settdebugx.exe + TR/FraudPack.ajwx erfolgreich entfernt?

Lachs83 · 15.01.2010, 15:41

Hallo zusammen,

nicht nur ich bin krank, nein auch mein Rechner

Vor 2 Tagen hat plötzlich Antivir Alarm geschlagen. Leider habe ich es versäumt einen Screenshot von der Meldung zu machen. Auf jeden Fall hatte Antivir die "settdebugx.exe" und den Trojaner "TR/FraudPack.ajwx" gefunden (bzw. die settdebugx.exe ist der Trojaner, oder?? Habe von sowas leider keine Ahnung).

Daraufhin habe ich gestern gegooled und bin auf ein Thema in diesem Forum gestoßen, in demm jemand eine "Patentlösung" für das Entfernen dieses Trojaners gepostet hat. Leider finde ich auch dieses Thema nicht wieder... Dort wurden 4 Dateien aufgezählt, die man alle löschen sollte: settdebugx.exe, installer.exe, rich.exe und eine vierte ".exe", die mit "w" begann. Davon konnte ich aber nur die "settdebugx.exe" auf meinem Rechner finden. Diese habe ich dann gelöscht. Allerdings habe zwei User geantwortet, dass es keine Patentlösung für das entfernen des Trojaners gäbe, da die Dateien unterschiedlich heißen könnten. Deshalb habe ich dann mal die Tools aus den Hinweisen für das erste Posting durchlaufen lassen (http://www.trojaner-board.de/69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html)

Ich habe CCleaner durchlaufen lassen. Dabei konnte ein Fehler in der Registry nicht behoben werden. Egal wie oft ich die Schritte wiederholt habe, es trat immer der gleiche Fehler auf:

Anschließend habe ich Malwarebytes Anti-Malware durchlaufen lassen. Dieses Programm hat nichts gefunden (allerdings hat der Durchlauf über 2 Std gedauert. Ist das normal?)

Dann habe ich ich RSIT durchlaufen lassen.
Es folgt der Inhalt der info.txt:

Code:

ATTFilter

info.txt logfile of random's system information tool 1.06 2010-01-14 21:37:35

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DMark03-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FF35F637-72B9-43BE-A281-06EB2854393A}\Setup.exe" -l0x9 
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.6 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003}
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AFPL Ghostscript 8.14-->c:\programme\gs\uninstgs.exe "c:\programme\gs\gs8.14\uninstal.txt"
AFPL Ghostscript Fonts-->c:\programme\gs\uninstgs.exe "c:\programme\gs\fonts\uninstal.txt"
Ahead Nero Burning ROM-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Borland Delphi 7-->MsiExec.exe /I{72263053-50D1-4598-9502-51ED64E54C51}
bwin Poker (remove only)-->"C:\Programme\bwin\uninstall.exe"
Camtasia Studio 5-->MsiExec.exe /I{93D135EB-7D19-41EA-BEEF-72ECD4FE617C}
Canon PhotoRecord-->MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Canon PIXMA iP2000-->C:\WINDOWS\System32\CNMCP66.exe "-PRINTERNAMECanon PIXMA iP2000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP2000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP2000 Installer\Inst2\cnmi0407.dll"
Canon Utilities Easy-PhotoPrint-->C:\Programme\Canon\Easy-PhotoPrint\uninst.exe C:\Programme\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
Cisco Systems VPN Client 5.0.00.0340-->MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Programme\Codec Pack - All In 1\irunin.ini"
Command & Conquer Generals-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32} 
Command and Conquer(TM) Generäle Die Stunde Null -->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1} 
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
Easy-WebPrint-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\Canon\Easy-WebPrint\Uninst.isu
FLV Player 1.3.3-->"C:\Programme\FLVPlayer\uninstall.exe"
FotoWorks-->C:\Programme\FotoWorks\unins000.exe
FreePDF XP (Remove only)-->C:\Programme\FreePDF_XP\fpsetup.exe /r
Grand Theft Auto San Andreas-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{086BADF8-9B1F-4E89-B207-2EDA520972D6}\setup.exe" -l0x7  -removeonly
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
ICQ Toolbar-->C:\Programme\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) SE Development Kit 6-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160000}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Codec Pack 2.72 Full-->"C:\Programme\K-Lite Codec Pack\unins000.exe"
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x7 UNINSTALL -removeonly
Logitech SetPoint-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x7  -removeonly
MadOnion.com/3DMark2001 SE-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{91B323B5-A79C-4D23-BD6D-046C565F9BCF}\Setup.exe" -l0x9 uninstall -uninst 
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
MegaCam-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{77F69001-4D35-4BEA-A074-26DA04EA0CDA}\Setup.exe" -l0x7 
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}
Microsoft SQL Server 2005-->"c:\Programme\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{488AB4C7-6D77-4435-BF9F-94611B851552}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{C1A887F3-0A50-455C-9292-1988E1A209C1}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.6)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser-->MsiExec.exe /I{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}
MUSICMATCH® Jukebox-->C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
Need for Speed Underground 2-->C:\Programme\EA GAMES\Need for Speed Underground 2\EAUninstall.exe
Nokia Connectivity Cable Driver-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15} /l1031 
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Pacific Poker-->C:\PROGRA~1\PACIFI~1\UNWISE.EXE C:\PROGRA~1\PACIFI~1\INSTALL.LOG
PartyPoker-->"C:\Programme\PartyGaming\PartyPoker\Uninstall.exe" "C:\Programme\PartyGaming\PartyPoker\install.log"
PartyPokerNet-->"C:\Programme\PartyGaming.Net\PartyPokerNet\Uninstall.exe" "C:\Programme\PartyGaming.Net\PartyPokerNet\install.log"
PlugY, The Survival Kit-->"D:\Games\Diablo II\Mod PlugY\PlugY Uninstaller.exe"
POD-Bot 2.5-->C:\WINDOWS\unvise32.exe C:\Sierra\Half-Life\cstrike\poduninst.log
Poker Grapher-->MsiExec.exe /I{E31E2A9F-D76D-49DD-9851-930DD1B0A081}
Poker Tracker Version 2.16.03d-->"C:\Programme\Poker Tracker V2\unins000.exe"
PokerAce Hud (remove only)-->"C:\Programme\PokerAce Hud\uninstall.exe"
PokerEV-->MsiExec.exe /I{4B55C81E-D4DF-41D0-8626-9A749B7D40AE}
PokerStars-->C:\Programme\PokerStars\Uninstall.EXE /u:"PokerStars"
PokerStrategy Equilator-->MsiExec.exe /I{D4EB3763-9586-405D-B376-DE98C8C9285E}
PostgreSQL 8.0-->MsiExec.exe /I{5AA3FA26-72A2-4D06-9BFE-98E650A37B6D}
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RedMon - Redirection Port Monitor-->C:\WINDOWS\system32\unredmon.exe
Saitek SD02.7 Controller Drivers-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3A9E0E2F-B0D1-452B-B833-7A7300EA1231}\setup.exe" AddRem
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy 1.3-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
TeamSpeak 2 RC2-->C:\Programme\Teamspeak2_RC2\unins000.exe
Texas Grab'em-->MsiExec.exe /I{738B1101-02CB-4608-A2A5-B55D6EC1CE2A}
Titan Poker-->"C:\Poker\Titan Poker\_SetupPoker.exe" /uninstall
Ulead Photo Express 4.0 SE-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}\setup.exe" -l0x7 
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
VLC media player 1.0.1-->C:\Programme\VideoLAN\VLC\uninstall.exe
Vodei Multimedia Processor 1.09-->C:\Programme\Vodei\uninst.exe
Winamp (remove only)-->"C:\Programme\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe
WinZip-->C:\INSTAL~1\Winzip\winzip32.exe /uninstall
xp-AntiSpy 3.96-2-->C:\Programme\xp-AntiSpy\Uninstall.exe

Hosts File Missing
======Security center information======

AV: AntiVir PersonalEdition Classic Virenschutz
AV: AntiVir PersonalEdition Classic Virenschutz
AV: AntiVir Desktop (disabled) (outdated)
AV: AntiVir PersonalEdition Classic Virenschutz

======System event log======

Computer Name: ***
Event Code: 7036
Message: Dienst "RAS-Verbindungsverwaltung" befindet sich jetzt im Status "Ausgeführt".

Record Number: 86802
Source Name: Service Control Manager
Time Written: 20091102210040.000000+060
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "RAS-Verbindungsverwaltung" gesendet.

Record Number: 86801
Source Name: Service Control Manager
Time Written: 20091102210038.000000+060
Event Type: Informationen
User: ***\***

Computer Name: ***
Event Code: 7036
Message: Dienst "Telefonie" befindet sich jetzt im Status "Ausgeführt".

Record Number: 86800
Source Name: Service Control Manager
Time Written: 20091102210038.000000+060
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 7036
Message: Dienst "Gatewaydienst auf Anwendungsebene" befindet sich jetzt im Status "Ausgeführt".

Record Number: 86799
Source Name: Service Control Manager
Time Written: 20091102210037.000000+060
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Gatewaydienst auf Anwendungsebene" gesendet.

Record Number: 86798
Source Name: Service Control Manager
Time Written: 20091102210037.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: ***
Event Code: 1486
Message: Der Transport für Datenbankspiegelung ist in der Endpunktkonfiguration deaktiviert.

Record Number: 83703
Source Name: MSSQL$SQLEXPRESS
Time Written: 20091122121611.000000+060
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 17125
Message: Die dynamische Sperrenzuordnung wird verwendet. Anfänglich wurden 2500 Sperrblöcke und 5000 Sperrenbesitzerblöcke pro Knoten zugeordnet. Diese Meldung dient nur zu Informationszwecken. Es ist keine Benutzeraktion erforderlich.

Record Number: 83702
Source Name: MSSQL$SQLEXPRESS
Time Written: 20091122121604.000000+060
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 17164
Message: Es wurden 1 CPUs gefunden. Diese Meldung dient nur zu Informationszwecken. Es ist keine Benutzeraktion erforderlich.

Record Number: 83701
Source Name: MSSQL$SQLEXPRESS
Time Written: 20091122121553.000000+060
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 17162
Message: SQL Server wird mit normaler Priorität (=7) gestartet. Diese Meldung dient nur zu Informationszwecken. Es ist keine Benutzeraktion erforderlich.

Record Number: 83700
Source Name: MSSQL$SQLEXPRESS
Time Written: 20091122121553.000000+060
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 17110
Message: Registrierungsstartparameter:

Record Number: 83699
Source Name: MSSQL$SQLEXPRESS
Time Written: 20091122121552.000000+060
Event Type: Informationen
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\Delphi7\Bin;C:\Programme\Delphi7\Projects\Bpl\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Programme\Microsoft SQL Server\90\Tools\binn\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Inhalt der log.txt:

Code:

ATTFilter

Logfile of random's system information tool 1.06 (written by random/random)
Run by *** at 2010-01-14 21:37:13
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 5 GB (9%) free of 57 GB
Total RAM: 511 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:31, on 14.01.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre1.6.0\bin\jusched.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\***\Tools\Viren, Trojaner usw\RSIT\RSIT.exe
C:\Programme\trend micro\***.exe    <--- Was ist das? eine .exe mit meinem Namen? In dem Ordner befindet sich noch eine "hijackthis.exe" und "hijackthis.log". Allerdings habe ich HJT ganz woanders installiert.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/content/index.html
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-1390067357-1957994488-725345543-1011\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Secure Update] rpcxwinupdt.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] vpc32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows DNS Daemon] windnsd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Sound Manager] SndMon32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Win32 SSL Driver] winssv.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Win32 SSL Driver] winssv.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} (Photo Uploader Control) - http://www.studivz.net/lib/photouploader/PhotoUploader.cab
O18 - Protocol: bw+0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CD5FCA80-DB9F-4441-B194-2A2BFF8EF227} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.0 (pgsql-8.0) - PostgreSQL Global Development Group - C:\Programme\PostgreSQL\8.0\bin\pg_ctl.exe

--
End of file - 18633 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\Programme\Spybot - Search & Destroy\SDHelper.dll [2004-05-12 744960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre1.6.0\bin\ssv.dll [2007-02-21 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Programme\Canon\Easy-WebPrint\Toolband.dll [2004-04-16 405504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2002-06-14 46592]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Programme\Java\jre1.6.0\bin\jusched.exe [2007-02-21 77824]
"FreePDF Assistant"=C:\Programme\FreePDF_XP\fpassist.exe [2005-05-27 310272]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LDM"=C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2006-12-21 32768]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2004-08-03 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-16 63712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Programme\D-Tools\daemon.exe [2004-08-22 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Programme\ICQ6.5\ICQ.exe [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Programme\ICQLite\ICQLite.exe -minimize []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Programme\Messenger\msmsgs.exe [2004-08-03 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe [2004-10-14 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Programme\Skype\Phone\Skype.exe [2007-09-13 22880040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Ulead Kalendar Checker 4.0 SE.lnk]
C:\PROGRA~1\ULEADS~1\ULEADP~1.0SE\CalCheck.exe [2002-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^VPN Client.lnk]
C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-09-17 6144]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Logitech Desktop Messenger.lnk - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\ICQLite\ICQLite.exe"="C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"D:\Games\UT\System\UnrealTournament.exe"="D:\Games\UT\System\UnrealTournament.exe:*:Enabled:UnrealTournament"
"D:\Games\Half-Life\hl.exe"="D:\Games\Half-Life\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Games\Call of Duty\CoDUOMP.exe"="D:\Games\Call of Duty\CoDUOMP.exe:*:Enabled:CoDUOMP"
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"D:\Games\Serious Sam - The Second Encounter\Bin\SeriousSam.exe"="D:\Games\Serious Sam - The Second Encounter\Bin\SeriousSam.exe:*:Enabled:SeriousSam"
"D:\Games\Warcraft III\Warcraft III.exe"="D:\Games\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\Games\cs_2\CS Source\hl2.exe"="D:\Games\cs_2\CS Source\hl2.exe:*:Enabled:hl2"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\PokerStrategy\PokerStrategy Equilator\Equilator.exe"="C:\Programme\PokerStrategy\PokerStrategy Equilator\Equilator.exe:*:Enabled:PokerStrategy Equilator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99a2637c-3deb-11dc-a02d-0010dc5dbece}]
shell\AutoRun\command - G:\USBSuite.exe


======List of files/folders created in the last 1 months======

2010-01-14 21:37:15 ----D---- C:\Programme\trend micro
2010-01-14 21:37:13 ----D---- C:\rsit
2010-01-14 17:43:24 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
2010-01-14 17:43:14 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-01-14 17:43:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-01-14 16:57:50 ----D---- C:\Programme\CCleaner
2010-01-10 00:52:03 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini
2010-01-02 17:35:14 ----A---- C:\WINDOWS\DIIUnin.exe
2010-01-01 00:38:34 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll

======List of files/folders modified in the last 1 months======

2010-01-14 21:37:15 ----RD---- C:\Programme
2010-01-14 20:58:04 ----D---- C:\WINDOWS\Temp
2010-01-14 17:43:17 ----D---- C:\WINDOWS\system32\drivers
2010-01-14 17:31:33 ----D---- C:\Programme\Mozilla Firefox
2010-01-14 17:30:28 ----D---- C:\WINDOWS\Debug
2010-01-14 17:30:28 ----D---- C:\WINDOWS
2010-01-14 15:46:14 ----D---- C:\WINDOWS\system32
2010-01-14 15:46:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-14 15:42:54 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-13 23:16:51 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
2010-01-10 23:52:36 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vlc
2010-01-10 01:52:27 ----H---- C:\WINDOWS\vp.ini
2010-01-02 18:20:10 ----A---- C:\WINDOWS\winzip32.ini
2010-01-02 18:20:10 ----A---- C:\WINDOWS\win.ini
2010-01-02 17:52:11 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
2010-01-02 17:52:10 ----AT---- C:\WINDOWS\system32\SIntf32.dll
2010-01-02 17:52:10 ----AT---- C:\WINDOWS\system32\SIntf16.dll
2009-12-31 14:29:13 ----D---- C:\Programme\ICQ6.5
2009-12-22 23:13:49 ----A---- C:\WINDOWS\winamp.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-24 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 40192]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-06-12 654604]
R3 AR5211;TP-LINK Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-03-27 543712]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2005-03-10 13056]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2008-04-21 28256]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-03-26 45568]
R3 SaiClass;SaiClass; C:\WINDOWS\system32\drivers\SaiNtBus.sys [2002-08-22 23168]
R3 SaiMini;SaiMini; C:\WINDOWS\system32\drivers\SaiMini.sys [2002-08-22 16000]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\System32\DRIVERS\ENTECH.SYS []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2005-02-15 6300]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2005-02-15 9021]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2005-02-17 140619]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 SaiNtHid;SaiNtHid; C:\WINDOWS\System32\DRIVERS\SaiNtHid.sys [2002-08-22 45184]
S3 SaiNtSub;SaiNtSub; C:\WINDOWS\System32\DRIVERS\SaiNtSub.sys [2002-08-22 19456]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SQTECH9080;MegaCam(PID_9080_00); C:\WINDOWS\System32\Drivers\Capt9080.sys [2005-01-12 51016]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
R2 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 pgsql-8.0;PostgreSQL Database Server 8.0; C:\Programme\PostgreSQL\8.0\bin\pg_ctl.exe [2005-05-11 67062]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLWriter;SQL Server VSS Writer; c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [2005-10-14 87768]
S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server-Browser; c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]

-----------------EOF-----------------

Zu guter letzt habe ich dann noch mal Antivir durchlaufen lassen. Antivir hat mir folgende Warnung angezeigt:

Da habe ich dann auf "alles reparieren" geklickt.

Ist mein rechner jetzt noch mit der settdebugx.exe oder dem Trojaner infiziert? Was ist dieses Malware-Dingens, das Antivir gefunden hat?

Ich hoffe ich habe keine wichtige Info unterschlagen.

Vorab schonmal vielen Dank an alle Helfer

settdebugx.exe + TR/FraudPack.ajwx erfolgreich entfernt?

Plagegeister aller Art und deren Bekämpfung: settdebugx.exe + TR/FraudPack.ajwx erfolgreich entfernt?

settdebugx.exe + TR/FraudPack.ajwx erfolgreich entfernt?

Ähnliche Themen: settdebugx.exe + TR/FraudPack.ajwx erfolgreich entfernt?