Hi,
wie könnte es denn nun weitergehen. Die Systemwiederherstellung habe ich ausgeschalten.
Hier noch mal die Hijackthis Auswertung.
Die zeile O4 - HKLM\..\RunServices: [Driver32] Overwritten when removing W32/Sircam-A, please delete, kommt nach dem löschen aber wieder.
Wie kriege ich das Mistding endgültig raus?
Logfile of HijackThis v1.99.1
Scan saved at 09:48:10, on 24.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\Sophos\AutoUpdate\ALMon.exe
C:\Programme\FRITZ!\FriFax32.exe
C:\Programme\FRITZ!\FriFon32.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\Microsoft Office XP\Office10\OUTLOOK.EXE
C:\Programme\Sophos\AutoUpdate\ALsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\Microsoft Office XP\Office10\WINWORD.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Admin\LOKALE~1\Temp\Rar$EX00.076\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AWMON] C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
O4 - HKLM\..\RunServices: [Driver32] Overwritten when removing W32/Sircam-A, please delete.
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Ad-Watch SE Professional.lnk = C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Programme\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: FRITZ!fax.lnk = C:\Programme\FRITZ!\FriFax32.exe
O4 - Global Startup: FRITZ!fon.lnk = C:\Programme\FRITZ!\FriFon32.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office XP\Office10\OSA.EXE
O4 - Global Startup: Microsoft Outlook.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Sophos AutoUpdate Service (ActiveLinkClient) - Unknown owner - C:\Programme\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe