brauche bitte hilfe bei trojanern

snappy

Hey,
ich sitze grad an einem Computer von bekannten und versuche zu retten,was zu retten ist. Scheint so als haette der Sohn sich beim surfen etwas eingefangen.
Bisher ist AVG installiert hab aber nun Avira installier da ich damit besser arbeiten kann. Desweiteren habe ich Spybot heraufgespielt.
Nach einem fast 1,5Std. Systemcheck kam dies heraus




Avira AntiVir Personal
Report file date: 02 August 2008 20:45

Scanning for 1528705 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DESKTOP2

Version information:
BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 11:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 14:54:15
ANTIVIR2.VDF : 7.0.5.174 2027008 Bytes 25/07/2008 19:33:31
ANTIVIR3.VDF : 7.0.5.205 285696 Bytes 01/08/2008 19:33:40
Engineversion : 8.1.1.15
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 09:46:50
AESCRIPT.DLL : 8.1.0.61 311675 Bytes 02/08/2008 19:34:26
AESCN.DLL : 8.1.0.23 119156 Bytes 02/08/2008 19:34:23
AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 09:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 02/08/2008 19:34:21
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 02/08/2008 19:34:17
AEHEUR.DLL : 8.1.0.44 1343863 Bytes 02/08/2008 19:34:13
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 09:46:50
AEGEN.DLL : 8.1.0.32 315765 Bytes 02/08/2008 19:33:57
AEEMU.DLL : 8.1.0.7 430452 Bytes 02/08/2008 19:33:52
AECORE.DLL : 8.1.1.8 172406 Bytes 02/08/2008 19:33:46
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 09:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 02/08/2008 19:33:42
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 02 August 2008 20:45

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'win69.exe' - '1' Module(s) have been scanned
Scan process 'DrvMon.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'avgcc.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned
Scan process 'KService.exe' - '1' Module(s) have been scanned
Scan process 'E_S30RP1.EXE' - '1' Module(s) have been scanned
Scan process 'BcmSqlStartupSvc.exe' - '1' Module(s) have been scanned
Scan process 'avgupsvc.exe' - '1' Module(s) have been scanned
Scan process 'avgamsvr.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '60' files ).


Starting the file scan:

Begin scan in 'C:\' <Win_XP>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{04182EBB-DE55-420C-855B-60F9427D8A51}\RP736\A0066245.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{04182EBB-DE55-420C-855B-60F9427D8A51}\RP736\A0068201.cpl
[DETECTION] Is the TR/Renos.ndb.1 Trojan
[NOTE] The file was moved to '48c4c5e1.qua'!
C:\System Volume Information\_restore{04182EBB-DE55-420C-855B-60F9427D8A51}\RP736\A0068205.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{04182EBB-DE55-420C-855B-60F9427D8A51}\RP738\A0068270.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drvfom.dll
[DETECTION] Is the TR/Crypt.PEC2X.Gen Trojan
[NOTE] The file was moved to '490ac92f.qua'!
Begin scan in 'D:\' <Data>


End of the scan: 02 August 2008 22:04
Used time: 1:18:59 Hour(s)

The scan has been done completely.

8402 Scanning directories
227618 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
5 Files cannot be scanned
227611 Files not concerned
1942 Archives were scanned
6 Warnings
2 Notes