Bin ein Laie und weiss nicht wie ich das System in den Griff bekomme.
Kann mir ein begnadeter Spezialist, beim Durchblick des Logfile, auf die Sprünge helfen?
Danke
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08:45, am 15.02.2010
Plattform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot-Modus: Normal
Laufende Prozesse:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Programme \ Panda Security \ Panda Internet Security 2010 \ TPSrv.exe
C: \ PROGRAMME \ Panda Security \ Panda Internet Security 2010 \ WebProxy.exe
C: \ WINDOWS \ system32 \ BRSVC01A.EXE
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ Programme \ Adobe \ Photoshop Elements 6.0 \ PhotoshopElementsFileAgent.exe
C: \ Programme \ Brother \ BRAdmin Professional 3 \ bratimer.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Programme \ Java \ JRE6 \ bin \ jqs.exe
C: \ Programme \ Panda Security \ Panda Internet Security 2010 \ PsCtrls.exe
C: \ Programme \ Panda Security \ Panda Internet Security 2010 \ PavFnSvr.exe
C: \ Programme \ Gemeinsame Dateien \ Panda Security \ PavShld \ pavprsrv.exe
C: \ WINDOWS \ system32 \ IoctlSvc.exe
c: \ programme \ Panda Security \ Panda Internet Security 2010 \ Firewall \ PSHOST.EXE
C: \ Programme \ Panda Security \ Panda Internet Security 2010 \ psimsvc.exe
C: \ Programme \ Panda Security \ Panda Internet Security 2010 \ PskSvc.exe
C: \ Programme \ Sunrise \ bin \ sprtsvc.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Programme \ TuneUp Utilities 2010 \ TuneUpUtilitiesService32.exe
C: \ Programme \ Panda Security \ Panda Internet Security 2010 \ pavsrv51.exe
C: \ Programme \ Panda Security \ Panda Internet Security 2010 \ AVENGINE.EXE
C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe
C: \ Programme \ TuneUp Utilities 2010 \ TuneUpUtilitiesApp32.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Programme \ Panda Security \ Panda Internet Security 2010 \ APVXDWIN.EXE
C: \ Programme \ Nuance-PDF Professional 6 \ pdfpro6hook.exe
C: \ WINDOWS \ NeroCheck.exe
C: \ WINDOWS \ SOUNDMAN.EXE
C: \ Programme \ Google \ GoogleToolbarNotifier \ GoogleToolbarNotifier.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ WINDOWS \ system32 \ AVRUGAD.EXE
C: \ Dokumente und Einstellungen \ All Users \ Anwendungsdaten \ FLEXnet \ Connect \ 11 \ ISUSPM.exe
C: \ Programme \ Microsoft ActiveSync \ Wcescomm.exe
C: \ Programme \ Gemeinsame Dateien \ Ahead \ Lib \ NMBgMonitor.exe
C: \ PROGRA ~ 1 \ MI3AA1 ~ 1 \ rapimgr.exe
C: \ Programme \ Logitech \ SetPoint \ SetPoint.exe
C: \ Programme \ Gemeinsame Dateien \ Ahead \ Lib \ NMIndexingService.exe
C: \ Programme \ Gemeinsame Dateien \ Ahead \ Lib \ NMIndexStoreSvr.exe
C: \ Programme \ Gemeinsame Dateien \ Logishrd \ KHAL2 \ KHALMNPR.EXE
C: \ Programme \ Panda Security \ Panda Internet Security 2010 \ srvload.exe
C: \ Programme \ Panda Security \ Panda Internet Security 2010 \ PavBckPT.exe
C: \ WINDOWS \ imaqe.exe
C: \ Programme \ Mozilla Firefox \ firefox.exe
C: \ Programme \ HijackThis \ HijackThis.exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://www.google.com/ie
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://www.google.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://eu.ask.com?o=14200&l=dis
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://ie.search.msn.com/ SUB_RFC1766 () / srchasst / srchasst.htm
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.ngohq.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = http://www.google.com/ie
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, Default_Search_URL = http://www.google.com/ie
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = http://www.google.com/ie
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, (Default) = http://www.google.com / keyword /% s
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings, ProxyOverride = localhost
R3 - URLSearchHook: BHO Class - (00000000-6E41-4FD3-8538-502F5495E5FC) - C: \ Programme \ Ask.com \ GenericAskToolbar.dll
R3 - URLSearchHook: Max DE Toolbar - (53b7f561-e49d-4a38-bc38-0f2642cee09c) - C: \ Programme \ Max_DE \ tbMax_.dll
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Programme \ Gemeinsame Dateien \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: Max DE Toolbar - (53b7f561-e49d-4a38-bc38-0f2642cee09c) - C: \ Programme \ Max_DE \ tbMax_.dll
O2 - BHO: PlusIEEventHelper Class - (551A852F-39A6-44a7-9C13-AFBEC9185A9D) - C: \ Programme \ Nuance-PDF Professional 6 \ Bin \ PlusIEContextMenu.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Programme \ Google \ Google Toolbar \ GoogleToolbar_32.dll
O2 - BHO: Google Toolbar - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programme \ Google \ GoogleToolbarNotifier \ 5.5.4723.1820 \ swg.dll
O2 - BHO: Ask Toolbar BHO - (D4027C7F-154A-4066-A1AD-4243D8127440) - C: \ Programme \ Ask.com \ GenericAskToolbar.dll
O2 - BHO: ZeonIEEventHelper Class - (DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9) - C: \ Programme \ Nuance-PDF Professional 6 \ Bin \ ZeonIEFavClient.dll
O2 - BHO: Java ™ Plug-In 2 SSV Helper - (DBC80044-A445-435B-BC74-9C25C1C588A9) - C: \ Programme \ Java \ JRE6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Programme \ Java \ JRE6 \ lib \ deploy \ JQS \ dh \ jqs_plugin.dll
O3 - Toolbar: Nuance PDF - (E3286BF1-E654-42ff-B4A6-5E111731DF6B) - C: \ Programme \ Nuance-PDF Professional 6 \ Bin \ ZeonIEFavClient.dll
O3 - Toolbar: Max DE Toolbar - (53b7f561-e49d-4a38-bc38-0f2642cee09c) - C: \ Programme \ Max_DE \ tbMax_.dll
O3 - Toolbar: FrostWire Toolbar - (D4027C7F-154A-4066-A1AD-4243D8127440) - C: \ Programme \ Ask.com \ GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C: \ Programme \ Google \ Google Toolbar \ GoogleToolbar_32.dll
O4 - HKLM \ … \ Run: [avgnt] „C: \ Programme \ Panda Security \ Panda Internet Security 2010 \ avgnt.exe“ / s
O4 - HKLM \ … \ Run: [TkBellExe] „C: \ Programme \ Panda Security \ Panda Internet Security 2010 \ Inicio.exe“
O4 - HKLM \ … \ Run: [PDFHook] C: \ Programme \ Nuance-PDF Professional 6 \ pdfpro6hook.exe
O4 - HKLM \ … \ Run: [PDF6 Registry Controller] C: \ Programme \ Nuance-PDF Professional 6 \ RegistryController.exe
O4 - HKLM \ … \ Run: [Logitech Utility] NeroCheck.exe
O4 - HKLM \ … \ Run: [Kernel und Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM \ … \ Run: [Google Quick Search Box] „C: \ Programme \ Google \ Quick Search Box \ GoogleQuickSearchBox.exe“ / autorun
O4 - HKLM \ … \ Run: [ControlCenter3] C: \ Programme \ Brother \ ControlCenter3 \ brctrcen.exe / autorun
O4 - HKLM \ … \ Run: [ControlCenter2.0] C: \ Programme \ Brother \ ControlCenter2 \ brctrcen.exe / autorun
O4 - HKLM \ … \ Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM \ … \ Run: [Winsock2 driver] AVRUGAD.EXE
O4 - HKLM \ … \ Run: [JMB36X Configure] C: \ WINDOWS \ system32 \ boot JMRaidTool.exe
O4 - HKLM \ … \ Run: [test] imaqe.exe
O4 - HKCU \ … \ Run: [ICQ] „C: \ Programme \ Google \ GoogleToolbarNotifier \ GoogleToolbarNotifier.exe“
O4 - HKCU \ … \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ … \ Run: [ISUSPM] „C: \ Dokumente und Einstellungen \ All Users \ Anwendungsdaten \ FLEXnet \ Connect \ 11 \ ISUSPM.exe“-scheduler
O4 - HKCU \ … \ Run: [H / PC Connection Agent] „C: \ Programme \ Microsoft ActiveSync \ Wcescomm.exe“
O4 - HKCU \ … \ Run: [BgMonitor_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)] „C: \ Programme \ Gemeinsame Dateien \ Ahead \ Lib \ NMBgMonitor.exe“
O4 - HKCU \ … \ Run: [Winsock2 driver] AVRUGAD.EXE
O4 - HKCU \ … \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ Macromed \ Flash \ FlashUtil10d.exe
O4 - HKUS \ S-1-5-19 \ … \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User ‚LOKALER DIENST‘)
O4 - HKUS \ S-1-5-20 \ … \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User ‚NETZWERKDIENST‘)
O4 - HKUS \ S-1-5-18 \ … \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User ‚SYSTEM‘)
O4 - HKUS . DEFAULT \ … \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User ‚Default user‘)
O4 - Startup: Logitech SetPoint.lnk = C: \ Programme \ Logitech \ SetPoint \ SetPoint.exe
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Restrictions Gegenwart
O7 - HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System, DisableRegedit = 1
O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - res: / / C: \ Programme \ Nuance-PDF Professional 6 \ Bin \ ZeonIEFavClient.dll / ZeonIEAppend.HTML
O8 - Extra context menu item: Google Sidewiki … - Res: / / C: \ Programme \ Google \ Google Toolbar \ Component \ GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: In & neuem Fenster öffnen - C: \ Dokumente und Einstellungen \ Vicini Egon \ Anwendungsdaten \ TuneUp Software \ TuneUp Utilities \ Web \ tuofinw.htm
O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - res: / / C: \ Programme \ Nuance-PDF Professional 6 \ Bin \ ZeonIEFavClient.dll / ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Linkinhalt ein vorhandene PDF-Datei anhängen - res: / / C: \ Programme \ Nuance-PDF Professional 6 \ Bin \ ZeonIEFavClient.dll / ZeonIEAppend.HTML
O8 - Extra context menu item: Mit & Google suchen - C: \ Dokumente und Einstellungen \ Vicini Egon \ Anwendungsdaten \ TuneUp Software \ TuneUp Utilities \ Web \ gsearch.htm
O8 - Extra context menu item: Mit Nuance PDF Converter 6.0 öffnen - res: / / C: \ Programme \ Nuance-PDF Professional 6 \ cnvres_ger.dll / 100
O8 - Extra context menu item: Mit PDF Professional 6 öffnen - res: / / C: \ Programme \ Nuance-PDF Professional 6 \ Bin \ PlusIEContextMenu.dll / PlusIEContextMenu.htm
O8 - Extra context menu item: Nach Microsoft & Excel exportieren - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - res: / / C: \ Programme \ Nuance-PDF Professional 6 \ Bin \ ZeonIEFavClient.dll / ZeonIECapture.HTML
O8 - Extra context menu item: PDF-Datei erstellen - res: / / C: \ Programme \ Nuance-PDF Professional 6 \ Bin \ ZeonIEFavClient.dll / ZeonIECapture.HTML
O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - res: / / C: \ Programme \ Nuance-PDF Professional 6 \ Bin \ ZeonIEFavClient.dll / ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: Seite mit Google übersetzen - C: \ Dokumente und Einstellungen \ Vicini Egon \ Anwendungsdaten \ TuneUp Software \ TuneUp Utilities \ Web \ gtranslate.htm
O9 - Extra button: Mobilen Favoriten erstellen - (2EAF5BB1-070F-11D3-9307-00C04FAE2D4F) - C: \ PROGRA ~ 1 \ MI3AA1 ~ 1 \ INetRepl.dll
O9 - Extra Knopf: (no name) - (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - C: \ PROGRA ~ 1 \ MI3AA1 ~ 1 \ INetRepl.dll
O9 - Extra ‚Tools‘ menuitem: Mobilen Favoriten erstellen … - (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - C: \ PROGRA ~ 1 \ MI3AA1 ~ 1 \ INetRepl.dll
O9 - Extra button: Recherchieren - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra Knopf: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra ‚Tools‘ menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ Nwprovau.dll
O15 - Trusted Zone: http://office.microsoft.com
O15 - ESC Trusted Zone: http:// *. update.microsoft.com
O16 - DPF: (0CCA191D-13A6-4E29-B746-314DEE697D83) (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5…
O16 - DPF: (0D41B8C5-2599-4893-8183-00195EC8D5F9) (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5C…
O16 - DPF: (6D2EF4B4-CB62-4C0B-85F3-B79C236D702C) (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Con…
O16 - DPF: (8100D56A-5661-482C-BEE8-AFECE305D968) (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5…
O16 - DPF: (E2883E8F-472 f-4FB0-9522-AC9BF37916A7) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - (9462A756-7B47-47BC-8C80-C34B9B80B32B) - C: \ Programme \ Logitech \ Desktop Messenger \ 8876480 \ Programme \ GAPlugProtocol-8876480.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C: \ Programme \ Adobe \ Photoshop Elements 6.0 \ PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK Computer Inc. - C: \ WINDOWS \ ATKKBService.exe
O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C: \ Programme \ Brother \ BRAdmin Professional 3 \ bratimer.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C: \ WINDOWS \ system32 \ BRSVC01A.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Programme \ Gemeinsame Dateien \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C: \ Programme \ Google \ Update \ GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C: \ Programme \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programme \ Gemeinsame Dateien \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \ Programme \ Java \ JRE6 \ bin \ jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C: \ Programme \ Gemeinsame Dateien \ Logishrd \ Bluetooth \ LBTServ.exe
O23 - Service: NBService - Nero AG - C: \ Programme \ Nero 7 \ Nero 7 \ Nero BackItUp \ NBService.exe
O23 - Service: NMIndexingService - Nero AG - C: \ Programme \ Gemeinsame Dateien \ Ahead \ Lib \ NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Security, SL - C: \ Programme \ Panda Security \ Panda Internet Security 2010 \ PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, SL - C: \ Programme \ Panda Security \ Panda Internet Security 2010 \ PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, SL - C: \ Programme \ Gemeinsame Dateien \ Panda Security \ PavShld \ pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, SL - C: \ Programme \ Panda Security \ Panda Internet Security 2010 \ pavsrv51.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C: \ WINDOWS \ system32 \ IoctlSvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Security International - c: \ programme \ Panda Security \ Panda Internet Security 2010 \ Firewall \ PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security SL - C: \ Programme \ Panda Security \ Panda Internet Security 2010 \ psimsvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, SL - C: \ Programme \ Panda Security \ Panda Internet Security 2010 \ PskSvc.exe
O23 - Service: SupportSoft Sprocket Service (sunrise) (sprtsvc_sunrise) - SupportSoft, Inc. - C: \ Programme \ Sunrise \ bin \ sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C: \ Programme \ Gemeinsame Dateien \ SupportSoft \ bin \ ssrc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, SL - C: \ Programme \ Panda Security \ Panda Internet Security 2010 \ TPSrv.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C: \ Programme \ TuneUp Utilities 2010 \ TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C: \ Programme \ TuneUp Utilities 2010 \ TuneUpUtilitiesService32.exe
–
End of file - 15923 bytes
).