hallo,
seit gestern öffmet sich beim öfnen des IE ein fenster :
system error your computer was infected by unknown trojan ...

ich hab hier im forum schon davon gelesen allerdings nur bei Win XP, habe aller dings windows vista (home premium)...
könnt ihr mir helfen? das fenster nervt nämlich total

hallo

wende bitte Combofix an + poste hier den report
combofix

also hier mein ergebnis , ich hoffe ich hab alles richtig gemacht...

ComboFix 08-03-17.1 - Toni 2008-03-18 16:05:40.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.851 [GMT 1:00]
ausgeführt von:: C:\Users\Toni\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((( Dateien erstellt von 2008-02-18 bis 2008-03-18 ))))))))))))))))))))))))))))))
.

2008-03-18 11:23 . 2008-03-18 11:23 <DIR> d-------- C:\Users\All Users\Downloaded Installations
2008-03-18 11:23 . 2008-03-18 11:23 <DIR> d-------- C:\ProgramData\Downloaded Installations
2008-03-17 23:43 . 2008-03-17 23:43 <DIR> d-------- C:\kav
2008-03-17 22:50 . 2008-03-17 22:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-17 21:38 . 2008-03-17 21:38 219,648 --a------ C:\Windows\wmpdxm.dll
2008-03-17 21:38 . 2008-03-17 21:38 51 --a------ C:\xmp.bat
2008-03-17 19:37 . 2008-03-17 19:37 <DIR> d-------- C:\Users\Toni\AppData\Roaming\Ashampoo Photo Commander 5
2008-03-17 19:32 . 2008-03-17 19:32 <DIR> d-------- C:\Users\All Users\ashampoo
2008-03-17 19:32 . 2008-03-17 19:32 <DIR> d-------- C:\ProgramData\ashampoo
2008-03-17 19:30 . 2008-03-17 19:30 <DIR> d-------- C:\Program Files\TagRunner
2008-03-15 20:32 . 2008-03-15 20:32 59 --a------ C:\Windows\wininit.ini
2008-03-15 20:21 . 2008-03-15 20:21 <DIR> d-------- C:\Windows\System32\Samsung PC Studio Codecs
2008-03-15 19:02 . 2008-03-16 13:45 <DIR> d-------- C:\Program Files\Samsung
2008-03-14 19:25 . 2008-03-14 19:25 <DIR> d-------- C:\Users\Toni\AppData\Roaming\S.A.D
2008-03-13 17:04 . 2008-03-13 17:04 11 --a------ C:\trace.ini
2008-03-13 17:02 . 2008-03-13 17:02 <DIR> d-------- C:\Program Files\Auralog
2008-03-13 16:57 . 2008-03-13 16:57 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-13 16:57 . 2008-03-13 16:57 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-12 17:28 . 2008-03-12 17:29 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-12 14:12 . 2008-03-17 19:32 <DIR> d-------- C:\Program Files\Ashampoo
2008-03-07 20:25 . 2008-03-15 18:37 <DIR> d-------- C:\DVDVideoSoft
2008-03-07 20:24 . 2008-03-07 20:24 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-03-07 20:24 . 2008-03-07 20:24 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-03-07 20:24 . 2002-01-05 14:37 344,064 --a------ C:\Windows\System32\msvcr70.dll
2008-03-07 17:54 . 2008-03-07 17:55 <DIR> d-------- C:\Users\Toni\AppData\Roaming\Skype
2008-03-07 17:40 . 2008-03-07 17:40 <DIR> d-------- C:\Users\Toni\AppData\Roaming\AlcaTech
2008-03-07 17:26 . 2008-03-07 17:26 <DIR> d-------- C:\Users\All Users\AlcaTech
2008-03-07 17:26 . 2008-03-07 17:26 <DIR> d-------- C:\ProgramData\AlcaTech
2008-03-07 16:49 . 2008-03-07 16:49 <DIR> d-------- C:\Users\Toni\AppData\Roaming\TVU networks
2008-03-07 16:49 . 2008-03-07 16:49 <DIR> d-------- C:\Users\All Users\TVU networks
2008-03-07 16:49 . 2008-03-07 16:49 <DIR> d-------- C:\ProgramData\TVU networks
2008-03-07 15:44 . 2008-03-07 15:44 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-03-07 15:44 . 2008-03-07 15:44 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-03-07 15:40 . 2008-03-07 15:40 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-03-07 15:40 . 2008-03-07 15:40 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-03-07 15:40 . 2008-03-07 15:40 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-03-07 15:40 . 2008-03-07 15:40 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-03-07 15:40 . 2008-03-07 15:40 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-03-07 15:39 . 2008-03-07 15:39 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-03-07 15:39 . 2008-03-07 15:39 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-03-07 15:39 . 2008-03-07 15:39 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-03-07 15:39 . 2008-03-07 15:39 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-03-07 15:39 . 2008-03-07 15:39 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-03-07 15:39 . 2008-03-07 15:39 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-03-07 15:39 . 2008-03-07 15:39 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-03-07 15:39 . 2008-03-07 15:39 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-03-07 15:38 . 2008-03-07 15:38 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-03-07 15:38 . 2008-03-07 15:38 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2008-03-07 15:38 . 2008-03-07 15:38 192,000 --a------ C:\Windows\System32\drivers\usbhub.sys
2008-03-07 15:38 . 2008-03-07 15:38 73,216 --a------ C:\Windows\System32\drivers\usbccgp.sys
2008-03-07 15:38 . 2008-03-07 15:38 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys
2008-03-07 15:38 . 2008-03-07 15:38 19,456 --a------ C:\Windows\System32\drivers\usbohci.sys
2008-03-07 15:38 . 2008-03-07 15:38 8,704 --a------ C:\Windows\System32\hcrstco.dll
2008-03-07 15:38 . 2008-03-07 15:38 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-03-07 15:38 . 2008-03-07 15:38 5,888 --a------ C:\Windows\System32\drivers\usbd.sys
2008-03-07 15:38 . 2008-03-07 15:38 2,048 --a------ C:\Windows\System32\msxml3r.dll
2008-03-07 15:34 . 2008-03-07 15:34 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-03-07 15:34 . 2008-03-07 15:34 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-03-07 15:34 . 2008-03-07 15:34 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-03-07 15:34 . 2008-03-07 15:34 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-03-07 15:34 . 2008-03-07 15:34 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-03-07 15:34 . 2008-03-07 15:34 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-03-07 15:34 . 2008-03-07 15:34 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-03-07 15:34 . 2008-03-07 15:34 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-03-07 15:32 . 2008-03-07 15:32 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-03-06 21:13 . 2008-03-06 21:15 <DIR> d-------- C:\Program Files\Java
2008-03-06 21:11 . 2008-03-06 21:11 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-06 19:25 . 2008-03-06 19:25 <DIR> d-------- C:\Users\Toni\AppData\Roaming\Printer Info Cache
2008-03-06 19:25 . 2008-03-17 17:32 <DIR> d-------- C:\Users\Toni\AppData\Roaming\Image Zone Express
2008-03-06 18:18 . 2008-03-06 18:18 <DIR> d-------- C:\Program Files\AB-Tools.com
2008-03-06 18:05 . 2008-03-06 18:05 <DIR> d-------- C:\Users\Toni\AppData\Roaming\InstallShield
2008-03-06 16:49 . 2008-01-12 18:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-03-06 16:49 . 2008-01-15 09:54 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-03-06 16:49 . 2008-01-15 05:28 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-03-06 15:16 . 2008-03-06 15:16 <DIR> d-------- C:\Users\All Users\WEBREG
2008-03-06 15:16 . 2008-03-06 15:16 <DIR> d-------- C:\ProgramData\WEBREG
2008-03-06 15:14 . 2008-03-06 19:24 <DIR> d-------- C:\Users\Toni\AppData\Roaming\HP
2008-03-06 15:09 . 2008-03-06 15:09 <DIR> d-------- C:\Users\All Users\HPSSUPPLY
2008-03-06 15:09 . 2008-03-06 15:09 <DIR> d-------- C:\ProgramData\HPSSUPPLY
2008-03-06 15:05 . 2008-03-06 15:05 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-03-06 15:05 . 2008-03-06 15:08 <DIR> d-------- C:\Program Files\Common Files\HP
2008-03-06 15:05 . 2008-03-06 15:05 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-06 15:02 . 2006-12-16 08:19 303,104 --a------ C:\Windows\System32\hpovst01.dll
2008-03-06 15:01 . 2008-03-06 15:09 <DIR> d-------- C:\Program Files\HP
2008-03-06 15:01 . 2006-11-20 23:36 258,048 --a------ C:\Windows\System32\hpzids01.dll
2008-03-06 14:57 . 2008-03-06 15:14 <DIR> d-------- C:\Users\All Users\HP
2008-03-06 14:57 . 2008-03-06 15:14 <DIR> d-------- C:\ProgramData\HP
2008-03-06 14:57 . 2008-03-06 15:16 164,347 --a------ C:\Windows\hpoins19.dat
2008-03-06 14:40 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-03-06 14:38 . 2008-03-06 14:38 <DIR> d-------- C:\Program Files\Microsoft Works
2008-03-06 14:36 . 2008-03-06 14:36 <DIR> d-------- C:\Windows\PCHEALTH
2008-03-06 14:36 . 2008-03-06 14:36 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-06 14:33 . 2008-03-06 14:33 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-06 14:32 . 2008-03-06 14:40 <DIR> d-------- C:\Users\All Users\Microsoft Help
2008-03-06 14:32 . 2008-03-06 14:40 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-03-06 14:32 . 2008-03-06 14:32 <DIR> dr-h----- C:\MSOCache
2008-03-06 13:12 . 2008-03-06 13:12 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-06 13:11 . 2008-03-06 13:11 2,048 --a------ C:\Windows\System32\tzres.dll
2008-03-05 21:19 . 2007-07-12 02:49 186,256 --a------ C:\Windows\System32\SymNPPWA.dll
2008-03-05 21:01 . 2008-03-05 21:01 750,080 --a------ C:\Windows\System32\qmgr.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 10:24 --------- d-----w C:\Program Files\Symantec
2008-03-17 20:38 --------- d-----w C:\ProgramData\Symantec
2008-03-15 19:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 16:05 --------- d-----w C:\Program Files\Windows Mail
2008-03-07 21:29 --------- d-----w C:\Program Files\Google
2008-03-07 18:33 --------- d-----w C:\Program Files\Norton 360
2008-03-07 18:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-07 14:58 174 --sha-w C:\Program Files\desktop.ini
2008-03-07 14:54 --------- d-----w C:\Program Files\Windows Calendar
2008-03-07 14:53 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-07 14:42 943,800 ----a-w C:\Windows\System32\winload.exe
2008-03-07 14:37 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-07 14:37 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-07 14:37 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-07 14:37 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-07 14:37 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-07 14:37 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-07 14:37 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-07 14:37 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-07 14:37 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-06 13:37 --------- d-----w C:\Program Files\MSBuild
2008-03-06 12:39 --------- d-----w C:\ProgramData\Sonic
2008-03-06 12:08 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-03-06 12:08 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-03-06 12:08 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-03-06 12:08 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-03-06 12:04 --------- d-----w C:\ProgramData\CyberLink
2008-03-05 20:18 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-03-05 20:18 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-03-05 20:18 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-03-05 18:27 --------- d-sh--w C:\ProgramData\Vorlagen
2008-03-05 18:27 --------- d-sh--w C:\ProgramData\Startmenü
2008-03-05 18:27 --------- d-sh--w C:\ProgramData\Favoriten
2008-03-05 18:27 --------- d-sh--w C:\ProgramData\Dokumente
2008-03-05 18:27 --------- d-sh--w C:\ProgramData\Anwendungsdaten
2008-03-05 18:27 --------- d-sh--w C:\Program Files\Gemeinsame Dateien
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5A7151F-58D0-4AC8-9329-BEDD59625679}]
2008-03-17 21:38 219648 --a------ C:\Windows\wmpdxm.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-07 15:34 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 14:32 1120568]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 03:40 218032]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-07 22:29 171448]
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" [2006-11-02 10:45 49664]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-11 04:18 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 16:10 4468736 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-07 17:51 1826816 C:\Windows\SkyTel.exe]
"SiSTray"="C:\Program Files\SiS VGA Utilities\SiSTray.exe" [2007-06-14 18:02 548864]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 10:40 232184]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-10 19:04 227328]
"MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 22:36 102400]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 02:18 366400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 17:20 28672]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Realtime Audio Engine"="mmrtkrnl.exe" [2007-07-18 15:52 70144 C:\Windows\System32\mmrtkrnl.exe]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NortonAntiBot"="C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe" [2007-11-12 22:59 1378840]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
Sitecom Wireless Utility.lnk - C:\Program Files\Sitecom\Wireless Network USB Adapter 54G WL-113_002\Installer\WLANUTL.EXE [2008-03-05 20:00:38 909312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8BB424CD-E908-4F57-9F39-207138FE02C3}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"{DABAC66D-B6F1-46FD-9275-C200C59B9B59}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{0FEC750B-90E4-4B83-8694-3A1DB388C448}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{B2E4B56E-998E-4AFB-ABEE-92FD15693890}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7A61610C-C0A8-4597-ACEA-8D2965BDB807}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{637749EB-EA37-40A8-9C99-6EF1C7D977EE}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{68B82A49-70DF-4369-898F-8F13673C1BC4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{27B9E34A-4988-4861-BB2C-1A6CABFD9623}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-14 02:39]
R3 SiS6350;SiS6350;C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-06-14 18:03]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 22:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST
*Newly Created Service* - SYMANTECANTIBOTDRIVER
*Newly Created Service* - SYMANTECANTIBOTFILTER
*Newly Created Service* - SYMANTECANTIBOTSHIM
.
Inhalt des "geplante Tasks" Ordners
"2008-03-18 15:00:00 C:\Windows\Tasks\Erweiterte Garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 16:08:13
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-03-18 16:09:19
.
2008-03-14 17:42:28 --- E O F ---

««
klicke mit rechts auf die C:\Windows\wininit.ini - mit Texteditor öffnen - poste, was da steht

««

OTMoveIt by OldTimer
öffne: OTMoveIt.exe

Kopiere rein: im linken Fenster ,wo steht: Paste Standart List of Files/Folders to be Move

Zitat:

C:\Windows\wininit.ini
C:\Windows\wmpdxm.dll
C:\xmp.bat

Klicke auf den Roten MoveIt!

----------------------------------------------

dann poste das log vom HijackThis, damit wir fixen können:
Hijackthis - deutsche Anleitung

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5A7151F-58D0-4AC8-9329-BEDD59625679}]
2008-03-17 21:38 219648 --a------ C:\Windows\wmpdxm.dll

das steht bei C:\Windows\wininit.ini:

[rename]
NUL=C:\Windows\system32\SAMSUN~1\3\SSCDUN~1.EXE

...

das steht in dem programm wo ich das reinposten sollte:

File/Folder [rename] not found.
File/Folder NUL=C:\Windows\system32\SAMSUN~1\3\SSCDUN~1.EXE not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03182008_162629

hier der log vom hijack this:

Logfile of Trend Micro HijackThis v2.0.2

[edit]
bitte editiere zukünftig deine links, wie es dir u.a. hier angezeigt wird:
http://www.trojaner-board.de/22771-a...tml#post171958

danke
GUA
[/edit]