Okay, now I'm scared!
What does AntiVir do the hole day? Well, I'm just happy that I don't do any online banking...
Anyway, the ATF-Cleaner crashes for no apparent reason.
Opera on top is grey, I can't select it...
Here the logs:
Logfile of HijackThis v1.99.1
Scan saved at 11:53:38, on 17.09.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\Programme\Winamp3\winampa.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Programme\DDC\LevelOne_USB_802.11g_Utility\LevelOneWlan.exe
C:\Programme\Opera\Opera.exe
C:\Programme\Hijackthis\jet.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.alice-dsl.deR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.alice-dsl.deR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus COLOR 580 (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P32 "EPSON Stylus COLOR 580 (Kopie 1)" /O6 "USB001" /M "Stylus COLOR 580"
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LevelOne 11g Wireless USB.lnk = C:\Programme\DDC\LevelOne_USB_802.11g_Utility\LevelOneWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1137759702170O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
...and the Panda stuff
Incident Status Location
Adware:adware/commad Not disinfected c:\windows\system32\atmtd.dll
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\USYP_0001_N76M2004NetInstaller.exe
Adware:adware/dollarrevenue Not disinfected c:\windows\drsmartload.dat
Adware:adware/maxifiles Not disinfected c:\programme\gemeinsame dateien\Download
Potentially unwanted tool:application/sysprotect Not disinfected hkey_local_machine\software\classes\appid\CheckProduct2_1.DLL
Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\druid\Lokale Einstellungen\Temp\nsd5.tmp
Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\druid\Lokale Einstellungen\Temp\nsi42.tmp
Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\druid\Lokale Einstellungen\Temp\nsy35.tmp
Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Dokumente und Einstellungen\druid\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LKIP0G4C\WinFixer2005ScannerInstallDE[1].exe
Adware:Adware/Maxifiles Not disinfected C:\Programme\Gemeinsame Dateien\Windows\services32.exe
Adware:Adware/Maxifiles Not disinfected C:\Programme\Hijackthis\backups\backup-20060916-140609-233.dll
Adware:Adware/SearchAid Not disinfected C:\RECYCLER\S-1-5-21-1715567821-1958367476-682003330-500\Dc2\netmon.exe
Adware:Adware/IST.ISTBar Not disinfected C:\WINDOWS\system32\awvts.dll
Adware:Adware/CommAd Not disinfected C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\W1FS2YI8\installer[1].exe
Virus:W32/Sdbot.ftp.worm Disinfected C:\WINDOWS\system32\i
Adware:Adware/IST.ISTBar Not disinfected C:\WINDOWS\system32\mljjg.dll
Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\system32\Tools\Restart.exe
Adware:Adware/IST.ISTBar Not disinfected C:\WINDOWS\system32\vtsqo.dll
Adware:Adware/IST.ISTBar Not disinfected C:\WINDOWS\system32\vturp.dll
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\uninstall_nmon.vbs
Adware:Adware/CommAd Not disinfected C:\WINDOWS\ZHJ1aWQ\asappsrv.dll
Adware:Adware/CommAd Not disinfected C:\WINDOWS\ZHJ1aWQ\tJLYuqk.vbs