Problem mit werbe popups , spyware scanner findet nichts mehr :(

27907 files scanned, 16 file(s) infected on your disk drives.

   
  No viruses were detected in memory.

Your computer is free of known threats.  Virus Detection does not check compressed files.

Your computer appears safe for now.  For real-time protection from viruses, hackers and privacy threats, upgrade to Norton Internet Security?.
 
No viruses were detected in memory.

The scan was cancelled before finishing. To restart the scan, click here.

Your computer is free of known threats.  Virus Detection does not check compressed files.

Your computer appears safe for now.  For real-time protection from viruses, hackers and privacy threats, upgrade to Norton Internet Security?. 

Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information.
 
Warning! The scan detected a virus that is active in your computer's memory. 
The scan ended to prevent further infection. 

You should shut down your computer immediately and restart it with an antivirus rescue disk or similar tool.
 

No viruses were detected in memory.

Your computer is infected with at least one known virus or Trojan horse.

Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information.
 

No viruses were detected in memory.

Your computer is infected with at least one known virus or Trojan horse.

Note: The scan was cancelled before finishing. There may be more infected files on this computer.

Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information.
 

A scan has not been run. To start Virus Detection, click here.

C:\Dokumente und Einstellungen\Skinhead\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0YTJAZCK\smart[1].exe is infected with Adware.DollarRevenue  
C:\WINDOWS\eeedo.exe is infected with Adware.Popuppers  
C:\WINDOWS\eee2.exe is infected with Adware.Popuppers  
C:\WINDOWS\spool\mc-110-12-0000141.exe is infected with Adware.MaxSearch  
C:\WINDOWS\spool\newdr.exe is infected with Adware.DollarRevenue  
C:\WINDOWS\TEMP\cmdinst.exe is infected with Spyware.ISearch  
C:\WINDOWS\SYSTEM32\TFTP1048 is infected with W32.Spybot.Worm  
C:\WINDOWS\SYSTEM32\iubyq.dll is infected with Adware.Purityscan  
C:\WINDOWS\SYSTEM32\config\systemprofile\Desktop\freeprodtb.exe is infected with Adware.MaxSearch  
C:\WINDOWS\SYSTEM32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E990OQ56\smart[1].exe is infected with Adware.DollarRevenue  
C:\WINDOWS\SYSTEM32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E990OQ56\gimmysmileys2[1].exe is infected with Adware.DollarRevenue  
C:\WINDOWS\SYSTEM32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E990OQ56\installer[1].exe is infected with Spyware.ISearch  
C:\WINDOWS\SYSTEM32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E990OQ56\eeedo[1].exe is infected with Adware.Popuppers  
C:\WINDOWS\SYSTEM32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\I4PEAUTK\drsmartload[1].exe is infected with Spyware.ISearch  
C:\WINDOWS\SYSTEM32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0YTJAZCK\mc-110-12-0000228[1].exe is infected with Adware.MaxSearch  
C:\WINDOWS\SYSTEM32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0YTJAZCK\freeprodtb[1].exe is infected with Adware.MaxSearch  

[03/15/2006, 0:58:27] - VirtumundoBeGone v1.5 ( C:\Dokumente und Einstellungen\Skinhead\Desktop\VirtumundoBeGone.exe )
[03/15/2006, 0:58:35] - Detected System Information:
[03/15/2006, 0:58:35] - Windows Version: 5.1.2600, 
[03/15/2006, 0:58:35] - Current Username: Skinhead (Admin)
[03/15/2006, 0:58:35] - Windows is in NORMAL mode.
[03/15/2006, 0:58:35] - Searching for Browser Helper Objects:
[03/15/2006, 0:58:35] - BHO 1: {5770593C-9283-B302-A51B-EE1CF29FEFBB} ()
[03/15/2006, 0:58:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/15/2006, 0:58:35] - Checking for HKLM\...\Winlogon\Notify\iubyq
[03/15/2006, 0:58:35] - Key not found: HKLM\...\Winlogon\Notify\iubyq, continuing.
[03/15/2006, 0:58:35] - BHO 2: {6D33B121-5C4C-4450-9D1F-7B67085CC199} (WTLHelper Object)
[03/15/2006, 0:58:35] - BHO 3: {E5A1691B-D188-4419-AD02-90002030B8EE} (FlashFXP Helper for Internet Explorer)
[03/15/2006, 0:58:35] - Finished Searching Browser Helper Objects
[03/15/2006, 0:58:35] - Finishing up...
[03/15/2006, 0:58:35] - Nothing found! Exiting...

---------------------------------------------------------
 ewido anti-malware - Scan Report
---------------------------------------------------------

 + Erstellt am:		07:40:12, 15.03.2006
 + Report-Checksumme:	2F4DAEB0

 + Scanergebnis:

	HKU\.DEFAULT\Software\Effective-i -> Adware.EffectiveBrandToolbar : Gesäubert mit Backup
	HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Gesäubert mit Backup
	HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Gesäubert mit Backup
	HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Gesäubert mit Backup
	HKU\S-1-5-18\Software\Effective-i -> Adware.EffectiveBrandToolbar : Gesäubert mit Backup
	HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Gesäubert mit Backup
	HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Gesäubert mit Backup
	HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Gesäubert mit Backup
	C:\WINDOWS\SYSTEM32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0YTJAZCK\surv3[1].exe -> Downloader.VB.vv : Gesäubert mit Backup
	C:\WINDOWS\SYSTEM32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E990OQ56\smart[1].exe -> Downloader.Adload.t : Gesäubert mit Backup
	C:\WINDOWS\SYSTEM32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E990OQ56\eeedo[1].exe/eee2.exe -> Adware.MediaMotor : Gesäubert mit Backup
	C:\WINDOWS\SYSTEM32\TFTP1048 -> Backdoor.Rbot.aie : Gesäubert mit Backup
	C:\WINDOWS\surv3.exe -> Downloader.VB.vv : Gesäubert mit Backup
	C:\WINDOWS\eeedo.exe/eee2.exe -> Adware.MediaMotor : Gesäubert mit Backup
	C:\WINDOWS\eee2.exe -> Adware.MediaMotor : Gesäubert mit Backup
	C:\WINDOWS\spool\newdr.exe -> Downloader.Adload.t : Gesäubert mit Backup
	C:\Dokumente und Einstellungen\Skinhead\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0YTJAZCK\smart[1].exe -> Downloader.Adload.t : Gesäubert mit Backup
	C:\Dokumente und Einstellungen\Skinhead\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0YTJAZCK\krank2[1] -> Not-A-Virus.Exploit.HTML.Mht : Gesäubert mit Backup
	C:\Dokumente und Einstellungen\Skinhead\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PMUOZZ6E\krank2[1] -> Not-A-Virus.Exploit.HTML.Mht : Gesäubert mit Backup
	C:\Dokumente und Einstellungen\Skinhead\Lokale Einstellungen\Temporary Internet Files\Content.IE5\G5AV09AV\Eingang[1].htm -> Not-A-Virus.Exploit.HTML.Mht : Gesäubert mit Backup
	C:\Dokumente und Einstellungen\Skinhead\Lokale Einstellungen\Temporary Internet Files\Content.IE5\G5AV09AV\Start-Seite[1].htm -> Not-A-Virus.Exploit.HTML.Mht : Gesäubert mit Backup
	C:\Dokumente und Einstellungen\Skinhead\Lokale Einstellungen\Temporary Internet Files\Content.IE5\G5AV09AV\Download[1].htm -> Not-A-Virus.Exploit.HTML.Mht : Gesäubert mit Backup
	C:\Dokumente und Einstellungen\Skinhead\Cookies\[email protected][2].txt -> TrackingCookie.Adition : Gesäubert mit Backup
	C:\Dokumente und Einstellungen\Skinhead\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Gesäubert mit Backup
	C:\Dokumente und Einstellungen\Skinhead\Cookies\skinhead@komtrack[2].txt -> TrackingCookie.Komtrack : Gesäubert mit Backup
	C:\Dokumente und Einstellungen\Skinhead\Cookies\skinhead@ivwbox[2].txt -> TrackingCookie.Ivwbox : Gesäubert mit Backup
	C:\Dokumente und Einstellungen\Skinhead\Cookies\skinhead@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Gesäubert mit Backup
	C:\Dokumente und Einstellungen\Skinhead\Cookies\[email protected][2].txt -> TrackingCookie.Onestat : Gesäubert mit Backup
	C:\Dokumente und Einstellungen\Skinhead\Cookies\[email protected][2].txt -> TrackingCookie.I12 : Gesäubert mit Backup
	C:\Dokumente und Einstellungen\Skinhead\Cookies\skinhead@bfast[1].txt -> TrackingCookie.Bfast : Gesäubert mit Backup
	C:\Dokumente und Einstellungen\Skinhead\Cookies\skinhead@valueclick[2].txt -> TrackingCookie.Valueclick : Gesäubert mit Backup
	C:\Dokumente und Einstellungen\Skinhead\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Gesäubert mit Backup
	C:\Dokumente und Einstellungen\Skinhead\Cookies\skinhead@doubleclick[1].txt -> TrackingCookie.Doubleclick : Gesäubert mit Backup
	C:\Dokumente und Einstellungen\Skinhead\Cookies\skinhead@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Gesäubert mit Backup
	C:\Dokumente und Einstellungen\Skinhead\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Gesäubert mit Backup
	C:\Dokumente und Einstellungen\Skinhead\Cookies\skinhead@atdmt[2].txt -> TrackingCookie.Atdmt : Gesäubert mit Backup


::Report Ende

Logfile of HijackThis v1.99.1
Scan saved at 07:52:18, on 15.03.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Windows NT\Zubehör\WORDPAD.EXE
C:\Programme\Windows NT\Zubehör\WORDPAD.EXE
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\Programme\Eset\nod32krn.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Windows NT\Zubehör\WORDPAD.EXE
C:\Dokumente und Einstellungen\Skinhead\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\System32\vtsrp.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\RunServices: [Microsoft Command C] winhost32.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: Win32 Classes - 
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/url]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://acs.pandasoftware.com/activescan/as5free/asinst.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD72AE8D-4D0D-4675-80C0-375BD84EC7CF}: NameServer = 62.72.64.237 62.72.64.241
O20 - Winlogon Notify: vtsrp - C:\WINDOWS\System32\vtsrp.dll
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

REGEDIT4

;Probier mal,ob es funktioniert!Mopao
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices]
Microsoft Command C=-

Logfile of HijackThis v1.99.1
Scan saved at 20:29:54, on 15.03.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\Programme\Eset\nod32krn.exe
C:\Dokumente und Einstellungen\Skinhead\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: Win32 Classes - 
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/url]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://acs.pandasoftware.com/activescan/as5free/asinst.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD72AE8D-4D0D-4675-80C0-375BD84EC7CF}: NameServer = 62.72.64.237 62.72.64.241
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run >Run.txt
notepad Run.txt

reg query HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices >RunServices.txt
notepad RunServices.txt

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices