log checken, danke

The Don - D.R.

hallo meine freundin hat ein problem mit dem computer.
sie denkt sie hat trojaner drauf.
sie hat mir das logfile von hjt geschickt

sehts mal an
danke

Logfile of HijackThis v1.99.1
Scan saved at 20:14:02, on 08.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\WINDOWS\ASUSKBService.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\System32\GEARSec.exe
P:\Programme\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programme\Messenger Plus! 3\MsgPlus.exe
C:\Programme\Creative\ShareDLL\CtNotify.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
P:\HP Software Update\HPWuSchd2.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
P:\Programme\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Creative\ShareDLL\Mediadet.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
P:\Eigene Dateien\Meine empfangenen Dateien\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.baxxqxmzuiebymig.com/Jmuu...soeFif5pSC.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.knuddels.ch/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2816A1BB-E335-F0A9-22BD-F3D3560332E2} - C:\DOKUME~1\NDY~1\ANWEND~1\COPYSO~1\media settings.exe
O2 - BHO: (no name) - {73D5541D-7EEB-F4F1-7484-E83592D6AA2E} - C:\PROGRA~1\COPYSO~1\media settings.exe (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: Übersetzer - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - P:\Programme\PRMT6\PRMTIE\prmtie.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [does rdr burn option] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\proc dupe does rdr\spam beep.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Programme\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programme\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [face save license creative] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\loadinterfacesave\city beep.exe
O4 - HKLM\..\Run: [HP Software Update] "P:\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOKUME~1\NDY~1\LOKALE~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [Norton Ghost 9.0] P:\Programme\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BurnGlobal] C:\DOKUME~1\NDY~1\ANWEND~1\BUILDD~1\pingamenlogo.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .aif: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mp3: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {14F65762-96FB-44B9-8DAC-93845F377A0E} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ASUSKBService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Ghost - Symantec Corporation - P:\Programme\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

__________________
-Hijackthis Anleitung
-killbox

-System neuaufsetzen