win32.Zlob.ap" Virus! Action Taken: No Action Taken.
86: 84: Fri Nov 04 17:37:34 2005 => File C:\WINDOWS\system32\nvctrl.exe infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken.

--------------------------------------------------

--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------

1: C:\WINDOWS\system32\mscornet.exe => Trojan-Dropper.Win32.Agent.zv
2: C:\WINDOWS\system32\mssearchnet.exe => Trojan-Downloader.Win32.Zlob.ap
3: C:\WINDOWS\system32\nvctrl.exe => Trojan.Win32.StartPage.afj
4: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP103\A0060767.tlb => Trojan.Win32.StartPage.afj
5: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP103\A0062767.tlb => Trojan.Win32.StartPage.afj
6: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0062783.tlb => Trojan.Win32.StartPage.afj
7: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063226.exe => not-virus:Hoax.Win32.Renos.b
8: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063237.exe => not-virus:Hoax.Win32.Renos.b
9: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063241.exe => Trojan.Win32.Small.ev
10: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063242.exe => Trojan-Downloader.Win32.Small.vu
11: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063243.dll => Trojan.Win32.Promoter.c
12: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063411.exe => Trojan-Downloader.Win32.Zlob.ap
13: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063412.exe => Trojan.Win32.StartPage.afj
14: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063413.exe => Trojan-Dropper.Win32.Agent.zv
15: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0063789.tlb => Trojan.Win32.StartPage.afj
16: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0063899.tlb => Trojan.Win32.StartPage.afj
17: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0063907.exe => Trojan.Win32.StartPage.afj
18: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0063913.tlb => Trojan.Win32.StartPage.afj
19: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0063925.tlb => Trojan.Win32.StartPage.afj
20: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0064925.tlb => Trojan.Win32.StartPage.afj
21: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0064939.tlb => Trojan.Win32.StartPage.afj
22: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0065934.exe => Trojan-Downloader.Win32.Small.vu
23: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0065939.tlb => Trojan.Win32.StartPage.afj
24: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0065956.tlb => Trojan.Win32.StartPage.afj
25: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066345.exe => not-virus:Hoax.Win32.Renos.b
26: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066348.exe => not-virus:Hoax.Win32.Renos.b
27: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066352.exe => Trojan.Win32.Small.ev
28: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066353.dll => Trojan.Win32.Promoter.c
29: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066764.exe => Trojan.Win32.StartPage.afj
30: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066788.exe => Trojan-Downloader.Win32.Zlob.ap
31: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066789.exe => Trojan.Win32.StartPage.afj
32: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066790.exe => Trojan-Dropper.Win32.Agent.zv
33: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066801.exe => Trojan-Downloader.Win32.Zlob.ap
34: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066802.exe => Trojan.Win32.StartPage.afj
35: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066803.exe => Trojan-Dropper.Win32.Agent.zv
36: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0066829.exe => Trojan-Downloader.Win32.Zlob.ap
37: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0066830.exe => Trojan.Win32.StartPage.afj
38: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0066831.exe => Trojan-Dropper.Win32.Agent.zv
39: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0069085.tlb => Trojan.Win32.StartPage.afj
40: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0070085.tlb => Trojan.Win32.StartPage.afj
41: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0071085.tlb => Trojan.Win32.StartPage.afj
42: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0072085.tlb => Trojan.Win32.StartPage.afj
43: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0073085.tlb => Trojan.Win32.StartPage.afj
44: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0074085.tlb => Trojan.Win32.StartPage.afj
45: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0075085.tlb => Trojan.Win32.StartPage.afj
46: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0076085.tlb => Trojan.Win32.StartPage.afj
47: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP109\A0076101.tlb => Trojan.Win32.StartPage.afj
48: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP112\A0080037.tlb => Trojan.Win32.StartPage.afj
49: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP112\A0080038.exe => Trojan.Win32.StartPage.afj

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Fri Nov 04 17:42:35 2005 => Total Objects Scanned: 119447
Fri Nov 04 17:42:35 2005 => Total Virus(es) Found: 69
Fri Nov 04 17:42:35 2005 => Total Errors: 768
Fri Nov 04 17:42:35 2005 => Virus Database Date: 2005/11/04
Fri Nov 04 17:42:35 2005 => Virus Database Count: 158165
Fri Nov 04 17:49:34 2005 => Total Objects Scanned: 119447
Fri Nov 04 17:49:34 2005 => Total Virus(es) Found: 69
Fri Nov 04 17:49:34 2005 => Total Errors: 768


Vielen Dank erstmal für die ersten Schritte.

Gruss, Siegmar

#4 Na sieh an. ich hoffe escancheck hat die Dateien nun geloescht. Nicht vergessen das zu fixen( am besten im abgesicherten Modus):

O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O23 - Service: IS Service (ISSVC) - Unknown owner - C:\Programme\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)

Wie gesagt, richtig Rund werden wir es wohl nicht zum Laufen bekommen.
__________
MfG Ralf
SEO-Spam Hunter

#5 Hallo Ralf,

Gelöscht hab ich die Trojaner.

Kann immer noch nicht SP2 mit IE runterladen.

Hab grade auch noch festgestellt, dass sich, wie beim IE (wenn ich die Microsoftseite aufrufe) auch die Systemwiederherstellung nur als Rahmen aufbaut ohne die Funktionen anzuzeigen.

Wenn ich mich jetzt doch zum neu aufsetzen entschließe, wo kann ich da Infos bekommen, wie man das macht? Irgendeine Anleitung, die Idoit ist.

Für die Hilfe jedenfalls vielen Dank.

Guss, Siegmar

#6 Mach ein Onlinescan bei Panda und poste das log
http://www.pandasoftware.com/products/activescan.htm
Danach ein scan mit Ewido Security Suite
und poste das log
http://virus-protect.org/ewido.html

Es gibt noch ein Tool aber man sollte es nicht zusammen mit Microsoft AntiSpyware benutzen!
CounterSpy
http://virus-protect.org/counterspy.html
__________
MfG Argus

#7 Ja, es gibt reichlich tipps, wie man neu aufsetzen kann. z.B.

http://board.protecus.de/t13020.htm
http://cidres-security.de/neuaufsetzen.html

und andere

Achja, das sp2 kannst du nicht herunterladen, da du es shon instaliert hast!
__________
MfG Ralf
SEO-Spam Hunter