Hallo und HILFE!
Hab seit gestern irgend einen dreck auf meinem rechner. Anfangs nannte sich das ganze noch "malware protector 2008".Daraufhin hab ich mich im netz darüber erkundigt und mir wurde zum programm namens "SPYWAREfighter" geraten.Dieses
hab ich dann auch gleich gestartet und es sah zunächst auch danach aus als ob es was gebracht hätte.Vorher wurde nach etwa 2 min. mein screen immer wieder blau.Dies ist nun nicht mehr der fall.
Als ich jedoch heute meinen PC wieder anmache nennt sich jetzt der sch***
"Antivirus XP 2008" und scannt ohne zustimmung meine komplette festplatte nach viren ab.
Mein AntiVir Guard meldet nun:"C:\WINDOWS\system32\oktsse.dll ist das trojanische Pferd TR/Pakes.czu". Da ich ein PC rookie bin suche ich jetzt deshalb jemanden mit etwas geduld und der nicht mit fach-chinesisch um sich schmeisst, da ich sonst nur bahnhof verstehe.
Hoffe auf baldige HILFE sonst bin ich verloren

Hallo thimothee und




Malwarebytes' Anti-Malware

• Lies dir die Entfernungsanleitung durch und lass alles entfernen was gefunden wurde:

• Download von Malwarebytes' Anti-Malware

Erstellung eines Hijacklog

• Hier gibt es die Anleitung -> http://www.trojaner-board.de/51130-a...ijackthis.html

Hallo und vielen dank schon mal im voraus.
Malwarebytes' Anti-Malware 1.20
Datenbank Version: 944
Windows 5.1.2600 Service Pack 2

15:40:02 13.07.2008
mbam-log-7-13-2008 (15-40-02).txt

Scan Art: Komplett Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|L:\|)
Objekte gescannt: 113074
Scan Dauer: 1 hour(s), 3 minute(s), 32 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 19
Infizierte Registrierungswerte: 5
Infizierte Datei Objekte der Registrierung: 4
Infizierte Verzeichnisse: 27
Infizierte Dateien: 36

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{5f1abcdb-a875-46c1-8345-b72a4567e486} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7b9a715e-9d87-4c21-bf9e-f914f2fa953f} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00000010-6f7d-442c-93e3-4a4827c2e4c8} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6f7d-442c-93e3-4a4827c2e4c8} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj.1 (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cea206e8-8057-4a04-ace9-ff0d69a92297} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\istactivex.installer (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\istactivex.installer.2 (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pugi.pugiobj (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5f1abcdb-a875-46c1-8345-b72a4567e486} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcesqj0ecf1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smshc9sqj0ecf1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcasqj0ecf1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Datei Objekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Programme\180solutions (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Delete on reboot.
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\Programme\ISTsvc (Adware.ISTBar) -> Quarantined and deleted successfully.
C:\Programme\rhcasqj0ecf1 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\shc9sqj0ecf1 (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\shc9sqj0ecf1\Quarantine (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\shc9sqj0ecf1\Quarantine\Autorun (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\shc9sqj0ecf1\Quarantine\Autorun\HKCU (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\shc9sqj0ecf1\Quarantine\Autorun\HKCU\RunOnce (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\shc9sqj0ecf1\Quarantine\Autorun\HKLM (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\shc9sqj0ecf1\Quarantine\Autorun\HKLM\RunOnce (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\shc9sqj0ecf1\Quarantine\Autorun\StartMenuAllUsers (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\shc9sqj0ecf1\Quarantine\Autorun\StartMenuCurrentUser (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\shc9sqj0ecf1\Quarantine\BrowserObjects (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\shc9sqj0ecf1\Quarantine\Packages (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\rhcasqj0ecf1 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\rhcasqj0ecf1\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\rhcasqj0ecf1\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\rhcasqj0ecf1\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\rhcasqj0ecf1\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\rhcasqj0ecf1\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\rhcasqj0ecf1\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\rhcasqj0ecf1\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\rhcasqj0ecf1\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\rhcasqj0ecf1\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\rhcasqj0ecf1\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Dokumente und Einstellungen\""\Eigene Dateien\Eigene Downloads\SetupCasino.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\ASCARON\ANSTOSS 2\a2_datensatz_03-04_4.0.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Programme\rhcasqj0ecf1\rhcasqj0ecf1Skin.dll (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Programme\180solutions\log.bak.txt (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Programme\180solutions\log0.txt (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wsnpoem\audio.dll.cla (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Delete on reboot.
C:\Programme\rhcasqj0ecf1\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhcasqj0ecf1\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhcasqj0ecf1\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhcasqj0ecf1\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhcasqj0ecf1\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhcasqj0ecf1\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhcasqj0ecf1\rhcasqj0ecf1.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhcasqj0ecf1\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinCtrl32.dl1 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinNt32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcesqj0ecf1.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcesqj0ecf1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcesqj0ecf1.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcesqj0ecf1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> Delete on reboot.
C:\Dokumente und Einstellungen\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Lokale Einstellungen\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Lokale Einstellungen\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Lokale Einstellungen\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Lokale Einstellungen\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Lokale Einstellungen\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Lokale Einstellungen\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Lokale Einstellungen\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\""\Lokale Einstellungen\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

Und hier noch der Hijacklog
#Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:27, on 13.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web.de Firefox\adminsvcff.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\htpatch.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
C:\Programme\SPYWAREfighter\spftray.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\SPYWAREfighter\spfprc.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = h**p://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.iquicksearch.net/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = h**p://www.web.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=www-proxy.btx.dtag.de:80;h**p=www-proxy.btx.dtag.de:80
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: 64.159.94.251 auto.search.msn.com
O1 - Hosts: 64.159.94.251 auto.search.msn.com
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BHO Class - {D3F01312-8A3D-4D41-A4FA-FB61D295CB6B} - C:\WINDOWS\System32\surebar.dll (file missing)
O2 - BHO: BHObj Class - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O3 - Toolbar: Search Bar - {270B845C-712C-4773-BEE0-AE2D2001CD0F} - C:\WINDOWS\System32\surebar.dll (file missing)
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\Programme\DashBar\DashBar21.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [qkqwodm] C:\WINDOWS\System32\gqfnxq.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programme\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKLM\..\Policies\Explorer\Run: [SystemManager] C:\WINDOWS\System32\dpnpast.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {01E9CF82-AE9D-42BA-A629-B23D51A4B86B} - h**p://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=h**p://www.medion.com/
O16 - DPF: Yahoo! Chat - http://h**p://us.chat1.yimg.com/us.y.../c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://h**p://us.chat1.yimg.com/us.y...45/yacscom.cab
O16 - DPF: {B8AB2281-447F-482B-86E9-1F0ED5973637} - h**p://www.isurfplus.com/sure.cab
O16 - DPF: {D34151C8-0C6C-4A7D-B677-4FCC9552E957} (snConnect Class) - http://h**p://www.bcnx.com/SunInfoCo...com_medium.cab
O16 - DPF: {D67AC55A-B750-41A4-BEE6-020E017A7996} - http://h**p://install.cokemusic.de/c...LER_loader.exe
O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} (Installer Class) - http://h**p://www.xxxtoolbar.com/ist.../v3.0/0006.cab
O20 - Winlogon Notify: oktsse - C:\WINDOWS\SYSTEM32\oktsse.dll
O20 - Winlogon Notify: pnkazqwvpty - C:\WINDOWS\SYSTEM32\wtiazdsu.dll
O20 - Winlogon Notify: WinNt64 - C:\WINDOWS\SYSTEM32\WinNt64.dll
O23 - Service: WEB.DE Firefox Update (AdminSVCff) - hablamax - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web.de Firefox\adminsvcff.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programme\SPYWAREfighter\spfprc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10220 bytes#

[edit]
bitte eröffne, wie jeder andere hier auch, für dein problem einen eigenen beitrag
nur so wird sichergestellt, das jedem user übersichtlich und individuell geholfen werden kann

danke
GUA

[/edit]

Zum Entfernen von Antivirusxp habe ich avira antivirus professional gekauft, das kostenlose Antivirus Classic reicht nicht. Kostenpunkt ca. 20.-- €. Entfernt dieses mistige antivirusxp einwandfrei. Ist natürlich eine Frage des eigenen kalkulatorischen Stundenlohnes