PSW.x-Vir

Hallo!

Seit 2 Tagen erscheint auf dem PC meines Freundes immer ein Fenster, in dem folgender Text steht:
"Your computer is infected with last version of PSW.x-Vir trojan. PSW trojans steal your private information such as: passwords, IP-adress, credit card information, registration details, documents, etc."
Zudem öffnen sich ständig irgendwelche seltsamen Internetseiten und auch der Bildschirmschoner war plötzlich anders. Ich habe mal sein Hijackthis- Logfile eingestellt, vielleicht weiß ja jemand von euch Rat.

Vielen Dank!

Logfile of HijackThis v1.99.1
Scan saved at 19:22:36, on 27.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Video ActiveX Access\iesmn.exe
C:\Programme\ewido anti-spyware 4.0\guard.exe
C:\Programme\Video ActiveX Access\imsmain.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Video ActiveX Access\imsmn.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\dvd43\dvd43_tray.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\TRIXX\TRIXX.exe
C:\Programme\Video ActiveX Access\iesmin.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\BearShare\BearShare.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Filzip\Filzip.exe
C:\DOKUME~1\Julia\LOKALE~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Programme\Video ActiveX Access\iesplg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500 (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P34 "EPSON Stylus Photo RX500 (Kopie 1)" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O5 "LPT1:" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [zango] "c:\programme\zango\zango.exe"
O4 - HKLM\..\Run: [dvd43] C:\Programme\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [TRIXX] "C:\Programme\TRIXX\TRIXX.exe" -s
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST-Infobereich.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146389022072
O17 - HKLM\System\CCS\Services\Tcpip\..\{065FFCCA-E94E-4A8B-8C81-CF2C1AD2F541}: NameServer = 213.191.92.86 213.191.74.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{065FFCCA-E94E-4A8B-8C81-CF2C1AD2F541}: NameServer = 213.191.92.86 213.191.74.18
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe