Vermute Trojaner

rookie999

So, hier mal eins meiner Antimalware-Logfiles:

Malwarebytes' Anti-Malware 1.41
Database version: 2871
Windows 5.1.2600 Service Pack 3 (Safe Mode)

26.10.2009 20:54:07
mbam-log-2009-10-26 (20-53-50).txt

Scan type: Full Scan (C:\|)
Objects scanned: 262950
Time elapsed: 1 hour(s), 49 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 10
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\ADMINI~1\ANWEND~1\MACROM~1\Common\228d800e1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\ADMINI~1\ANWEND~1\MACROM~1\Common\228d800e1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\ADMINI~1\ANWEND~1\MACROM~1\Common\228d800e1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\Benedikt\ANWEND~1\MACROM~1\Common\228d800e1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\ADMINI~1\ANWEND~1\MACROM~1\Common\228d800e1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\Benedikt\ANWEND~1\MACROM~1\Common\228d800e1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\ADMINI~1\ANWEND~1\MACROM~1\Common\228d800e1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\ADMINI~1\ANWEND~1\MACROM~1\Common\228d800e1.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Dokumente und Einstellungen\Benedikt\Anwendungsdaten\Macromedia\Common\228d800e1.dll (Hijack.Sound) -> No action taken.
C:\Dokumente und Einstellungen\HelpAssistant\Anwendungsdaten\Macromedia\Common\228d800e1.dll (Hijack.Sound) -> No action taken.
C:\Dokumente und Einstellungen\Benedikt\Anwendungsdaten\wiaserva.log (Malware.Trace) -> No action taken.
C:\Dokumente und Einstellungen\HelpAssistant\Anwendungsdaten\wiaserva.log (Malware.Trace) -> No action taken.
C:\WINDOWS\temp\wpv381256301239.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\msacm32.drv (Trojan.Agent) -> No action taken.
C:\WINDOWS\wuasirvy.dll (Trojan.Banker) -> No action taken.

Bin aber grad nicht so optimistisch, denn nach jedem Durchlauf lösch ich das ganze Zeug, beim nächsten Durchlauf werden exakt die gleichen Dateien wieder gefunden. Über ne Lösung, die nicht Formatierung heißt, wäre ich dankbar.