Trojaner-Board - system alert, windows security alert und fremde antiviren programme

so, hier ist der logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:19, on 25.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\CASIO\Photo Loader\Plauto.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\ISW\alice\signup\AliceCnn.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = h**p://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**ps://login.live.com/ppsecure/sha1auth.srf?lc=1031
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: gktxaspm - {6E90A503-DDFD-4CC5-9628-0391A05E7212} - C:\WINDOWS\gktxaspm.dll
O3 - Toolbar: gktxaspm - {0983040A-984F-4BEF-BEBE-D3D3342D3954} - C:\WINDOWS\gktxaspm.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NI.UWA6PU_0001_N91M2107] "C:\Dokumente und Einstellungen\***\Desktop\WinAntiVirusPro2006FreeInstall_de.exe" -nag
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ecf9f935] rundll32.exe "C:\WINDOWS\system32\gqobgbji.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Loader resident.lnk = C:\Programme\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - h**p://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - h**p://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140103463606
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**ps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{781DED60-0950-4709-965B-40ACCBAAF220}: NameServer = 213.191.92.87 62.109.123.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O21 - SSODL: gnowmebk - {DBD66189-156E-488C-88AB-093E3B0ACADD} - (no file)
O21 - SSODL: pxgdslro - {9FA62446-974D-4359-B22C-58AFDC7CDCA8} - (no file)
O21 - SSODL: vregfwlx - {E8947B6A-442F-46E2-A478-E6698E166E6A} - C:\WINDOWS\vregfwlx.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

--
End of file - 7638 bytes

ich werde auf jeden fall in den sommerferien den computer neu aufsetzen, aber das ist leider erst im august. danke schon mal für die hilfe. ihr seid nur geil*

so bin wieder da und hier nun das combofix resultat.
seit ich combofix benutzt habe ist übrigens meine taskleiste wieder da;)
nur das ständig ein kästchen aufgeht, in dem steht: fehler beim laden von internet explorer
SETUPAPI.dll das angegebene modul konnte nicht gefunden werden. das geht etwa alle 30 sec auf:(
hier erstmal der combocheck

ComboFix 08-07-03.3 - *** 2008-07-04 11:18:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.627 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\***\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programme\Internet Explorer\setupapi.dll
C:\WINDOWS\edma.exe
C:\WINDOWS\edwf.exe
C:\WINDOWS\epse.exe
C:\WINDOWS\system32\aolspixw.ini
C:\WINDOWS\system32\efhwcrmg.ini
C:\WINDOWS\system32\fhuuoief.ini
C:\WINDOWS\system32\hwnlatoh.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\njtenmbu.ini
C:\WINDOWS\system32\opnnoopO.dll
C:\WINDOWS\system32\Opoonnpo.ini
C:\WINDOWS\system32\Opoonnpo.ini2
C:\WINDOWS\system32\psgcnfkv.ini
C:\WINDOWS\system32\qjsufmdx.ini
C:\WINDOWS\system32\rbadrapu.ini
C:\WINDOWS\system32\rqRKBusT.dll
C:\WINDOWS\system32\upardabr.dll
C:\WINDOWS\system32\vltpenha.ini
C:\WINDOWS\system32\ykfmbtjg.ini
E:\Autorun.inf

.
((((((((((((((((((((((( Dateien erstellt von 2008-06-04 bis 2008-07-04 ))))))))))))))))))))))))))))))
.

2008-07-02 20:45 . 2008-07-02 20:45 91,520 --a------ C:\WINDOWS\system32\ubmnetjn.dll
2008-07-02 20:12 . 2008-07-02 20:12 11,776 --a------ C:\WINDOWS\system32\78.dat
2008-07-02 20:12 . 2008-07-02 20:12 6,656 --a------ C:\WINDOWS\system32\762.dat
2008-07-02 20:12 . 2008-07-02 20:12 139 --a------ C:\WINDOWS\system32\4.dat
2008-07-02 19:22 . 2008-07-02 19:22 91,520 --a------ C:\WINDOWS\system32\gmrcwhfe.dll
2008-07-01 09:23 . 2008-07-02 08:19 714 ---hs---- C:\WINDOWS\system32\xuaexmdy.ini
2008-06-30 08:53 . 2008-07-01 09:22 474 ---hs---- C:\WINDOWS\system32\lwbiblvd.ini
2008-06-29 05:25 . 2008-06-29 05:25 294 ---hs---- C:\WINDOWS\system32\lungiscf.ini
2008-06-29 05:24 . 2008-06-29 05:24 93,056 --a------ C:\WINDOWS\system32\fcsignul.dll
2008-06-27 21:51 . 2008-06-27 21:51 91,520 --a------ C:\WINDOWS\system32\xdmfusjq.dll
2008-06-22 00:29 . 2008-06-22 00:29 294 ---hs---- C:\WINDOWS\system32\lrqwofck.ini
2008-06-22 00:28 . 2008-06-22 00:28 93,056 --a------ C:\WINDOWS\system32\kcfowqrl.dll
2008-06-15 19:52 . 2008-06-15 19:52 93,056 --a------ C:\WINDOWS\system32\gjtbmfky.dll
2008-06-05 16:27 . 2008-06-05 16:27 95,232 --a------ C:\WINDOWS\system32\hotalnwh.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 07:51 --------- d-----w C:\Programme\Microsoft ActiveSync
2008-05-23 02:25 81,920 ----a-w C:\WINDOWS\mdtgkswr.exe
2004-03-11 11:27 40,960 ----a-w C:\Programme\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-05-29_17.31.12.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-26 11:49:00 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:14:12 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:14:17 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:14:11 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:14:35 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:15:25 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2004-08-04 12:00:00 294,400 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\msctf.dll
+ 2007-03-06 01:14:17 217,312 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe
+ 2007-03-06 01:15:25 377,568 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\updspapi.dll
- 2006-05-26 11:04:52 64,088 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-06-05 07:50:33 66,936 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2006-05-26 11:04:49 223,800 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-06-05 07:50:28 226,656 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
- 2008-05-29 15:23:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-04 09:25:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2003-07-14 20:57:34 38,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-14 20:53:06 94,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-14 20:56:54 14,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-14 20:57:14 98,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-14 20:41:44 13,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2003-07-14 20:40:12 179,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-06-18 15:31:10 252,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-07-14 20:51:44 87,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-07-14 20:52:52 17,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-07-14 20:57:16 120,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-14 20:52:52 27,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-14 20:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2003-07-11 00:15:48 1,292,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2003-07-15 01:18:52 376,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-14 20:52:54 28,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-14 20:52:52 35,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-14 20:53:20 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-14 20:46:16 42,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-14 20:45:12 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-14 20:45:12 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-06-18 15:31:50 16,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-06-19 14:05:50 364,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-14 20:52:58 41,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-07-14 21:00:54 145,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-14 20:57:10 56,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-14 20:56:52 13,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2006-05-26 11:04:49 223,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-15 01:14:26 242,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-14 21:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-14 20:44:34 102,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-07-14 20:43:16 49,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2003-07-15 01:18:44 93,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-05-08 19:54:00 77,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-14 20:57:08 40,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-07-21 09:46:38 390,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-14 20:44:16 66,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-14 20:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-14 20:53:14 11,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2006-05-26 11:04:52 64,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2005-05-03 22:06:28 465,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2005-05-03 22:06:32 1,411,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2005-05-03 22:06:26 199,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\7040211900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
- 2008-05-14 19:20:57 12,288 ----a-r C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-05 07:51:05 12,288 ----a-r C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-05-14 19:20:57 135,168 ----a-r C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-05 07:51:05 135,168 ----a-r C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-05-14 19:20:57 11,264 ----a-r C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-05 07:51:05 11,264 ----a-r C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-05-14 19:20:57 27,136 ----a-r C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-05 07:51:05 27,136 ----a-r C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-05-14 19:20:57 4,096 ----a-r C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-05 07:51:05 4,096 ----a-r C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-05-14 19:20:57 794,624 ----a-r C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-06-05 07:51:05 794,624 ----a-r C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-05-14 19:20:57 249,856 ----a-r C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-06-05 07:51:05 249,856 ----a-r C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-05-14 19:20:57 23,040 ----a-r C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-06-05 07:51:05 23,040 ----a-r C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-05-14 19:20:57 286,720 ----a-r C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-06-05 07:51:04 286,720 ----a-r C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-05-14 19:20:57 409,600 ----a-r C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-06-05 07:51:04 409,600 ----a-r C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
- 2004-08-04 12:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-02-26 11:59:49 294,912 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
- 2005-03-17 12:39:58 1,146,320 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2007-06-06 08:53:34 1,195,888 ----a-w C:\WINDOWS\system32\FM20.DLL
- 2003-07-23 20:39:58 36,680 ----a-w C:\WINDOWS\system32\FM20DEU.DLL
+ 2007-04-12 08:05:12 48,864 ----a-w C:\WINDOWS\system32\FM20DEU.DLL
+ 2007-03-22 17:17:04 35,440 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2008-04-09 17:11:26 126,912 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-05 14:13:06 126,912 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2004-03-22 13:17:06 24,816 ----a-w C:\WINDOWS\system32\mdimon.dll
+ 2007-04-09 11:23:54 28,040 ----a-w C:\WINDOWS\system32\mdimon.dll
- 2004-08-04 12:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 11:59:49 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2004-03-22 13:17:04 765,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2007-04-09 11:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2004-03-22 13:17:10 42,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2007-04-09 11:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
- 2004-03-22 13:17:04 765,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
+ 2007-04-09 11:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
- 2004-03-22 13:17:10 42,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
+ 2007-04-09 11:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
- 2004-03-22 13:17:08 25,840 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-04-09 11:23:54 28,552 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:55 5674352]
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 13:27 405583]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-24 23:11 262401]
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"RemoteControl"="C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"Sony Ericsson PC Suite"="C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2008-04-21 08:42 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=C:\Programme\HP\HP Software Update\HPWuSchd2.exe
"NVMixerTray"="C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\sandra.exe"=
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcSandraSrv.exe"=
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcDataSrv.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programme\\MSN Messenger\\livecall.exe"=
"C:\\Programme\\Messenger\\msmsgs.exe"=
"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2008-04-24 23:11]
R0 PDDSLHND;PDDSLHND;C:\WINDOWS\system32\drivers\PDDSLHND.sys [2005-06-23 18:16]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-04-24 23:11]
R3 PDDSLADP;ProDyne DSL Adapter;C:\WINDOWS\system32\DRIVERS\PDDSLADP.SYS [2005-06-23 18:16]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 13:12]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 13:12]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 13:12]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 13:12]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 13:12]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 09:51]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 09:51]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 09:51]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 09:51]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 09:51]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 09:51]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 09:51]

.
- - - - ORPHANS REMOVED - - - -

Toolbar-{6E90A503-DDFD-4CC5-9628-0391A05E7212} - C:\WINDOWS\gktxaspm.dll
Toolbar-{0983040A-984F-4BEF-BEBE-D3D3342D3954} - C:\WINDOWS\gktxaspm.dll
Toolbar-{C48F0939-992C-45C8-A9C2-B97A22D9B4BD} - C:\WINDOWS\atfxqogp.dll
HKLM-Run-ecf9f935 - C:\WINDOWS\system32\upardabr.dll
SSODL-gnowmebk-{DBD66189-156E-488C-88AB-093E3B0ACADD} - (no file)
SSODL-pxgdslro-{9FA62446-974D-4359-B22C-58AFDC7CDCA8} - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h**p://***.gmer.net
Rootkit scan 2008-07-04 11:26:39
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programme\CASIO\Photo Loader\Plauto.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Programme\HP\Digital Imaging\bin\hpqste08.exe
C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-07-04 11:34:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-04 09:34:30
ComboFix2.txt 2008-05-29 15:33:02

9 Verzeichnis(se), 1,040,592,896 Bytes frei
11 Verzeichnis(se), 1,186,172,928 Bytes frei

268 --- E O F --- 2008-06-05 07:51:36

so ich hoffe ich habe alle h**ps und namen gefunden:).
jetzt gehts ans killen:D
die liebsten grüße und schon mal 1000 dank...