Viren, Malware, Spyware, bitte um Hilfe!

ComboFix 10-12-22.05 - tita 23.12.2010  13:53:18.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.43.1033.18.2038.1659 [GMT 1:00]
ausgeführt von:: e:\documents and settings\tita\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\documents and settings\tita\Application Data\completescan
e:\documents and settings\tita\Application Data\desktop.ini
e:\documents and settings\tita\Application Data\install
e:\documents and settings\tita\Application Data\xssend2
e:\windows\Tasks\At1.job
e:\windows\Tasks\At10.job
e:\windows\Tasks\At11.job
e:\windows\Tasks\At12.job
e:\windows\Tasks\At13.job
e:\windows\Tasks\At14.job
e:\windows\Tasks\At15.job
e:\windows\Tasks\At16.job
e:\windows\Tasks\At17.job
e:\windows\Tasks\At18.job
e:\windows\Tasks\At19.job
e:\windows\Tasks\At2.job
e:\windows\Tasks\At20.job
e:\windows\Tasks\At21.job
e:\windows\Tasks\At22.job
e:\windows\Tasks\At23.job
e:\windows\Tasks\At24.job
e:\windows\Tasks\At3.job
e:\windows\Tasks\At4.job
e:\windows\Tasks\At5.job
e:\windows\Tasks\At6.job
e:\windows\Tasks\At7.job
e:\windows\Tasks\At8.job
e:\windows\Tasks\At9.job

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
(((((((((((((((((((((((   Dateien erstellt von 2010-11-23 bis 2010-12-23  ))))))))))))))))))))))))))))))
.

2010-12-22 23:09 . 2010-12-22 23:09	20480	----a-w-	e:\windows\system32\drivers\ndisrd.sys
2010-12-22 23:06 . 2010-12-23 11:13	--------	d-----w-	e:\documents and settings\tita\Application Data\zfeukcliqtpgjnqsixwle3bpj13mqvi2
2010-12-22 20:12 . 2010-12-22 20:12	--------	d-----w-	e:\documents and settings\tita\Local Settings\Application Data\softonic-de3
2010-12-22 19:07 . 2010-12-22 19:07	--------	d-----w-	e:\documents and settings\Administrator
2010-12-22 15:11 . 2010-12-22 15:11	--------	d-----w-	e:\documents and settings\tita\Application Data\Malwarebytes
2010-12-22 15:11 . 2010-11-29 16:42	38224	----a-w-	e:\windows\system32\drivers\mbamswissarmy.sys
2010-12-22 15:11 . 2010-12-22 15:11	--------	d-----w-	e:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-22 15:11 . 2010-12-23 11:10	--------	d-----w-	e:\program files\Malwarebytes' Anti-Malware
2010-12-22 15:11 . 2010-11-29 16:42	20952	----a-w-	e:\windows\system32\drivers\mbam.sys
2010-12-21 17:23 . 2010-12-21 17:23	--------	d-----w-	e:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-12-21 12:12 . 2010-12-21 12:12	--------	d-----w-	e:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-12-19 23:20 . 2010-12-22 18:41	--------	d-----w-	E:\CBSSC
2010-12-15 23:43 . 2010-12-15 23:43	--------	d-----w-	e:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-12-15 23:39 . 2010-12-23 00:16	--------	d-----w-	e:\documents and settings\tita\Application Data\skypePM
2010-12-15 23:38 . 2010-12-22 20:02	--------	d-----w-	e:\documents and settings\tita\Local Settings\Application Data\Temp
2010-12-15 23:38 . 2010-12-15 23:38	--------	d-----w-	e:\program files\Common Files\Skype
2010-12-15 23:38 . 2010-12-15 23:38	--------	d-----r-	e:\program files\Skype
2010-12-15 23:38 . 2010-12-23 00:48	--------	d-----w-	e:\documents and settings\tita\Application Data\Skype
2010-12-15 23:38 . 2010-12-15 23:38	--------	d-----w-	e:\documents and settings\All Users\Application Data\Skype
2010-12-12 15:46 . 2010-12-22 18:41	--------	d-----w-	E:\2010-12-12
2010-12-11 18:15 . 2010-12-11 18:16	--------	d-----w-	e:\program files\Glary Utilities
2010-12-11 14:13 . 2010-12-11 14:13	--------	d-----w-	E:\2010-12-11
2010-12-04 19:40 . 2010-12-04 20:51	--------	d-----w-	E:\Juliette
2010-12-03 12:41 . 2010-12-03 12:50	--------	d-----w-	E:\Rudolf Geburtstag

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 09:20 . 2009-12-23 23:23	81920	----a-w-	e:\windows\DUMP2b94.tmp
2010-12-23 09:19 . 2009-12-23 23:23	81920	----a-w-	e:\windows\DUMP2c20.tmp
2010-12-23 09:17 . 2009-12-23 23:23	81920	----a-w-	e:\windows\DUMP2d4a.tmp
2010-12-23 09:15 . 2009-12-23 23:23	81920	----a-w-	e:\windows\DUMP2bf2.tmp
2010-12-23 09:14 . 2009-12-23 23:23	81920	----a-w-	e:\windows\DUMP2d49.tmp
2010-12-23 09:13 . 2009-12-23 23:23	81920	----a-w-	e:\windows\DUMP399e.tmp
2010-11-06 13:33 . 2009-12-23 23:47	56816	----a-w-	e:\windows\system32\drivers\avgntflt.sys
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="e:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"HotKeysCmds"="e:\windows\system32\hkcmd.exe" [2008-09-16 178712]
"Persistence"="e:\windows\system32\igfxpers.exe" [2008-09-16 150040]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"avgnt"="e:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes' Anti-Malware (reboot)"="e:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"LanguageShortcut"="e:\program files\CyberLink\PowerDVD\Language\Language.exe"
"RemoteControl"="e:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Alcmtr"=ALCMTR.EXE
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\WINDOWS\\system32\\ftp.exe"=
"e:\\Documents and Settings\\tita\\My Documents\\Downloads\\Wuala.exe"=
"e:\\Program Files\\Telekom Austria\\Breitband-Internet-Installation\\fixnet installer\\Installer.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Program Files\\Messenger\\msmsgs.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [06.11.2010 12:40 108289]
S0 ontqqpom;ontqqpom;e:\windows\system32\drivers\ugyq.sys --> e:\windows\system32\drivers\ugyq.sys [?]
S2 gupdate;Google Update Service (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [16.12.2010 00:38 136176]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);e:\windows\system32\drivers\alcan5ln.sys [24.12.2009 22:04 26960]
S4 NAUpdate;@e:\program files\Nero\Update\NASvc.exe,-200;e:\program files\Nero\Update\NASvc.exe [04.05.2010 11:07 503080]
.
Inhalt des "geplante Tasks" Ordners

2010-12-23 e:\windows\Tasks\GlaryInitialize.job
- e:\program files\Glary Utilities\initialize.exe [2010-12-11 09:47]

2010-12-23 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 23:38]

2010-12-23 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 23:38]

2010-12-23 e:\windows\Tasks\User_Feed_Synchronization-{7460C1EE-B832-4063-9D58-F5E19FC48A80}.job
- e:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - e:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - e:\documents and settings\tita\Application Data\Mozilla\Firefox\Profiles\p1pswelb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - e:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: softonic-de3 Community Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - %profile%\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
FF - Ext: Java Quick Starter: jqs@sun.com - e:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-RealAudio Player 5.0 - e:\windows\RAUNINST.exe Software\Progressive Networks\RealAudio Player\5.0



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-12-23 13:57
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2010-12-23  13:58:16
ComboFix-quarantined-files.txt  2010-12-23 12:58

Vor Suchlauf: 170.029.191.168 bytes free
Nach Suchlauf: 170.470.846.464 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 7C140FE520727C87B7DF1F5007899E50