Wer kann mir helfen den lästigen WinFixer loszuwerden?
Habe leider keine tieferen PC Kenntnisse, hier schonmal mein Logfile...
und Dank im vorraus...
gruß galsworty

Logfile of HijackThis v1.99.1
Scan saved at 20:04:27, on 14.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\MSI\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\??anregw.exe
C:\Programme\dotw\suso.exe
C:\Programme\MSI\Bluetooth Software\BTTray.exe
C:\WINDOWS\twain_32\C6U14K\WATCH.exe
C:\WINDOWS\system32\devldr32.exe
C:\Dokumente und Einstellungen\User\Desktop\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.t-online.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {18ABE2FB-7C37-55C6-42C7-55A05A89FECB} - (no file)
O2 - BHO: (no name) - {8B0DC74E-59D0-5F71-86E1-7AA2A8F066CD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: (no name) - {BF259DA3-0E3D-799B-4CE3-2777D7B00B9C} - C:\WINDOWS\system32\miec.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKCU\..\Run: [Lkzfra] C:\WINDOWS\system32\??anregw.exe
O4 - HKCU\..\Run: [Rscb] "C:\Programme\dotw\suso.exe" -vt rbnd
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\C6U14K\WATCH.exe
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Programme\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {90019B5E-9FCA-4B17-A84B-6586A84E63F5} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {90019B5E-9FCA-4B17-A84B-6586A84E63F5} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 209.8.20.130
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103651328261
O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} - (no file)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)

[edit]
links entfernt
[/edit]

Ich denke mal, dass Du Dir den hier eingefangen hast:
http://www.sophos.de/virusinfo/analyses/trojmadrb.html

Um zu sehen, was los ist, mache einen escann genau nach Cidres Anleitung und poste das mit der find.bat erzeugte Log:
http://www.trojaner-board.de/showthread.php?t=17492

Hallo felix1...
hat ein bischen gedauert.... hier ist der eScan_neu.text
wie geht es jetzt weiter? kann ich den abgesicherten Modus schon verlassen?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fri Oct 14 23:32:45 2005 => System found infected with coolwebsearch Spyware/Adware ({3f143c3a-1457-6cca-03a7-7aa23b61e40f})! Action taken: No Action Taken.
Fri Oct 14 23:32:45 2005 => System found infected with istbar Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
Fri Oct 14 23:32:46 2005 => System found infected with dyfuca Spyware/Adware ({aa4939c3-deca-4a48-a454-97cd587c0ef5})! Action taken: No Action Taken.
Fri Oct 14 23:32:46 2005 => System found infected with dyfuca Spyware/Adware ({eee4a2e5-9f56-432f-a6ed-f6f625b551e0})! Action taken: No Action Taken.
Fri Oct 14 23:32:49 2005 => System found infected with roings Spyware/Adware (objsafe.tlb)! Action taken: No Action Taken.
Fri Oct 14 23:32:49 2005 => System found infected with midaddle Spyware/Adware (!update.exe)! Action taken: No Action Taken.
Fri Oct 14 23:32:49 2005 => System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken.
Fri Oct 14 23:32:49 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken.
Fri Oct 14 23:32:52 2005 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken.
Fri Oct 14 23:32:58 2005 => System found infected with midaddle Spyware/Adware (!update.exe)! Action taken: No Action Taken.
Fri Oct 14 23:32:58 2005 => System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken.
Fri Oct 14 23:32:58 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken.
Fri Oct 14 23:33:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Fri Oct 14 23:33:02 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
Fri Oct 14 23:33:03 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Fri Oct 14 23:33:03 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
Fri Oct 14 23:49:32 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Fri Oct 14 23:49:32 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\DNLILN32.EXE.VIR
Fri Oct 14 23:49:32 2005 => File C:\Programme\AVPersonal\INFECTED\DNLILN32.EXE.VIR infected by "Backdoor.Win32.Padodor.al" Virus! Action Taken: No Action Taken.
Fri Oct 14 23:57:23 2005 => Scanning File C:\Programme\Guitar Pro 4\Guitar Pro Tabs\B\Bad Religion\Bad Religion - Infected.gp3
Sat Oct 15 00:00:01 2005 => Scanning File C:\Programme\Guitar Pro 4\Guitar Pro Tabs\mix\Bad Religion - Infected.gp3
Sat Oct 15 01:03:29 2005 => File C:\WINDOWS\system32\drivers\etc\HOSTS.bak infected by "Trojan.Win32.Qhost.k" Virus! Action Taken: No Action Taken.
Sat Oct 15 01:16:35 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fri Oct 14 23:32:16 2005 => File C:\WINDOWS\system32\miec.dll tagged as "not-a-virus:AdWare.Win32.PurityScan.ak". Action Taken: No Action Taken.
Fri Oct 14 23:35:57 2005 => File C:\Dokumente und Einstellungen\User\Desktop\Downloads\BSINSTALLDE.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fri Oct 14 23:32:47 2005 => Offending Key found: HKLM\Software\kazaa !!!
Fri Oct 14 23:32:47 2005 => Offending Key found: HKCU\Software\kazaa !!!
Fri Oct 14 23:32:49 2005 => Offending Folder found: C:\WINDOWS\DOWNLO~1\conflict.1
Fri Oct 14 23:32:49 2005 => Offending file found: C:\WINDOWS\system32\objsafe.tlb
Fri Oct 14 23:32:49 2005 => Offending file found: C:\DOKUME~1\User\LOKALE~1\Temp\!update.exe
Fri Oct 14 23:32:49 2005 => Offending file found: C:\DOKUME~1\User\LOKALE~1\Temp\cmdlineext02.dll
Fri Oct 14 23:32:49 2005 => Offending file found: C:\DOKUME~1\User\LOKALE~1\Temp\insthelp.dll
Fri Oct 14 23:32:52 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Favoriten\ebay.url
Fri Oct 14 23:32:58 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\!update.exe
Fri Oct 14 23:32:58 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\cmdlineext02.dll
Fri Oct 14 23:32:58 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\insthelp.dll
Fri Oct 14 23:33:01 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temporary internet files\content.ie5\kxkxer6d\common[1].js
Fri Oct 14 23:33:02 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temporary internet files\content.ie5\upnsxcvy\show_ads[2].js
Fri Oct 14 23:33:03 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary Internet Files\content.ie5\kxkxer6d\common[1].js
Fri Oct 14 23:33:03 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary Internet Files\content.ie5\upnsxcvy\show_ads[2].js
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Oct 15 01:16:35 2005 => Total Virus(es) Found: 23
Sat Oct 15 01:16:35 2005 => Total Errors: 49
Sat Oct 15 01:16:35 2005 => Time Elapsed: 01:44:37
Sat Oct 15 01:16:35 2005 => Total Objects Scanned: 92328

Zu dieser Nachtzeit poste mal dein log hier hin.>
http://hijackthis.de/
Wenn du danach nicht klar komms dann wieder hier hin.
MfG Tomita

Danke Tomita...
habe bei heijackthis meine logfiles auswerten lassen und 7 Meldungen bekommen. Was mache ich jetzt damit, soll ich die Dateien suchen und von Hand löschen?
Zur Sicherheit schaut euch bitte meinen scan an.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fri Oct 14 23:32:45 2005 => System found infected with coolwebsearch Spyware/Adware ({3f143c3a-1457-6cca-03a7-7aa23b61e40f})! Action taken: No Action Taken.
Fri Oct 14 23:32:45 2005 => System found infected with istbar Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
Fri Oct 14 23:32:46 2005 => System found infected with dyfuca Spyware/Adware ({aa4939c3-deca-4a48-a454-97cd587c0ef5})! Action taken: No Action Taken.
Fri Oct 14 23:32:46 2005 => System found infected with dyfuca Spyware/Adware ({eee4a2e5-9f56-432f-a6ed-f6f625b551e0})! Action taken: No Action Taken.
Fri Oct 14 23:32:49 2005 => System found infected with roings Spyware/Adware (objsafe.tlb)! Action taken: No Action Taken.
Fri Oct 14 23:32:49 2005 => System found infected with midaddle Spyware/Adware (!update.exe)! Action taken: No Action Taken.
Fri Oct 14 23:32:49 2005 => System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken.
Fri Oct 14 23:32:49 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken.
Fri Oct 14 23:32:52 2005 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken.
Fri Oct 14 23:32:58 2005 => System found infected with midaddle Spyware/Adware (!update.exe)! Action taken: No Action Taken.
Fri Oct 14 23:32:58 2005 => System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken.
Fri Oct 14 23:32:58 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken.
Fri Oct 14 23:33:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Fri Oct 14 23:33:02 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
Fri Oct 14 23:33:03 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Fri Oct 14 23:33:03 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
Fri Oct 14 23:49:32 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Fri Oct 14 23:49:32 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\DNLILN32.EXE.VIR
Fri Oct 14 23:49:32 2005 => File C:\Programme\AVPersonal\INFECTED\DNLILN32.EXE.VIR infected by "Backdoor.Win32.Padodor.al" Virus! Action Taken: No Action Taken.
Fri Oct 14 23:57:23 2005 => Scanning File C:\Programme\Guitar Pro 4\Guitar Pro Tabs\B\Bad Religion\Bad Religion - Infected.gp3
Sat Oct 15 00:00:01 2005 => Scanning File C:\Programme\Guitar Pro 4\Guitar Pro Tabs\mix\Bad Religion - Infected.gp3
Sat Oct 15 01:03:29 2005 => File C:\WINDOWS\system32\drivers\etc\HOSTS.bak infected by "Trojan.Win32.Qhost.k" Virus! Action Taken: No Action Taken.
Sat Oct 15 01:16:35 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fri Oct 14 23:32:16 2005 => File C:\WINDOWS\system32\miec.dll tagged as "not-a-virus:AdWare.Win32.PurityScan.ak". Action Taken: No Action Taken.
Fri Oct 14 23:35:57 2005 => File C:\Dokumente und Einstellungen\User\Desktop\Downloads\BSINSTALLDE.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fri Oct 14 23:32:47 2005 => Offending Key found: HKLM\Software\kazaa !!!
Fri Oct 14 23:32:47 2005 => Offending Key found: HKCU\Software\kazaa !!!
Fri Oct 14 23:32:49 2005 => Offending Folder found: C:\WINDOWS\DOWNLO~1\conflict.1
Fri Oct 14 23:32:49 2005 => Offending file found: C:\WINDOWS\system32\objsafe.tlb
Fri Oct 14 23:32:49 2005 => Offending file found: C:\DOKUME~1\User\LOKALE~1\Temp\!update.exe
Fri Oct 14 23:32:49 2005 => Offending file found: C:\DOKUME~1\User\LOKALE~1\Temp\cmdlineext02.dll
Fri Oct 14 23:32:49 2005 => Offending file found: C:\DOKUME~1\User\LOKALE~1\Temp\insthelp.dll
Fri Oct 14 23:32:52 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Favoriten\ebay.url
Fri Oct 14 23:32:58 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\!update.exe
Fri Oct 14 23:32:58 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\cmdlineext02.dll
Fri Oct 14 23:32:58 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\insthelp.dll
Fri Oct 14 23:33:01 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temporary internet files\content.ie5\kxkxer6d\common[1].js
Fri Oct 14 23:33:02 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temporary internet files\content.ie5\upnsxcvy\show_ads[2].js
Fri Oct 14 23:33:03 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary Internet Files\content.ie5\kxkxer6d\common[1].js
Fri Oct 14 23:33:03 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary Internet Files\content.ie5\upnsxcvy\show_ads[2].js
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Oct 15 01:16:35 2005 => Total Virus(es) Found: 23
Sat Oct 15 01:16:35 2005 => Total Errors: 49
Sat Oct 15 01:16:35 2005 => Time Elapsed: 01:44:37
Sat Oct 15 01:16:35 2005 => Total Objects Scanned: 92328
Fri Oct 14 23:30:07 2005 => Virus Database Date: 2005/10/08
Sat Oct 15 01:16:35 2005 => Virus Database Date: 2005/10/08
Sat Oct 15 01:21:45 2005 => Virus Database Date: 2005/10/08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

Lade und update Ad-aware und Spybot und lasse die Programme laufen.
http://www.comsafe.de/download.html
Installiere cleanup, rufe es auf und setze den Haken bei alles löschen und dann Löschen drücken.
http://www.clearprog.de/

Lösche die Quarantäneordner des AV-Programmes. Lösche die Datei mwav.log im Verzeichnis c:\bases_x. Neuer escan. Neues HJT-Log.

Hallo Felix1,
habe alles so gemacht wie du es beschrieben hast.
Der winfixer ist aber immer noch da....
hier die neuen logfiles

[edit]
bitte editiere deine links wie es dir u.a. hier angezeigt wird:

http://www.trojaner-board.de/showpost.php?p=171957&postcount=1


danke
GUA
[/edit]

Hallo Felix1,
habe alles so gemacht wie du es beschrieben hast.
Der winfixer ist aber immer noch da....
hier die neuen logfiles
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Oct 16 16:01:21 2005 => System found infected with coolwebsearch Spyware/Adware ({3f143c3a-1457-6cca-03a7-7aa23b61e40f})! Action taken: No Action Taken.
Sun Oct 16 16:01:21 2005 => System found infected with istbar Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
Sun Oct 16 16:01:22 2005 => System found infected with dyfuca Spyware/Adware ({aa4939c3-deca-4a48-a454-97cd587c0ef5})! Action taken: No Action Taken.
Sun Oct 16 16:01:22 2005 => System found infected with dyfuca Spyware/Adware ({eee4a2e5-9f56-432f-a6ed-f6f625b551e0})! Action taken: No Action Taken.
Sun Oct 16 16:01:24 2005 => System found infected with roings Spyware/Adware (objsafe.tlb)! Action taken: No Action Taken.
Sun Oct 16 16:01:25 2005 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken.
Sun Oct 16 16:14:19 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Sun Oct 16 16:20:54 2005 => Scanning File C:\Programme\Guitar Pro 4\Guitar Pro Tabs\B\Bad Religion\Bad Religion - Infected.gp3
Sun Oct 16 16:23:08 2005 => Scanning File C:\Programme\Guitar Pro 4\Guitar Pro Tabs\mix\Bad Religion - Infected.gp3
Sun Oct 16 17:24:17 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Oct 16 16:01:00 2005 => File C:\WINDOWS\system32\miec.dll tagged as "not-a-virus:AdWare.Win32.PurityScan.ak". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Oct 16 16:01:23 2005 => Offending Key found: HKLM\Software\kazaa !!!
Sun Oct 16 16:01:23 2005 => Offending Key found: HKCU\Software\kazaa !!!
Sun Oct 16 16:01:24 2005 => Offending Folder found: C:\WINDOWS\DOWNLO~1\conflict.1
Sun Oct 16 16:01:24 2005 => Offending file found: C:\WINDOWS\system32\objsafe.tlb
Sun Oct 16 16:01:25 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Favoriten\ebay.url
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Oct 16 17:24:17 2005 => Total Virus(es) Found: 10
Sun Oct 16 17:24:17 2005 => Total Errors: 56
Sun Oct 16 17:24:17 2005 => Time Elapsed: 01:23:35
Sun Oct 16 17:24:17 2005 => Total Objects Scanned: 90244
Sun Oct 16 15:59:11 2005 => Virus Database Date: 2005/10/08
Sun Oct 16 17:24:17 2005 => Virus Database Date: 2005/10/08
Sun Oct 16 17:31:03 2005 => Virus Database Date: 2005/10/08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~
Logfile of HijackThis v1.99.1
Scan saved at 17:38:31, on 16.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\??anregw.exe
C:\Programme\dotw\suso.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\WINDOWS\twain_32\C6U14K\WATCH.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\MSI\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\User\Desktop\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {18ABE2FB-7C37-55C6-42C7-55A05A89FECB} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8B0DC74E-59D0-5F71-86E1-7AA2A8F066CD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: (no name) - {BF259DA3-0E3D-799B-4CE3-2777D7B00B9C} - C:\WINDOWS\system32\miec.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKCU\..\Run: [Lkzfra] C:\WINDOWS\system32\??anregw.exe
O4 - HKCU\..\Run: [Rscb] "C:\Programme\dotw\suso.exe" -vt rbnd
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\C6U14K\WATCH.exe
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Programme\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {90019B5E-9FCA-4B17-A84B-6586A84E63F5} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {90019B5E-9FCA-4B17-A84B-6586A84E63F5} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 209.8.20.130
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1103651328261
O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} - (no file)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)

Hallo Felix1,
habe alles so gemacht wie du es beschrieben hast.
Der winfixer ist aber immer noch da....
hier die neuen logfiles
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Oct 16 16:01:21 2005 => System found infected with coolwebsearch Spyware/Adware ({3f143c3a-1457-6cca-03a7-7aa23b61e40f})! Action taken: No Action Taken.
Sun Oct 16 16:01:21 2005 => System found infected with istbar Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
Sun Oct 16 16:01:22 2005 => System found infected with dyfuca Spyware/Adware ({aa4939c3-deca-4a48-a454-97cd587c0ef5})! Action taken: No Action Taken.
Sun Oct 16 16:01:22 2005 => System found infected with dyfuca Spyware/Adware ({eee4a2e5-9f56-432f-a6ed-f6f625b551e0})! Action taken: No Action Taken.
Sun Oct 16 16:01:24 2005 => System found infected with roings Spyware/Adware (objsafe.tlb)! Action taken: No Action Taken.
Sun Oct 16 16:01:25 2005 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken.
Sun Oct 16 16:14:19 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Sun Oct 16 16:20:54 2005 => Scanning File C:\Programme\Guitar Pro 4\Guitar Pro Tabs\B\Bad Religion\Bad Religion - Infected.gp3
Sun Oct 16 16:23:08 2005 => Scanning File C:\Programme\Guitar Pro 4\Guitar Pro Tabs\mix\Bad Religion - Infected.gp3
Sun Oct 16 17:24:17 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Oct 16 16:01:00 2005 => File C:\WINDOWS\system32\miec.dll tagged as "not-a-virus:AdWare.Win32.PurityScan.ak". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Oct 16 16:01:23 2005 => Offending Key found: HKLM\Software\kazaa !!!
Sun Oct 16 16:01:23 2005 => Offending Key found: HKCU\Software\kazaa !!!
Sun Oct 16 16:01:24 2005 => Offending Folder found: C:\WINDOWS\DOWNLO~1\conflict.1
Sun Oct 16 16:01:24 2005 => Offending file found: C:\WINDOWS\system32\objsafe.tlb
Sun Oct 16 16:01:25 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Favoriten\ebay.url
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Oct 16 17:24:17 2005 => Total Virus(es) Found: 10
Sun Oct 16 17:24:17 2005 => Total Errors: 56
Sun Oct 16 17:24:17 2005 => Time Elapsed: 01:23:35
Sun Oct 16 17:24:17 2005 => Total Objects Scanned: 90244
Sun Oct 16 15:59:11 2005 => Virus Database Date: 2005/10/08
Sun Oct 16 17:24:17 2005 => Virus Database Date: 2005/10/08
Sun Oct 16 17:31:03 2005 => Virus Database Date: 2005/10/08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~
Logfile of HijackThis v1.99.1
Scan saved at 17:38:31, on 16.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\??anregw.exe
C:\Programme\dotw\suso.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\WINDOWS\twain_32\C6U14K\WATCH.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\MSI\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\***\Desktop\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://***.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://***.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://***.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://**.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://***.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://h**p://***.microsoft.com/isap...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://h**p://***.microsoft.com/isap...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://***.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://***.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://***.google.com/keyword/%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {18ABE2FB-7C37-55C6-42C7-55A05A89FECB} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8B0DC74E-59D0-5F71-86E1-7AA2A8F066CD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: (no name) - {BF259DA3-0E3D-799B-4CE3-2777D7B00B9C} - C:\WINDOWS\system32\miec.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKCU\..\Run: [Lkzfra] C:\WINDOWS\system32\??anregw.exe
O4 - HKCU\..\Run: [Rscb] "C:\Programme\dotw\suso.exe" -vt rbnd
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\C6U14K\WATCH.exe
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Programme\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {90019B5E-9FCA-4B17-A84B-6586A84E63F5} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {90019B5E-9FCA-4B17-A84B-6586A84E63F5} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 209.8.20.130
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://h**p://v5.windowsupdate.micro...?1103651328261
O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} - (no file)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)

Lade dir mal das Programm Regseeker und säuber mit diesem Deine Registry.
http://www.zdnet.de/downloads/prg/3/c/de0T3C_is-wc.html

Hi, habe das Programm Regseeker laufen lassen. Die Registry ist jetzt sauber und ich meine der Rechner ist jetzt schneller als vorher.... aber der WinFixer ist immer noch da...