Wurm und/oder Trojaner

restart

Habe mir etwas hartnäckiges eingefangen. Habe auch schon einiges in diesem Forum gelesen, komme aber nicht wirklich weiter.
Habe schom GMER benutzt und 2 gefundene Files umbenannt.
Das waren hldrrr.exe und wintems.exe.
Nach Neustart sind die jetzt auch nicht mehr vorhanden.
Leider lässt sich nach wie vor kein Antivirenprogramm installieren.
Meistens bemängelt er während der Installation, dass meine Schreibrechte nicht ausreichen, obwohl ich als Administrator eingeloggt bin. Er verweigert das Schreiben bei Installation der .exe Dateien
Kann mir jemand einen Tip geben, was ich noch machen kann, damit ich endlich einen Virenscanner einsetzen kann?


Logfile of HijackThis v1.99.1
Scan saved at 09:47:27, on 20.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\C\WINDOWS\System32\smss.exe
D:\C\WINDOWS\system32\csrss.exe
D:\C\WINDOWS\system32\winlogon.exe
D:\C\WINDOWS\system32\services.exe
D:\C\WINDOWS\system32\lsass.exe
D:\C\WINDOWS\system32\svchost.exe
D:\C\WINDOWS\system32\svchost.exe
D:\C\WINDOWS\System32\svchost.exe
D:\C\WINDOWS\System32\svchost.exe
D:\C\WINDOWS\System32\svchost.exe
D:\C\WINDOWS\system32\spoolsv.exe
D:\C\WINDOWS\system32\netdde.exe
D:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
D:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe
D:\Programme\Executive Software\Diskeeper\DkService.exe
D:\C\WINDOWS\system32\gearsec.exe
D:\Programme\Borland\INTRBASE\bin\ibguard.exe
D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
D:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
D:\Programme\OO Software\CleverCache\OOCCSVC.exe
D:\Programme\CyberLink\Shared files\RichVideo.exe
D:\C\WINDOWS\System32\locator.exe
D:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\C\WINDOWS\System32\svchost.exe
D:\C\WINDOWS\system32\wdfmgr.exe
D:\Programme\Raxco\PerfectDisk\PDSched.exe
D:\Programme\Borland\INTRBASE\bin\ibserver.exe
D:\C\WINDOWS\System32\wbem\wmiapsrv.exe
D:\C\WINDOWS\System32\wbem\wmiprvse.exe
D:\C\WINDOWS\System32\wbem\wmiprvse.exe
D:\C\WINDOWS\Explorer.EXE
D:\C\WINDOWS\winbl0wz.exe
D:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Programme\WinPortrait\wpctrl.exe
D:\Programme\T-DSL SpeedManager\SpeedMgr.exe
D:\Programme\Unlocker\UnlockerAssistant.exe
D:\Programme\Logitech\MouseWare\system\em_exec.exe
D:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Programme\SPYWAREfighter\spftray.exe
D:\C\WINDOWS\winbl0wz.exe
D:\Programme\WinPortrait\floater.exe
D:\C\WINDOWS\system32\ctfmon.exe
D:\Programme\AlfaClock\AlfaClock.exe
D:\C\WINDOWS\system32\devldr32.exe
D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
D:\Programme\SPYWAREfighter\spfprc.exe
D:\PROGRA~1\klickTel\Inverssuche Winter 2006\KMON.EXE
D:\Programme\T-DSL SpeedManager\TSMSvc.exe
D:\Programme\Belkin\Bluetooth Software\BTTray.exe
D:\Programme\PC Connectivity Solution\ServiceLayer.exe
D:\Programme\PC Connectivity Solution\NclBTHandler.exe
D:\C\WINDOWS\system32\msiexec.exe
F:\Downloads\Antiviren - Trojaner\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freenet.de/freenet/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freenet.de/freenet/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - D:\Programme\TVgenial\IEButtonTVGenialEBayInterface.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: XBTP07646 - {9A5152BA-6D72-4293-BB53-CBE60BCD8593} - D:\PROGRA~1\pics-factory Toolbar\pics-factory.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: pics-factory Toolbar - {81CFC095-AC7A-4B6C-9EBF-9B353A7A7EE2} - D:\Programme\pics-factory Toolbar\pics-factory.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] "D:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PivotSoftware] "D:\Programme\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "D:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [UnlockerAssistant] D:\Programme\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] D:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\C\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Update] D:\C\WINDOWS\winbl0wz.exe
O4 - HKLM\..\Run: [spywarefighterguard] D:\Programme\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\C\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlfaClock Classic] "D:\Programme\AlfaClock\AlfaClock.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [InversMonitor] D:\PROGRA~1\klickTel\Inverssuche Winter 2006\KMON.EXE /MONITOR
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: desktop(2).ini
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: desktop(2).ini
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://D:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://D:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://D:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://D:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Senden an &Bluetooth - D:\Programme\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Sothink SWF Catcher - D:\Programme\Gemeinsame Dateien\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: YOKËÑË÷ - D:\Programme\YOK.com\SuperSearch\yoksch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra button: Kidda Toolbar - {5124376D-C964-4817-B40E-CBD36195116E} - (no file)
O9 - Extra 'Tools' menuitem: Kidda Toolbar - {5124376D-C964-4817-B40E-CBD36195116E} - (no file)
O9 - Extra button: pics-factory Toolbar - {81CFC095-AC7A-4B6C-9EBF-9B353A7A7EE2} - D:\Programme\pics-factory Toolbar\pics-factory.dll (file missing)
O9 - Extra 'Tools' menuitem: pics-factory Toolbar - {81CFC095-AC7A-4B6C-9EBF-9B353A7A7EE2} - D:\Programme\pics-factory Toolbar\pics-factory.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Programme\AIM95\aim.exe
O9 - Extra button: concept/design's onlineTV - {AE786325-317C-4E91-9560-AA654AB50AE3} - D:\Programme\onlineTV\onlineTV.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Programme\Gemeinsame Dateien\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Programme\Gemeinsame Dateien\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: www.okidoki-langenfeld.de
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37570.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D5A5F09-EF40-4EAE-8668-EC860C84A821}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: ATI Smart - Unknown owner - D:\C\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Commander Service - Seagull Scientific, Inc - D:\Programme\Seagull\BarTender 7.10\Trial\CmdrSrv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Programme\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - (no file)
O23 - Service: gearsec - GEAR Software - D:\C\WINDOWS\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - D:\Programme\Borland\INTRBASE\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - D:\Programme\Borland\INTRBASE\bin\ibserver.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Programme\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Unknown owner - D:\Programme\Power Translator\LogoMedia TranslateDotNet Server.exe (file missing)
O23 - Service: License Management Service ESD - element5 - D:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - D:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: O&O CleverCache Pro (OOCleverCache) - O&O Software GmbH - D:\Programme\OO Software\CleverCache\OOCCSVC.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Programme\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - D:\Programme\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Programme\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - D:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - D:\Programme\SPYWAREfighter\spfprc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - D:\Programme\T-DSL SpeedManager\TSMSvc.exe