mailware 32win bitte euch einen blick auf mein hijack this log zu werfen

#1 hallo der pc meines freundes scheint verseucht zu sein,
einige warnungen von adaware werden angezeigt : mailware 32win
hier das hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 14:48:38, on 10.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\mozilla.org\Mozilla\mozilla.exe
C:\Programme\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://office.freenet.de/dienste/emailoffice/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ls-electronic.de
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\system32\nzdd.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\bdswitch.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender8\bdnagent.exe
O4 - HKLM\..\Run: [BDMCon] C:\Programme\Softwin\BitDefender8\bdmcon.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.ls-electronic.de
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/180solutions/ie/bridge-c336.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B93917A-8D6F-48DC-966B-113FEB437080}: NameServer = 213.191.74.12 213.191.92.84
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4E32F9E-4823-473A-962A-8585D376DD31}: NameServer = 0.0.0.0
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

weiß allein nicht weiter hoffe ihr könnt mir weiterhelfen

ach ja habe auch ein e scan durchlaufen lassen.
hier der e scan log:

--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Thu Nov 10 14:11:13 2005 => System found infected with websearch toolbar Spyware/Adware ({15ad6789-cdb4-47e1-a9da-992ee8e6bad6})! Action taken: No Action Taken.
2: Thu Nov 10 14:11:13 2005 => System found infected with windupdates.media pass Spyware/Adware ({1e5f0d38-214b-4085-ad2a-d2290e6a2d2c})! Action taken: No Action Taken.
3: Thu Nov 10 14:11:13 2005 => System found infected with netzip Spyware/Adware ({200ceb6f-cca5-11d0-9439-00609758e95a})! Action taken: No Action Taken.
4: Thu Nov 10 14:11:13 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
5: Thu Nov 10 14:11:13 2005 => System found infected with websearch toolbar Spyware/Adware ({15ad6789-cdb4-47e1-a9da-992ee8e6bad6})! Action taken: No Action Taken.
6: Thu Nov 10 14:11:13 2005 => System found infected with windupdates.media pass Spyware/Adware ({735c5a0c-f79f-47a1-8ca1-2a2e482662a8})! Action taken: No Action Taken.
7: Thu Nov 10 14:11:40 2005 => System found infected with media pass Spyware/Adware ({15696ae2-6ea4-47f4-bea6-a3d32693efc7})! Action taken: No Action Taken.
8: Thu Nov 10 14:11:40 2005 => System found infected with media pass Spyware/Adware ({00ada225-ea6c-4fb3-82e8-68189201ccb9})! Action taken: No Action Taken.
9: Thu Nov 10 14:11:40 2005 => System found infected with netzip Spyware/Adware ({ebcdda5f-2a68-11d3-8a43-0060083cfb9c})! Action taken: No Action Taken.
10: Thu Nov 10 14:11:40 2005 => System found infected with windupdates.media pass Spyware/Adware ({735c5a0c-f79f-47a1-8ca1-2a2e482662a8})! Action taken: No Action Taken.
11: Thu Nov 10 14:11:42 2005 => Offending file found: C:\WINDOWS\DOWNLO~1\mediagatewayx.dll
12: Thu Nov 10 14:11:42 2005 => System found infected with winupdates.mediagateway Adware (mediagatewayx.dll)! Action taken: No Action Taken.
13: Thu Nov 10 14:11:43 2005 => Offending file found: C:\WINDOWS\system32\ide21201.vxd
14: Thu Nov 10 14:11:43 2005 => System found infected with windupdate Spyware/Adware (ide21201.vxd)! Action taken: No Action Taken.
15: Thu Nov 10 14:11:43 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
16: Thu Nov 10 14:11:43 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
17: Thu Nov 10 14:11:45 2005 => System found infected with media access Spyware/Adware (mediagateway.exe)! Action taken: No Action Taken.
18: Thu Nov 10 14:11:45 2005 => System found infected with media access Spyware/Adware (mediagateway.exe)! Action taken: No Action Taken.
19: Thu Nov 10 14:18:13 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Thu Nov 10 14:11:01 2005 => File C:\PROGRA~2\MEDIAG~1\MEDIAG~1.EXE tagged as "not-a-virus:AdWare.Win32.WinAD.bj". Action Taken: No Action Taken.
2: Thu Nov 10 14:23:11 2005 => File C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll tagged as "not-a-virus:AdWare.Win32.WinAD.bg". Action Taken: No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Thu Nov 10 14:10:55 2005 => ERROR!!! Invalid Entry BDSwitchAgent = C:\Programme\Softwin\BitDefender8\bdswitch.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
2: Thu Nov 10 14:10:55 2005 => ERROR!!! Invalid Entry BDOESRV = C:\Programme\Softwin\BitDefender8\bdoesrv.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
3: Thu Nov 10 14:10:55 2005 => ERROR!!! Invalid Entry BDNewsAgent = C:\Programme\Softwin\BitDefender8\bdnagent.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
4: Thu Nov 10 14:10:55 2005 => ERROR!!! Invalid Entry BDMCon = C:\Programme\Softwin\BitDefender8\bdmcon.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
5: Thu Nov 10 14:11:49 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\system32\cmmgr32.exe". Action Taken: No Action Taken.
6: Thu Nov 10 14:11:49 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ICSI.exe" refers to invalid object "C:\Programme\ICSI\Multi-Card Reader & Flash Disk\ICSI.exe". Action Taken: No Action Taken.
7: Thu Nov 10 14:11:49 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\YourApp.exe" refers to invalid object "C:\Programme\Chicony\Multimedia Keyboard Driver Ver1.0 (KB-0108)\YourApp.exe". Action Taken: No Action Taken.
8: Thu Nov 10 14:11:49 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7EA1DE37-E9C8-4DC1-B043-22546899B187}". Action Taken: No Action Taken.
9: Thu Nov 10 14:11:49 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{96A80FEF-C479-4A88-9190-3AED7DC49FA3}". Action Taken: No Action Taken.
10: Thu Nov 10 14:11:51 2005 => Entry "HKCR\CLSID\{5CE44120-E684-11D2-9F08-00A0C98E9EA4}" refers to invalid object "C:\Programme\Creative\ShareDLL\CTStillCapture.ax". Action Taken: No Action Taken.
11: Thu Nov 10 14:11:52 2005 => Entry "HKCR\CLSID\{C16F618E-0B1A-426B-9216-1F588AE91F60}" refers to invalid object "C:\Programme\Ahead\nero\APHandler.dll". Action Taken: No Action Taken.
12: Thu Nov 10 14:11:54 2005 => Entry "HKCR\TypeLib\{D0571F19-8904-40B6-8DDB-EBEA4F72B09D}" refers to invalid object "C:\Programme\Ahead\nero\APHandler.dll". Action Taken: No Action Taken.
13: Thu Nov 10 14:11:54 2005 => Entry "HKCR\.acl" refers to invalid object "ACLFile". Action Taken: No Action Taken.
14: Thu Nov 10 14:11:54 2005 => Entry "HKCR\.aw" refers to invalid object "AWFile". Action Taken: No Action Taken.
15: Thu Nov 10 14:11:54 2005 => Entry "HKCR\.col" refers to invalid object "COLFile". Action Taken: No Action Taken.
16: Thu Nov 10 14:11:54 2005 => Entry "HKCR\.elm" refers to invalid object "ELMFile". Action Taken: No Action Taken.
17: Thu Nov 10 14:11:54 2005 => Entry "HKCR\.ffa" refers to invalid object "FFAFile". Action Taken: No Action Taken.
18: Thu Nov 10 14:11:54 2005 => Entry "HKCR\.ffl" refers to invalid object "FFLFile". Action Taken: No Action Taken.
19: Thu Nov 10 14:11:54 2005 => Entry "HKCR\.fft" refers to invalid object "FFTFile". Action Taken: No Action Taken.
20: Thu Nov 10 14:11:54 2005 => Entry "HKCR\.ffx" refers to invalid object "FFXFile". Action Taken: No Action Taken.
21: Thu Nov 10 14:11:54 2005 => Entry "HKCR\.lex" refers to invalid object "LEXFile". Action Taken: No Action Taken.
22: Thu Nov 10 14:11:54 2005 => Entry "HKCR\.opc" refers to invalid object "OPCFile". Action Taken: No Action Taken.
23: Thu Nov 10 14:11:54 2005 => Entry "HKCR\.pip" refers to invalid object "PIPFile". Action Taken: No Action Taken.
24: Thu Nov 10 14:11:54 2005 => Entry "HKCR\.stf" refers to invalid object "STFFile". Action Taken: No Action Taken.
25: Thu Nov 10 14:11:54 2005 => Entry "HKCR\.tuw" refers to invalid object "TUWFile". Action Taken: No Action Taken.
26: Thu Nov 10 14:11:54 2005 => Entry "HKCR\.wll" refers to invalid object "Word.Addin.8". Action Taken: No Action Taken.
27: Thu Nov 10 14:11:54 2005 => Entry "HKCR\AcroExch.Document.7" refers to invalid object "{B801CA65-A1FC-11D0-85AD-444553540000}". Action Taken: No Action Taken.
28: Thu Nov 10 14:11:54 2005 => Entry "HKCR\AcroExch.XDPDoc" refers to invalid object "{B801CA65-A1FC-11D0-85AD-444553540000}". Action Taken: No Action Taken.
29: Thu Nov 10 14:11:55 2005 => Entry "HKCR\AcroPDF.PDF" refers to invalid object "{CA8A9780-280D-11CF-A24D-444553540000}". Action Taken: No Action Taken.
30: Thu Nov 10 14:11:55 2005 => Entry "HKCR\AcroPDF.PDF.1" refers to invalid object "{CA8A9780-280D-11CF-A24D-444553540000}". Action Taken: No Action Taken.
31: Thu Nov 10 14:11:55 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
32: Thu Nov 10 14:11:55 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
33: Thu Nov 10 14:11:55 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\system32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
34: Thu Nov 10 14:11:55 2005 => Entry "HKCR\eldfile\shell\open\command" refers to invalid object "C:\Programme\Rongshu software\Easy Label Designer\ELD.exe "%1"". Action Taken: No Action Taken.
35: Thu Nov 10 14:11:56 2005 => Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken.
36: Thu Nov 10 14:11:56 2005 => Entry "HKCR\php3_auto_file\shell\open\command" refers to invalid object ""C:\Program files\WinFast\WFTVFM\WFIEPG.exe" %1". Action Taken: No Action Taken.
37: Thu Nov 10 14:11:56 2005 => Entry "HKCR\pl_auto_file\shell\open\command" refers to invalid object ""C:\Program files\WinFast\WFTVFM\WFIEPG.exe" %1". Action Taken: No Action Taken.
38: Thu Nov 10 14:11:56 2005 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
39: Thu Nov 10 14:11:57 2005 => Entry "HKCR\tvpi_auto_file\shell\open\command" refers to invalid object ""C:\Program files\WinFast\WFTVFM\WFIEPG.exe" %1". Action Taken: No Action Taken.
40: Thu Nov 10 14:11:57 2005 => Entry "HKCR\tvvi_auto_file\shell\open\command" refers to invalid object ""C:\Program files\WinFast\WFTVFM\WFIEPG.exe" %1". Action Taken: No Action Taken.

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Thu Nov 10 14:32:26 2005 => Total Objects Scanned: 59159
Thu Nov 10 14:32:26 2005 => Total Virus(es) Found: 21
Thu Nov 10 14:32:26 2005 => Total Errors: 40
Thu Nov 10 14:32:26 2005 => Virus Database Date: 2005/11/10
Thu Nov 10 14:32:26 2005 => Virus Database Count: 160380
Thu Nov 10 14:38:02 2005 => Total Objects Scanned: 59159
Thu Nov 10 14:38:02 2005 => Total Virus(es) Found: 21
Thu Nov 10 14:38:02 2005 => Total Errors: 40


Danke schon mal im voraus für eure hilfe
gruß melaberlin

#2 melaberlin

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\system32\nzdd.dll
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/180solutions/ie/bridge-c336.cab

PC neustarten

KILLBOX
http://virus-protect.org/killbox.html

Delete File on Reboot -- anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll
C:\Program Files\Media Gateway\MediaGateway.exe
C:\WINDOWS\system32\ide21201.vxd
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat
C:\WINDOWS\system32\nzdd.dll

PC neustarten

loesche:
C:\Program Files\Media Gateway

CCleaner
http://virus-protect.org/temp.html
lösche alle temp-Dateien

counterspy
http://virus-protect.org/counterspy.html

nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu
__________
MfG Sabina

rund um die PC-Sicherheit

#3 hallo sabina,

alles erledigt (glaub ich zumindest*gg*)

hier mein neues hijack this log :

Logfile of HijackThis v1.99.1
Scan saved at 16:24:56, on 10.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\mozilla.org\Mozilla\mozilla.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://office.freenet.de/dienste/emailoffice/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ls-electronic.de
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\bdswitch.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender8\bdnagent.exe
O4 - HKLM\..\Run: [BDMCon] C:\Programme\Softwin\BitDefender8\bdmcon.exe
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.ls-electronic.de
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B93917A-8D6F-48DC-966B-113FEB437080}: NameServer = 213.191.74.12 213.191.92.84
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4E32F9E-4823-473A-962A-8585D376DD31}: NameServer = 0.0.0.0
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

hoffe damit sind wir alle probs los ;o)
gruß melaberlin