Win32/Kryptik.EKH Trojaner lässt sich nicht entfernen/MBAM startet nicht

logfile of random's system information tool 1.06 2010-06-09 23:52:11

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Free Antivirus-->C:\Programme\Alwil Software\Avast5\aswRunDll.exe "C:\Programme\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Battlefield 1942: Secret Weapons of WWII-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}\Setup.exe" -l0x7 
Battlefield 1942: The Road To Rome-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}\Setup.exe" -l0x7 
Battlefield 1942-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\Setup.exe" -l0x7 
Canon MP270 series Benutzerregistrierung-->C:\Programme\Canon\IJEREG\MP270 series\UNINST.EXE
Canon MP270 series MP Drivers-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Diablo II-->C:\Programme\Gemeinsame Dateien\Blizzard Entertainment\Diablo II\Uninstall.exe
Die Sims™ 2 Deluxe-->D:\Spiele\SIMS II\EAUninstall.exe
Die Sims™ 3 Luxus-Accessoires-->"C:\Programme\InstallShield Installation Information\{71828142-5A24-4BD0-97E7-976DA08CE6CF}\setup.exe" -runfromtemp -l0x0007 -removeonly
Die Sims™ 3-->"C:\Programme\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0007 -removeonly
DivX Player-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX\DivX7\DivX Player\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS
DivX-Setup-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
ESET Online Scanner v3-->C:\Programme\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
jetAudio Basic-->C:\Programme\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe -runfromtemp -l0x0007 -removeonly
K-Lite Codec Pack 5.7.0 (Full)-->"C:\Programme\K-Lite Codec Pack\unins000.exe"
Lexware Info Service-->MsiExec.exe /X{59624372-3B85-47f4-9B04-4911E551DF1E}
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840407-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office XP Professional-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Nokia Connectivity Cable Driver-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C1599DA-9ED9-4090-930F-B8BC4D99D6B0} /l1031 
Nokia PC Suite-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{FBD6A335-7E02-43B0-AF58-1B472F9BD3E1} /l1031 
Panda ActiveScan 2.0-->C:\Programme\Panda Security\ActiveScan 2.0\as2uninst.exe
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sony Ericsson PC Suite 1.20.224-->MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}
Sony Ericsson PC Suite 6.011.00-->"C:\Programme\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly
Steuer 2009-->MsiExec.exe /X{410AB9BC-B057-4D39-9260-660EE1B4BED2}
Steuer Hilfesammlung-->MsiExec.exe /X{67DABCB4-239C-4E02-805E-DEA0DDCB1926}
SUperior SU-->C:\WINDOWS\ISUNINST.EXE -f"C:\Programme\SUperior SU\Uninst.isu" -o="SUperior SU" -c"C:\Programme\SUperior SU\Uninst.dll
TeamSpeak 2 RC2-->C:\Programme\Teamspeak2_RC2\unins000.exe
Update Service-->C:\Programme\Sony Ericsson\Update Service\uninst.exe
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Veetle TV 0.9.16-->C:\Programme\Veetle\UninstallVeetleTV.exe
VIA Plattform-Geräte-Manager-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} 
Warcraft III-->C:\Programme\Gemeinsame Dateien\Blizzard Entertainment\Warcraft III\Uninstall.exe
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR-->C:\Programme\WinRAR\uninstall.exe

======Security center information======

AV: avast! Antivirus

======System event log======

Computer Name: ***
Event Code: 7036
Message: Dienst "Windows Installer" befindet sich jetzt im Status "Beendet".

Record Number: 29803
Source Name: Service Control Manager
Time Written: 20100503022615.000000+120
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 7036
Message: Dienst "WMI-Leistungsadapter" befindet sich jetzt im Status "Beendet".

Record Number: 29802
Source Name: Service Control Manager
Time Written: 20100503021608.000000+120
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 7036
Message: Dienst "WMI-Leistungsadapter" befindet sich jetzt im Status "Ausgeführt".

Record Number: 29801
Source Name: Service Control Manager
Time Written: 20100503021608.000000+120
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "WMI-Leistungsadapter" gesendet.

Record Number: 29800
Source Name: Service Control Manager
Time Written: 20100503021608.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ***
Event Code: 7036
Message: Dienst "Java Quick Starter" befindet sich jetzt im Status "Ausgeführt".

Record Number: 29799
Source Name: Service Control Manager
Time Written: 20100503021601.000000+120
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: ***
Event Code: 4098
Message: SUperior Service has been started.

Record Number: 3529
Source Name: SUperior
Time Written: 20100428201940.000000+120
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 105
Message: The service was started.

Record Number: 3528
Source Name: ATI Smart
Time Written: 20100428201939.000000+120
Event Type: Informationen
User: 

Computer Name:***
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 3527
Source Name: SecurityCenter
Time Written: 20100428115635.000000+120
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 4098
Message: SUperior Service has been started.

Record Number: 3526
Source Name: SUperior
Time Written: 20100428115630.000000+120
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 105
Message: The service was started.

Record Number: 3525
Source Name: ATI Smart
Time Written: 20100428115629.000000+120
Event Type: Informationen
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\DivX Shared\;C:\Programme\SUperior SU;C:\Programme\Haufe\iDesk\iDeskService\;C:\Programme\QuickTime\QTSystem\;C:\Programme\Gemeinsame Dateien\Teleca Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 31 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=1f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
         

Logfile of random's system information tool 1.07 (written by random/random)
Run by *** at 2010-06-09 23:52:02
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (21%) free of 15 GB
Total RAM: 2047 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:52:10, on 09.06.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\SUperior SU\susrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\RSIT.exe
C:\Programme\trend micro\***.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [khijjjdrv] rundll32.exe "qomnkh.dll",s
O4 - HKLM\..\Run: [wvtqomsys] rundll32.exe "rqrqpp.dll",DllRegisterServer
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [opqonkdrv] rundll32.exe "qomnkh.dll",s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [cbyvvwdrv] rundll32.exe "qomnkh.dll",s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: suwlnfwd - C:\Programme\SUperior SU\suwlnfwd.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: SUperior - Stefan Kuhr Software - C:\Programme\SUperior SU\susrvc.exe

--
End of file - 4611 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
"khijjjdrv"=qomnkh.dll,s []
"wvtqomsys"=rqrqpp.dll,DllRegisterServer []
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ICQ"=C:\Programme\ICQ6.5\ICQ.exe [2009-11-16 172792]
"opqonkdrv"=qomnkh.dll,s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-23 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cbxwvtdrv]
pmnnlk.dll,s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Programme\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Programme\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Programme\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fcbcyvdrv]
pmnnlk.dll,s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jkhhgedrv]
pmnnlk.dll,s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexwareInfoService]
C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe [2008-11-03 339240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ljgeedsys]
rqrqpp.dll,DllRegisterServer []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\opmkkjsys]
rqrqpp.dll,DllRegisterServer []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qonlmnsys]
rqrqpp.dll,DllRegisterServer []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Programme\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-02-02 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUperior Switcher]
C:\Programme\SUperior SU\swtchsvc.exe [2004-07-24 274432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateMyDrivers]
C:\Programme\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe -t []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\urpoomdrv]
pmnnlk.dll,s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xxyvtudrv]
pmnnlk.dll,s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\suwlnfwd]
C:\Programme\SUperior SU\suwlnfwd.dll [2004-07-24 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
rqrqpp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Miranda IM\miranda32.exe"="C:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Programme\uTorrent\uTorrent.exe"="C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Spiele\Warcraft III\Warcraft III.exe"="D:\Spiele\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Programme\PFPortChecker\PFPortChecker.exe"="C:\Programme\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded."
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Programme\Sony Ericsson\Update Service\Update Service.exe"="C:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95e5b868-d7d3-11de-acda-00112fdc01cf}]
shell\AutoRun\command - G:\Menu.exe


======List of files/folders created in the last 1 months======

2010-06-09 23:52:02 ----D---- C:\rsit
2010-06-09 23:52:02 ----D---- C:\Programme\trend micro
2010-06-09 23:25:06 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
2010-06-09 23:19:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-06-09 23:19:48 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-06-09 23:02:35 ----D---- C:\Programme\CCleaner
2010-06-04 22:42:48 ----AH---- C:\WINDOWS\system32\qomnkh.dll
2010-06-04 20:24:07 ----AH---- C:\WINDOWS\system32\nnkhif.dll
2010-06-04 18:24:05 ----AH---- C:\WINDOWS\system32\yabbaw.dll
2010-06-04 17:24:08 ----AH---- C:\WINDOWS\system32\ddbxvu.dll
2010-06-04 17:03:57 ----D---- C:\Programme\Panda Security
2010-06-04 16:24:04 ----AH---- C:\WINDOWS\system32\ssrpqn.dll
2010-06-04 08:20:15 ----D---- C:\Programme\ESET
2010-06-04 01:57:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
2010-06-04 01:54:39 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpe2C3.dll
2010-06-04 01:53:20 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-06-04 01:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2010-06-04 01:52:45 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-06-04 01:52:13 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-06-04 01:34:12 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AdobeUM
2010-06-04 01:32:32 ----SHD---- C:\Config.Msi
2010-06-04 01:22:11 ----HD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
2010-06-04 01:22:11 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon
2010-06-04 01:03:42 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teleca
2010-06-04 01:01:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-04 01:01:27 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Ericsson
2010-06-04 01:01:22 ----D---- C:\Programme\Gemeinsame Dateien\Teleca Shared
2010-06-04 01:01:21 ----D---- C:\Programme\Sony Ericsson
2010-06-04 01:01:21 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
2010-06-04 00:59:29 ----D---- C:\WINDOWS\Downloaded Installations
2010-05-16 07:09:48 ----AH---- C:\WINDOWS\system32\awtqpo.dll
2010-05-16 01:11:01 ----AH---- C:\WINDOWS\system32\rqrqpp.dll
2010-05-15 17:35:55 ----RHD---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SecuROM
2010-05-15 17:35:55 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2010-05-15 13:26:43 ----N---- C:\WINDOWS\system32\difxapi.dll
2010-05-15 13:26:42 ----D---- C:\Programme\VIA

======List of files/folders modified in the last 1 months======

2010-06-09 23:52:06 ----D---- C:\WINDOWS\Prefetch
2010-06-09 23:52:02 ----RD---- C:\Programme
2010-06-09 23:50:10 ----D---- C:\WINDOWS\system32\drivers
2010-06-09 23:29:22 ----D---- C:\WINDOWS
2010-06-09 23:29:21 ----D---- C:\WINDOWS\Temp
2010-06-09 23:29:02 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
2010-06-09 23:27:29 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-09 23:27:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-09 23:04:03 ----D---- C:\WINDOWS\Minidump
2010-06-09 23:04:03 ----D---- C:\WINDOWS\Debug
2010-06-09 22:46:05 ----SHD---- C:\WINDOWS\Installer
2010-06-09 22:45:25 ----D---- C:\WINDOWS\system32
2010-06-09 01:13:05 ----SHD---- C:\WINDOWS\CSC
2010-06-08 20:43:56 ----SH---- C:\boot.ini
2010-06-08 20:43:56 ----A---- C:\WINDOWS\win.ini
2010-06-08 20:43:56 ----A---- C:\WINDOWS\system.ini
2010-06-08 20:43:08 ----SD---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft
2010-06-08 20:43:07 ----RSD---- C:\WINDOWS\assembly
2010-06-08 11:58:36 ----SHD---- C:\System Volume Information
2010-06-08 11:58:36 ----D---- C:\WINDOWS\system32\Restore
2010-06-07 02:26:36 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype
2010-06-07 01:21:23 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM
2010-06-04 17:04:36 ----HD---- C:\WINDOWS\inf
2010-06-04 08:36:01 ----D---- C:\Programme\Everest Poker.net
2010-06-04 08:35:47 ----D---- C:\Programme\Everest Poker
2010-06-04 07:56:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-04 07:56:23 ----D---- C:\WINDOWS\AppPatch
2010-06-04 01:54:27 ----HD---- C:\Programme\InstallShield Installation Information
2010-06-04 01:52:56 ----D---- C:\Programme\Windows Media Player
2010-06-04 01:52:20 ----D---- C:\WINDOWS\system32\LogFiles
2010-06-04 01:42:33 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-06-04 01:34:12 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe
2010-06-04 01:18:56 ----RSD---- C:\WINDOWS\Fonts
2010-06-04 01:18:54 ----D---- C:\Programme\Adobe
2010-06-04 01:18:54 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2010-06-04 01:03:47 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-04 01:01:45 ----D---- C:\WINDOWS\WinSxS
2010-06-04 01:01:22 ----D---- C:\Programme\Gemeinsame Dateien

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-02-02 2310720]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2010-06-04 27632]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\yukonwxp.sys [2003-11-10 174464]
S3 a0ar7fkf;a0ar7fkf; C:\WINDOWS\system32\drivers\a0ar7fkf.sys []
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 FETNDIS;VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Programme\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-05-03 153376]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 SUperior;SUperior; C:\Programme\SUperior SU\susrvc.exe [2004-07-24 81920]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Programme\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Programme\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------