| 
 also das system ist Win XP SP2 
hier das HJ log:   Code: 
 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:18:19, on 05.11.2008
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v7.00 (7.00.6000.20696)
 Boot mode: Normal
 
 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\Ati2evxx.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\system32\Ati2evxx.exe
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\system32\spoolsv.exe
 C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
 C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
 C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
 C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
 C:\Programme\Winamp\winampa.exe
 C:\Programme\FreePDF_XP\fpassist.exe
 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
 C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe
 C:\WINDOWS\system32\wscntfy.exe
 C:\WINDOWS\System32\svchost.exe
 C:\Programme\Trend Micro\HijackThis\HijackThis.exe
 
 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
 O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
 O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
 O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
 O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe
 O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
 O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
 O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
 O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
 O4 - Global Startup: web'n'walk Manager.lnk = C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
 O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
 O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
 O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
 O23 - Service: GtDetectSc - Option - C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe
 
 --
 End of file - 5266 bytes
 und hier das silentrunner log:   Code: 
 "Silent Runners.vbs", revision 58, http://www.silentrunners.org/Operating System: Windows XP SP2
 Output limited to non-default values, except where indicated by "{++}"
 
 
 Startup items buried in registry:
 ---------------------------------
 
 HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
 "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
 
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
 "Adobe Reader Speed Launcher" = ""C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
 "SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]
 "SSBkgdUpdate" = ""C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot" ["Scansoft, Inc."]
 "PaperPort PTD" = "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe" ["ScanSoft, Inc."]
 "IndexSearch" = "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe" ["ScanSoft, Inc."]
 "ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
 "WinampAgent" = "C:\Programme\Winamp\winampa.exe" [null data]
 "FreePDF Assistant" = "C:\Programme\FreePDF_XP\fpassist.exe" [null data]
 "AVP" = ""C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"" ["Kaspersky Lab"]
 
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
 {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
 -> {HKLM...CLSID} = "Adobe PDF Reader"
 \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
 {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = "IEVkbdBHO"
 -> {HKLM...CLSID} = "IEVkbdBHO Class"
 \InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll" ["Kaspersky Lab"]
 {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
 -> {HKLM...CLSID} = "SSVHelper Class"
 \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
 
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
 -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
 \InProcServer32\(Default) = "deskpan.dll" [file not found]
 "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
 -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
 \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
 "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
 -> {HKLM...CLSID} = "History Band"
 \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
 "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
 -> {HKLM...CLSID} = "Microsoft Office Outlook"
 \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL" [MS]
 "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
 -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
 \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL" [MS]
 "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
 -> {HKLM...CLSID} = (no title provided)
 \InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
 "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statistik für den Schutz des Web-Datenverkehrs"
 -> {HKLM...CLSID} = "Statistik für den Schutz des Web-Datenverkehrs"
 \InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"]
 
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
 "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
 -> {HKLM...CLSID} = "WPDShServiceObj Class"
 \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshserviceobj.dll" [MS]
 
 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
 <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
 <<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]
 
 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
 <<!>> userinit.exe\Debugger = "zdpek.exe" [null data]
 
 HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
 <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
 -> {HKLM...CLSID} = (no title provided)
 \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
 
 HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
 {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
 -> {HKLM...CLSID} = "PDF Shell Extension"
 \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
 
 HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
 Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
 -> {HKLM...CLSID} = (no title provided)
 \InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"]
 
 HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
 Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
 -> {HKLM...CLSID} = (no title provided)
 \InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"]
 
 
 Group Policies {GPedit.msc branch and setting}:
 -----------------------------------------------
 
 Note: detected settings may not have any effect.
 
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
 
 "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 Shutdown: Allow system to be shut down without having to log on}
 
 "undockwithoutlogon" = (REG_DWORD) dword:0x00000001
 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
 Devices: Allow undock without having to log on}
 
 
 Active Desktop and Wallpaper:
 -----------------------------
 
 Active Desktop may be disabled at this entry:
 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 
 Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
 HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
 "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"
 
 Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
 HKCU\Control Panel\Desktop\
 "Wallpaper" = "C:\Dokumente und Einstellungen\Notebook2\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"
 
 
 Enabled Screen Saver:
 ---------------------
 
 HKCU\Control Panel\Desktop\
 "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]
 
 
 Windows Portable Device AutoPlay Handlers
 -----------------------------------------
 
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
 
 MSWPDShellNamespaceHandler\
 "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
 "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
 "InitCmdLine" = " "
 -> {HKLM...CLSID} = "WPDShextAutoplay"
 \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]
 
 WinampMTPHandler\
 "Provider" = "Winamp"
 "ProgID" = "Shell.HWEventHandlerShellExecute"
 "InitCmdLine" = "C:\Programme\Winamp\winamp.exe"
 HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
 -> {HKLM...CLSID} = "ShellExecute HW Event Handler"
 \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
 
 WinampPlayMediaOnArrival\
 "Provider" = "Winamp"
 "InvokeProgID" = "Winamp.File"
 "InvokeVerb" = "Play"
 HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Programme\Winamp\winamp.exe" "%1"" ["Nullsoft"]
 HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
 -> {HKLM...CLSID} = (no title provided)
 \LocalServer32\(Default) = ""C:\Programme\Winamp\winamp.exe"" ["Nullsoft"]
 
 
 Startup items in "Notebook2" & "All Users" startup folders:
 -----------------------------------------------------------
 
 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
 "web'n'walk Manager" -> shortcut to: "C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe  /noshow" ["T-Mobile"]
 
 
 Winsock2 Service Provider DLLs:
 -------------------------------
 
 Namespace Service Providers
 
 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
 
 Transport Service Providers
 
 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
 %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
 
 
 Toolbars, Explorer Bars, Extensions:
 ------------------------------------
 
 Explorer Bars
 
 HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
 
 HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statistik für den Schutz des Web-Datenverkehrs"
 Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
 InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"]
 
 HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
 Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
 InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS]
 
 Extensions (Tools menu items, main toolbar menu buttons)
 
 HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
 {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
 "MenuText" = "Sun Java Konsole"
 "CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"
 -> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"
 \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
 -> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"
 \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]
 
 {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
 "ButtonText" = "Statistik für den Schutz des Web-Datenverkehrs"
 
 {92780B25-18CC-41C8-B9BE-3C9C571A8263}\
 "ButtonText" = "Recherchieren"
 
 {E2E2DD38-D088-4134-82B7-F2BA38496583}\
 "MenuText" = "@xpsp3res.dll,-20001"
 "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]
 
 
 Running Services (Display Name, Service Name, Path {Service DLL}):
 ------------------------------------------------------------------
 
 Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
 GtDetectSc, GtDetectSc, ""C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe"" ["Option"]
 Kaspersky Internet Security, AVP, ""C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r" ["Kaspersky Lab"]
 
 
 Print Monitors:
 ---------------
 
 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
 Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
 MLMON__N\Driver = "MLMON__N.DLL" ["KONICA MINOLTA BUSINESS TECHNOLOGIES, INC."]
 Redirected Port\Driver = "redmonnt.dll" [null data]
 
 
 ---------- (launch time: 2008-11-05 15:33:28)
 <<!>>: Suspicious data at a malware launch point.
 
 + This report excludes default entries except where indicated.
 + To see *everywhere* the script checks and *everything* it finds,
 launch it from a command prompt or a shortcut with the -all parameter.
 + To search all directories of local fixed drives for DESKTOP.INI
 DLL launch points, use the -supp parameter or answer "No" at the
 first message box and "Yes" at the second message box.
 ---------- (total run time: 36 seconds, including 4 seconds for message boxes)
 edit: 
hier noch das log  vom antirootkit:   Code: 
 Avira AntiRootkit Tool - Beta (1.0.1.17)
 ========================================================================================================
 - Scan started Mittwoch, 5. November 2008 - 15:40:18
 ========================================================================================================
 
 --------------------------------------------------------------------------------------------------------
 Configuration:
 --------------------------------------------------------------------------------------------------------
 - [X] Scan files
 - [X] Scan registry
 - [X] Scan processes
 - [ ] Fast scan
 - Working disk total size : 37.26 GB
 - Working disk free size : 26.23 GB (70 %)
 --------------------------------------------------------------------------------------------------------
 
 Scan task finished. No hidden objects detected!
 
 --------------------------------------------------------------------------------------------------------
 Files: 0/25996
 Registry items: 0/288695
 Processes: 0/29
 Scan time: 00:02:18
 --------------------------------------------------------------------------------------------------------
 Active processes:
 - bodjabum.exe     (PID 3956) (Avira AntiRootkit Tool - Beta)
 - System           (PID 4)
 - smss.exe         (PID 904)
 - csrss.exe        (PID 952)
 - winlogon.exe     (PID 976)
 - services.exe     (PID 1020)
 - lsass.exe        (PID 1032)
 - ati2evxx.exe     (PID 1196)
 - svchost.exe      (PID 1212)
 - svchost.exe      (PID 1308)
 - svchost.exe      (PID 1432)
 - svchost.exe      (PID 1676)
 - ati2evxx.exe     (PID 1864)
 - explorer.exe     (PID 2028)
 - spoolsv.exe      (PID 260)
 - jusched.exe      (PID 500)
 - pptd40nt.exe     (PID 628)
 - atiptaxx.exe     (PID 644)
 - winampa.exe      (PID 652)
 - fpassist.exe     (PID 664)
 - avp.exe          (PID 676)
 - ctfmon.exe       (PID 684)
 - web'n'walk Manager.exe (PID 708)
 - avp.exe          (PID 1412)
 - GtDetectSc.exe   (PID 1460)
 - wscntfy.exe      (PID 2232)
 - alg.exe          (PID 3500)
 - svchost.exe      (PID 2940)
 - avirarkd.exe     (PID 1808)
 ========================================================================================================
 - Scan finished  Mittwoch, 5. November 2008 - 15:42:37
 ========================================================================================================
 der rest folg nach un nach ^^ vielleicht hilft das ja schon weiter :) |