Trojaner-Board - BACKDOOR enteckt

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - BACKDOOR enteckt (https://www.trojaner-board.de/79603-backdoor-enteckt.html)

BACKDOOR enteckt

Hallo Zusammen, ich habe vor kurzem ein BACKDOOR eingefangen.
Seitdem ist der Rechner langsamer geworden und Antivir findet immer wieder neue Viren - Trojaner, Dropper etc.
Ich habe die hier beschriebene Prozedur durchgeführt (CCClean, MalWare, RSIT)
und nun poste ich die log-files.
Könnte mir jemand helfen und sagen, ob ich vielleicht doch ohne reinstallation meines BS auskomme?!
Vielen Dank
Gruß
Artur

Antimalware log

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3202
Windows 5.1.2600 Service Pack 2

20.11.2009 22:09:20
mbam-log-2009-11-20 (22-09-12).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 202363
Laufzeit: 37 minute(s), 7 second(s)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 8
Infizierte Verzeichnisse: 0
Infizierte Dateien: 53

Infizierte Speicherprozesse:
C:\WINDOWS\msa.exe (Trojan.Agent) -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wab (Trojan.Agent) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wab (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediasolaris (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\d3ca20321.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\d3ca20321.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\d3ca20321.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\d3ca20321.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\d3ca20321.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\d3ca20321.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\d3ca20321.dll) Good: (wdmaud.drv) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\LOCALS~1\ANWEND~1\MACROM~1\Common\d3ca20321.dll) Good: (wdmaud.drv) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia\Common\d3ca203219.exe (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia\Common\d3ca20321.dll (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\HelpAssistant\Anwendungsdaten\Macromedia\Common\d3ca20321.dll (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\HelpAssistant\Anwendungsdaten\Macromedia\Common\d3ca203219.exe (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia\Common\d3ca203219.exe (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia\Common\d3ca203219.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP271\A0026154.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP271\A0026156.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028422.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028423.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028428.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028439.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028455.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028471.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028477.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028482.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028484.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028497.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028526.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028532.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0029598.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0029652.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028556.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028565.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028589.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028590.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028593.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028598.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0028599.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0029599.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0029653.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0030150.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0030411.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0030464.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0030465.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0030653.exe (Trojan.Agent) -> No action taken.
E:\Archiv\soft\RTR.exe (Trojan.Vundo) -> No action taken.
E:\Archiv\soft\brenn_soft\CloneDVD.2.8.9.2.Multilingual.Incl.Keygen-SnD\keygen.exe (Trojan.Downloader) -> No action taken.
E:\Archiv\soft\brenn_soft\Nero.Premium.Edition.v7.0.8.2.German.incl.KeyMaker\KeyGen\KeyMaker.exe (Trojan.Downloader) -> No action taken.
E:\Archiv\soft\eagle\CadSoft.Eagle.v4.16.German.Incl.Keymaker-AGAiN\AGAiN\Keygen.EXE (Trojan.Downloader) -> No action taken.
E:\Archiv\soft\WinampPro.v5.2.1.497-SnD\WinampPro.v5.56\crack\KeyGen.exe (Trojan.Downloader) -> No action taken.
E:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP271\A0026159.exe (Trojan.Downloader) -> No action taken.
E:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0030662.exe (Trojan.Downloader) -> No action taken.
E:\System Volume Information\_restore{37E35A1F-8813-4739-A9EA-51A2979F2014}\RP275\A0030665.EXE (Trojan.Downloader) -> No action taken.
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\wiaserva.log (Malware.Trace) -> No action taken.
C:\Dokumente und Einstellungen\HelpAssistant\Anwendungsdaten\wiaserva.log (Malware.Trace) -> No action taken.
C:\WINDOWS\msa.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\msacm32.drv (Trojan.Agent) -> No action taken.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\wuasirvy.dll (Trojan.Banker) -> No action taken.
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\c.exe (Trojan.Dropper) -> No action taken.
C:\Dokumente und Einstellungen\HelpAssistant\Lokale Einstellungen\Temp\c.exe (Trojan.Dropper) -> No action taken.

BACKDOOR enteckt Nr.2

RSIT log Log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Besitzer at 2009-11-20 22:16:56
Microsoft Windows XP Professional Service Pack 2
System drive C: has 87 GB (87%) free of 100 GB
Total RAM: 1023 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:13, on 20.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ASUS\Ai Booster\OverClk.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Besitzer\Desktop\RSIT.exe
C:\Dokumente und Einstellungen\Besitzer\Desktop\Besitzer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Programme\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WAB] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia\Common\d3ca203219.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6165 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-07-22 28160]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"Launch Ai Booster"=C:\Programme\ASUS\Ai Booster\OverClk.exe [2005-06-16 3627520]
"StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"CloneCDTray"=C:\Programme\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]
"NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"CanonSolutionMenu"=C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488]
"MaxMenuMgr"=C:\Programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2008-10-28 181544]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-07-31 149280]
"Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2004-08-04 1667584]
"PC Suite Tray"=C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]
"rundll32.exe"= []
"WAB"=C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia\Common\d3ca203219.exe [2009-11-20 18432]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Acrobat Assistant.lnk - C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-24 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93f261fc-7dce-4268-9edb-4c94f8afb899}"=C:\WINDOWS\system32\mscoree.dll [2005-09-23 270848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"J:\fsetup.exe"="J:\fsetup.exe:*:Enabled:AVM FSetup Application"
"C:\Programme\DCC295\DCC.exe"="C:\Programme\DCC295\DCC.exe:*:Enabled:Dreambox Control Center"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"E:\Archiv\soft\Emule_gekrackt\emule.exe"="E:\Archiv\soft\Emule_gekrackt\emule.exe:*:Enabled:eMule"
"C:\Programme\Ratajik Software\StationRipper\StationRipperConsole.exe"="C:\Programme\Ratajik Software\StationRipper\StationRipperConsole.exe:*:Enabled:StationRipperConsole"
"C:\Programme\RadioRipper\RadioRipper.exe"="C:\Programme\RadioRipper\RadioRipper.exe:*:Enabled:RadioRipper"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.ini - open - "C:\Programme\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"
.js - edit -
.js - open - "C:\Programme\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"
.txt - open - "C:\Programme\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"

======List of files/folders created in the last 1 months======

2009-11-20 22:16:56 ----D---- C:\rsit
2009-11-20 21:12:20 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes
2009-11-20 21:12:10 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-11-20 21:12:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-11-20 20:48:25 ----D---- C:\Programme\CCleaner
2009-11-14 15:51:00 ----A---- C:\WINDOWS\rasqervy.dll
2009-11-14 15:50:57 ----A---- C:\WINDOWS\sdfinacs.dll
2009-11-14 15:43:07 ----A---- C:\WINDOWS\sdfixwcs.dll
2009-11-07 00:38:53 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-11-07 00:29:12 ----HDC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-07 00:28:50 ----D---- C:\Programme\Lavasoft
2009-11-06 22:57:12 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\RadioRipper
2009-11-06 22:32:46 ----D---- C:\WINDOWS\RegisteredPackages
2009-11-06 22:32:19 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-11-06 22:32:19 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-11-06 21:02:34 ----D---- C:\Programme\RadioRipper
2009-11-02 21:34:22 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\streamripper
2009-11-02 21:34:05 ----D---- C:\Programme\Streamripper
2009-11-02 20:09:35 ----D---- C:\Programme\Ratajik Software
2009-11-02 19:48:58 ----D---- C:\Programme\No23 Recorder
2009-10-23 20:03:01 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-23 20:03:01 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-23 20:03:01 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2009-11-20 22:16:51 ----A---- C:\WINDOWS\wincmd.ini
2009-11-20 22:16:15 ----SD---- C:\WINDOWS\Tasks
2009-11-20 22:13:18 ----D---- C:\WINDOWS\Temp
2009-11-20 22:13:08 ----D---- C:\Programme\Mozilla Firefox
2009-11-20 22:12:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-20 22:11:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-20 22:09:52 ----AD---- C:\WINDOWS
2009-11-20 21:47:08 ----D---- C:\WINDOWS\system32
2009-11-20 21:12:12 ----D---- C:\WINDOWS\system32\drivers
2009-11-20 21:12:10 ----RD---- C:\Programme
2009-11-20 20:56:40 ----D---- C:\WINDOWS\Debug
2009-11-20 20:47:52 ----D---- C:\WINDOWS\Prefetch
2009-11-20 14:49:07 ----D---- C:\Dokumente und Einstellungen
2009-11-16 20:04:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-15 10:37:40 ----HD---- C:\WINDOWS\inf
2009-11-14 13:30:53 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia
2009-11-07 11:55:24 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-07 00:31:51 ----D---- C:\WINDOWS\security
2009-11-07 00:30:27 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-07 00:29:12 ----SHD---- C:\WINDOWS\Installer
2009-11-07 00:28:46 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-11-06 22:39:45 ----D---- C:\Programme\Winamp
2009-11-06 22:33:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-06 22:33:10 ----D---- C:\Programme\Windows Media Player
2009-11-06 21:02:35 ----RSD---- C:\WINDOWS\assembly
2009-10-23 20:02:54 ----D---- C:\Programme\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2004-10-14 4962]
R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2009-08-11 217664]
R2 ASInsHelp;ASInsHelp; \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R2 MLPTDR_N;MLPTDR_N; \??\C:\WINDOWS\system32\MLPTDR_N.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-02-24 19200]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-24 3331072]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2005-07-22 13440]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-07-22 26112]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-07-22 68864]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2008-11-05 223128]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-24 581632]
R2 FreeAgentGoNext Service;Seagate Service; C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-31 153376]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-23 593920]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2009-11-20 1184912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NBService;NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]

-----------------EOF-----------------

RSIT log Log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Besitzer at 2009-11-20 22:16:56
Microsoft Windows XP Professional Service Pack 2
System drive C: has 87 GB (87%) free of 100 GB
Total RAM: 1023 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:13, on 20.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ASUS\Ai Booster\OverClk.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programme\Seagate\SeagateManager\Sync\FreeAgent Service.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Besitzer\Desktop\RSIT.exe
C:\Dokumente und Einstellungen\Besitzer\Desktop\Besitzer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Programme\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WAB] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia\ Common\d3ca203219.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Programme\Seagate\SeagateManager\Sync\FreeAgent Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6165 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll [2009-07-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-07-22 28160]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"Launch Ai Booster"=C:\Programme\ASUS\Ai Booster\OverClk.exe [2005-06-16 3627520]
"StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"CloneCDTray"=C:\Programme\SlySoft\CloneCD\CloneCD Tray.exe [2005-05-19 57344]
"NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"CanonSolutionMenu"=C:\Programme\Canon\SolutionMen u\CNSLMAIN.exe [2008-03-11 689488]
"MaxMenuMgr"=C:\Programme\Seagate\SeagateManager\F reeAgent Status\StxMenuMgr.exe [2008-10-28 181544]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\ju sched.exe [2009-07-31 149280]
" Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2004-08-04 1667584]
"PC Suite Tray"=C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]
"rundll32.exe"= []
"WAB"=C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia\ Common\d3ca203219.exe [2009-11-20 18432]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Acrobat Assistant.lnk - C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-24 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{93f261fc-7dce-4268-9edb-4c94f8afb899}"=C:\WINDOWS\system32\mscoree.dll [2005-09-23 270848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Programme\Nokia\Nok ia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Programme\Gemein same Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"J:\fsetup.exe"="J:\fsetup.exe:*:Enabled:AVM FSetup Application"
"C:\Programme\DCC295\DCC.exe"="C:\Programme\DCC295 \DCC.exe:*:Enabledreambox Control Center"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme \Skype\Phone\Skype.exe:*:Enabled:Skype"
"E:\Archiv\soft\Emule_gekrackt\emule.exe"="E:\Arch iv\soft\Emule_gekrackt\emule.exe:*:Enabled:eMule"
"C:\Programme\Ratajik Software\StationRipper\StationRipperConsole.exe"=" C:\Programme\Ratajik Software\StationRipper\StationRipperConsole.exe:*: Enabled:StationRipperConsole"
"C:\Programme\RadioRipper\RadioRipper.exe"="C:\Pro gramme\RadioRipper\RadioRipper.exe:*:Enabled:Radio Ripper"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE :*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.ini - open - "C:\Programme\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"
.js - edit -
.js - open - "C:\Programme\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"
.txt - open - "C:\Programme\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"

======List of files/folders created in the last 1 months======

2009-11-20 22:16:56 ----D---- C:\rsit
2009-11-20 21:12:20 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebyte s
2009-11-20 21:12:10 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-11-20 21:12:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-11-20 20:48:25 ----D---- C:\Programme\CCleaner
2009-11-14 15:51:00 ----A---- C:\WINDOWS\rasqervy.dll
2009-11-14 15:50:57 ----A---- C:\WINDOWS\sdfinacs.dll
2009-11-14 15:43:07 ----A---- C:\WINDOWS\sdfixwcs.dll
2009-11-07 00:38:53 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-11-07 00:29:12 ----HDC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-07 00:28:50 ----D---- C:\Programme\Lavasoft
2009-11-06 22:57:12 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\RadioRipper
2009-11-06 22:32:46 ----D---- C:\WINDOWS\RegisteredPackages
2009-11-06 22:32:19 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-11-06 22:32:19 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-11-06 21:02:34 ----D---- C:\Programme\RadioRipper
2009-11-02 21:34:22 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\streamrippe r
2009-11-02 21:34:05 ----D---- C:\Programme\Streamripper
2009-11-02 20:09:35 ----D---- C:\Programme\Ratajik Software
2009-11-02 19:48:58 ----D---- C:\Programme\No23 Recorder
2009-10-23 20:03:01 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-23 20:03:01 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-23 20:03:01 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2009-11-20 22:16:51 ----A---- C:\WINDOWS\wincmd.ini
2009-11-20 22:16:15 ----SD---- C:\WINDOWS\Tasks
2009-11-20 22:13:18 ----D---- C:\WINDOWS\Temp
2009-11-20 22:13:08 ----D---- C:\Programme\Mozilla Firefox
2009-11-20 22:12:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-20 22:11:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-20 22:09:52 ----AD---- C:\WINDOWS
2009-11-20 21:47:08 ----D---- C:\WINDOWS\system32
2009-11-20 21:12:12 ----D---- C:\WINDOWS\system32\drivers
2009-11-20 21:12:10 ----RD---- C:\Programme
2009-11-20 20:56:40 ----D---- C:\WINDOWS\Debug
2009-11-20 20:47:52 ----D---- C:\WINDOWS\Prefetch
2009-11-20 14:49:07 ----D---- C:\Dokumente und Einstellungen
2009-11-16 20:04:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-15 10:37:40 ----HD---- C:\WINDOWS\inf
2009-11-14 13:30:53 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia
2009-11-07 11:55:24 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-07 00:31:51 ----D---- C:\WINDOWS\security
2009-11-07 00:30:27 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-07 00:29:12 ----SHD---- C:\WINDOWS\Installer
2009-11-07 00:28:46 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-11-06 22:39:45 ----D---- C:\Programme\Winamp
2009-11-06 22:33:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-06 22:33:10 ----D---- C:\Programme\Windows Media Player
2009-11-06 21:02:35 ----RSD---- C:\WINDOWS\assembly
2009-10-23 20:02:54 ----D---- C:\Programme\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2004-10-14 4962]
R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2009-08-11 217664]
R2 ASInsHelp;ASInsHelp; \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R2 MLPTDR_N;MLPTDR_N; \??\C:\WINDOWS\system32\MLPTDR_N.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-02-24 19200]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-24 3331072]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2005-07-22 13440]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-07-22 26112]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-07-22 68864]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2008-11-05 223128]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-24 581632]
R2 FreeAgentGoNext Service;Seagate Service; C:\Programme\Seagate\SeagateManager\Sync\FreeAgent Service.exe [2008-10-28 156968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-31 153376]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-23 593920]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2009-11-20 1184912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2005-09-23 66240]
S3 NBService;NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-11-20 22:17:14

======Uninstall list======

-->C:\Programme\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ActivePerl 5.10.0 Build 1001-->MsiExec.exe /I{E2BD3BFB-8D1D-410D-B2F1-3BE80B7FFF72}
Ad-Aware-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch-->MsiExec.exe /I{AC76BA86-1033-F400-7760-000000000001}
Adobe Acrobat and Reader 6.0.3 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Acrobat and Reader 6.0.5 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
Adobe Acrobat and Reader 6.0.6 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000606}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Ai Booster-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{74BF0A46-DF67-4D86-B038-BF0E51871B66}\Setup.exe" -l0x9
AnyDVD-->"C:\Programme\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Programme\SlySoft\AnyDVD"
ASUS Probe V2.24.10-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Asus Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Asus Probe\probunis.dll"
AsusUpdate-->C:\WINDOWS\IsUninst.exe -fC:\Programme\ASUS\AsusUpdate\Uninst.isu
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x7
ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x336d
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
AVM FRITZ!Box Dokumentation-->C:\Programme\FRITZ!Box\install.exe -d
AVM FRITZ!Box Druckeranschluss-->C:\Programme\FRITZ!BoxPrint\install.exe -d
Canon MP Navigator EX 2.0-->"C:\Programme\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Programme\Canon\MP Navigator EX 2.0\uninst.ini
Canon Utilities Solution Menu-->C:\Programme\Canon\SolutionMenu\uninst.exe uninst.ini
CanoScan LiDE 200 Scanner Driver-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807 /L0x0007
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
CloneCD-->"C:\Programme\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Programme\SlySoft\CloneCD"
CloneDVD2-->"C:\Programme\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Programme\Elaborate Bytes\CloneDVD2"
CloneDVDmobile-->"C:\Programme\SlySoft\CloneDVDmobile\CloneDVDmobile-uninst.exe" /D="C:\Programme\SlySoft\CloneDVDmobile"
Cool & Quiet-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\Setup.exe" -l0x9
dm Fotowelt-->"C:\Programme\dm\dm Fotowelt\uninstall.exe"
DreamBoxEdit -- The one and only settings editor for your Dreambox-->C:\Programme\DreamBoxEdit\uninstall.exe
DVD Shrink 3.2-->"C:\Programme\DVD Shrink\unins000.exe"
DVDFab (remove only)-->"C:\Programme\DVDFab\uninstall.exe"
DVD-lab PRO 2.2-->"C:\Programme\DVDlabPro2\unins000.exe"
Gigaset QuickSync-->MsiExec.exe /I{AD125416-47EC-4255-88FF-205EF64D3DB2}
HijackThis 2.0.2-->"C:\Dokumente und Einstellungen\Besitzer\Desktop\HijackThis.exe" /uninstall
ImgBurn (Remove Only)-->"C:\Programme\ImgBurn\uninstall.exe"
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
KONICA MINOLTA PagePro 1300W-->MUINST_N.EXE /PRN:"KONICA MINOLTA PagePro 1300W"
Lizardtech DjVu Control-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x7
Logitech SetPoint-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x7 -removeonly
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.14)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MPEG Suite 2001r2-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-MPEG Suite 2001r2.dat
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Multimedia Card Reader-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0AFECCA6-61A0-409F-9205-67613984209D} /l1031
Nero 7-->MsiExec.exe /I{4908C75E-E5E2-43F7-B1DF-023CBA831031}
No23 Recorder-->MsiExec.exe /X{22B0E143-2B0B-435B-9F56-136A3D16065F}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia PC Suite-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_ger.exe
Nokia PC Suite-->MsiExec.exe /I{3D39E775-DDDA-4327-B747-0BDC5F191331}
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
PC Connectivity Solution-->MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Seagate Manager Installer-->"C:\Programme\InstallShield Installation Information\{71883667-71F2-48A1-AB72-28D518D8AC4A}\setup.exe" -runfromtemp -l0x0407 -removeonly
Seagate Manager Installer-->MsiExec.exe /X{71883667-71F2-48A1-AB72-28D518D8AC4A}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Streamripper (Remove only)-->C:\Programme\Streamripper\Uninstall.exe
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
TrueCrypt-->"C:\Programme\TrueCrypt\TrueCrypt Setup.exe" /u
UltraCompare Professional-->"C:\Programme\IDM Computer Solutions\UltraCompare\Uninstall.exe" "C:\Programme\IDM Computer Solutions\UltraCompare\install.log" -u
UltraEdit-32-->"C:\Programme\IDM Computer Solutions\UltraEdit-32\Uninstall.exe" "C:\Programme\IDM Computer Solutions\UltraEdit-32\ueinstall.log" -u
VLC media player 0.9.4-->C:\Programme\VideoLAN\VLC\uninstall.exe
Winamp Offizielle Deutsche Sprachdatei v5.56-->C:\Programme\Winamp\UninstWA_DE.exe
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_C08496D7A0050438DFE13C55799AE2D4157A8E7A\nokia_bluetooth.inf
Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_9C48E34C57B7D4AAE5FFF5FB9B476B538394FD30\nokbtmdm.inf
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR-->C:\Programme\WinRAR\uninstall.exe
WinZip-->"C:\Programme\WinZip\WINZIP32.EXE" /uninstall

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: *********
Event Code: 7036
Message: Dienst "WMI-Leistungsadapter" befindet sich jetzt im Status "Beendet".

Record Number: 16360
Source Name: Service Control Manager
Time Written: 20090928195341.000000+120
Event Type: Informationen
User:

Computer Name: *********
Event Code: 7036
Message: Dienst "SSDP-Suchdienst" befindet sich jetzt im Status "Ausgeführt".

Record Number: 16359
Source Name: Service Control Manager
Time Written: 20090928195341.000000+120
Event Type: Informationen
User:

Computer Name: *********
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "SSDP-Suchdienst" gesendet.

Record Number: 16358
Source Name: Service Control Manager
Time Written: 20090928195340.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: *********
Event Code: 7036
Message: Dienst "WMI-Leistungsadapter" befindet sich jetzt im Status "Ausgeführt".

Record Number: 16357
Source Name: Service Control Manager
Time Written: 20090928195340.000000+120
Event Type: Informationen
User:

Computer Name: *********
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "WMI-Leistungsadapter" gesendet.

Record Number: 16356
Source Name: Service Control Manager
Time Written: 20090928195340.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: *********
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 2754
Source Name: SecurityCenter
Time Written: 20090425183147.000000+120
Event Type: Informationen
User:

Computer Name: *********
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!

Record Number: 2753
Source Name: Avira AntiVir
Time Written: 20090425183142.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: *********
Event Code: 105
Message: The service was started.

Record Number: 2752
Source Name: ATI Smart
Time Written: 20090425183132.000000+120
Event Type: Informationen
User:

Computer Name: *********
Event Code: 101
Message: wuauclt (3840) Das Datenbankmodul wurde beendet.

Record Number: 2751
Source Name: ESENT
Time Written: 20090425093013.000000+120
Event Type: Informationen
User:

Computer Name: *********
Event Code: 103
Message: wuaueng.dll (3840) SUS20ClientDataStore: Das Datenbankmodul hat die Instanz (0) beendet.

Record Number: 2750
Source Name: ESENT
Time Written: 20090425093013.000000+120
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\PC Connectivity Solution\;C:\Perl\site\bin;C:\Perl\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI.ACE\Core-Static;C:\Programme\IDM Computer Solutions\UltraEdit-32
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 55 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=3702
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Hallo und :hallo:

Alleine deine Keygens qualifizieren dich fürs Neuaufsetzten.

Bitte folge diesen Links:

http://www.trojaner-board.de/75622-d...ittierung.html

http://www.trojaner-board.de/51262-a...sicherung.html

Und...für hinterher:
http://www.trojaner-board.de/73206-s...tml#post438298

Und von Keygens lässte gleich die Finger...

Ich habe aber alle infizierten Dateien gelöscht(keygens usw.). Trotzdem muss ich das System neu aufsetzen?