avira funde =( HTML/Infected.WebPage.Gen2 und weitere =(

ComboFix 10-08-18.03 - ******* 19.08.2010  17:15:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3036.2217 [GMT 2:00]
ausgeführt von:: c:\users\*******\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-07-19 bis 2010-08-19  ))))))))))))))))))))))))))))))
.

2010-08-19 15:25 . 2010-08-19 15:32	--------	d-----w-	c:\users\*******\AppData\Local\temp
2010-08-19 15:25 . 2010-08-19 15:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-18 21:21 . 2010-08-18 21:21	--------	d-----w-	C:\_OTL
2010-08-17 20:14 . 2010-08-17 20:14	--------	d-----w-	c:\program files\trend micro
2010-08-17 20:14 . 2010-08-17 20:14	--------	d-----w-	C:\rsit
2010-08-17 19:58 . 2010-08-17 19:58	--------	d-----w-	c:\users\*******\AppData\Roaming\Malwarebytes
2010-08-17 19:58 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-17 19:58 . 2010-08-17 19:58	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-17 19:58 . 2010-08-17 19:58	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-17 19:58 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-12 14:31 . 2010-06-11 15:31	274432	----a-w-	c:\windows\system32\schannel.dll
2010-08-12 14:31 . 2010-06-08 16:47	3600784	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-12 14:31 . 2010-06-08 16:47	3548552	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-12 14:31 . 2010-06-18 16:43	36352	----a-w-	c:\windows\system32\rtutils.dll
2010-08-12 14:31 . 2010-06-21 13:25	2036736	----a-w-	c:\windows\system32\win32k.sys
2010-08-12 14:31 . 2010-06-11 15:30	1257472	----a-w-	c:\windows\system32\msxml3.dll
2010-08-12 14:31 . 2010-06-18 14:43	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-12 14:31 . 2010-06-18 14:43	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-08-12 14:31 . 2010-06-16 15:59	898952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-08-12 13:32 . 2010-08-12 13:32	--------	d-----w-	c:\program files\Common Files\Java
2010-08-11 11:49 . 2010-08-11 11:49	--------	d-----w-	c:\users\*******\DoctorWeb

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 15:32 . 2010-07-11 12:05	31776	----a-w-	c:\programdata\nvModes.dat
2010-08-19 15:25 . 2009-10-02 12:32	12	----a-w-	c:\windows\bthservsdp.dat
2010-08-19 15:20 . 2008-01-21 07:15	628742	----a-w-	c:\windows\system32\perfh007.dat
2010-08-19 15:20 . 2008-01-21 07:15	126454	----a-w-	c:\windows\system32\perfc007.dat
2010-08-19 14:56 . 2009-10-07 21:24	--------	d-----w-	c:\users\*******\AppData\Roaming\ICQ
2010-08-18 21:10 . 2010-01-13 14:34	1369	--sha-w-	c:\windows\system32\mmf.sys
2010-08-17 22:44 . 2010-06-17 16:18	--------	d-----w-	c:\program files\ICQ7.2
2010-08-17 19:43 . 2009-11-06 09:07	--------	d-----w-	c:\program files\CCleaner
2010-08-16 17:44 . 2009-10-27 20:51	--------	d-----w-	c:\users\*******\AppData\Roaming\Skype
2010-08-16 17:09 . 2009-10-27 20:52	--------	d-----w-	c:\users\*******\AppData\Roaming\skypePM
2010-08-12 17:45 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-12 13:32 . 2010-04-26 03:39	--------	d-----w-	c:\program files\Java
2010-08-05 16:55 . 2010-02-09 19:33	--------	d-----w-	c:\users\*******\AppData\Roaming\vlc
2010-07-20 09:56 . 2010-07-20 09:56	--------	d-----w-	c:\program files\Common Files\Skype
2010-07-18 22:30 . 2009-11-06 09:52	--------	d-----w-	c:\users\*******\AppData\Roaming\dvdcss
2010-07-17 03:00 . 2010-04-26 03:39	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-07-16 15:28 . 2010-04-30 00:29	--------	d-----w-	c:\program files\CDBurnerXP
2010-07-11 22:03 . 2009-07-29 14:23	--------	d-----w-	c:\programdata\NVIDIA
2010-07-11 12:25 . 2009-05-22 00:29	--------	d-----w-	c:\program files\Acer
2010-07-11 12:25 . 2009-05-21 23:17	--------	d-----w-	c:\program files\Intel
2010-07-11 12:22 . 2009-05-21 23:21	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-11 12:21 . 2009-05-22 00:25	--------	d-----w-	c:\program files\eSobi
2010-07-11 12:21 . 2009-05-22 00:16	--------	d-----w-	c:\program files\NewTech Infosystems
2010-07-11 12:18 . 2009-07-29 14:42	--------	d-----w-	c:\programdata\CyberLink
2010-07-11 12:17 . 2009-07-29 14:42	36864	----a-w-	c:\programdata\Temp\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe
2010-07-11 12:14 . 2009-05-21 23:53	--------	d-----w-	c:\program files\Windows Live
2010-07-11 12:13 . 2009-09-29 13:48	69448	----a-w-	c:\users\*******\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-11 12:13 . 2009-05-21 23:43	--------	d-----w-	c:\program files\Microsoft Works
2010-07-02 16:18 . 2010-07-01 22:15	--------	d-----w-	c:\program files\Medieval II Total War
2010-06-30 20:04 . 2010-06-30 20:04	--------	d-----w-	c:\program files\SpeedRename
2010-06-28 16:17 . 2010-08-12 14:32	833024	----a-w-	c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-12 14:32	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-06-24 23:08 . 2010-06-24 23:08	--------	d-----w-	c:\program files\iCam
2010-06-24 23:08 . 2009-05-22 00:30	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-06-24 23:05 . 2010-06-24 23:05	--------	d-----w-	c:\users\*******\AppData\Roaming\Vimisoft Studio
2010-06-24 23:05 . 2010-06-24 23:04	--------	d-----w-	c:\program files\VimiMagic
2010-06-24 23:05 . 2010-06-24 23:04	--------	d-----w-	c:\program files\Common Files\Vimisoft Studio
2010-06-24 23:04 . 2010-06-24 23:04	--------	d-----w-	c:\program files\Vimicro Corporation
2010-06-22 23:05 . 2010-06-22 23:05	--------	d-----w-	c:\program files\Microsoft.NET
2010-06-22 22:06 . 2010-06-22 22:06	--------	d-----w-	c:\users\*******\AppData\Roaming\XnView
2010-05-27 19:16 . 2010-08-12 14:32	81920	----a-w-	c:\windows\system32\iccvid.dll
2010-05-27 17:55 . 2010-05-27 17:55	59904	----a-w-	c:\windows\system32\ZLIB1.DLL
2010-05-26 16:16 . 2010-06-10 11:58	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-10 11:58	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-25 13:00 . 2010-05-11 14:55	680	----a-w-	c:\users\*******\AppData\Local\d3d9caps.dat
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-03-26 18:38	39208	----a-w-	c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-12-02 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-03-26 345384]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-22 7420448]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-03-05 805384]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-04-15 440864]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-03-25 3560448]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-07-29 200704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-22 1833504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"IMMON"="c:\program files\VimiMagic\Vicamon.exe" [2008-12-25 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-23 13793824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-09-16 13:11	568072	----a-w-	c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ff,51,cf,b6,4a,7c,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-20 29472]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-04-07 691696]
S0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-07-10 42608]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-11-11 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-11-11 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-11-11 59952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-04-15 703008]
S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-03-25 3444224]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-03-26 305448]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-04-07 50176]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-23 4232704]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-07-02 64032]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gmx.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5739g
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\vppl9zsr.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://gmx.de/
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-MusicBrainz Picard - g:\musicbrainz picard\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-19 17:32
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

 [0] 0x40000000

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3520)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Acer Bio Protection\CompPtcVUI.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-19  17:38:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-19 15:38

Vor Suchlauf: 12 Verzeichnis(se), 16.581.038.080 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 16.311.549.952 Bytes frei

- - End Of File - - CC5FFFD4EA2D8CD84F5A05F6EA85AE51