Trojaner-Board - Rest unsichtbare Objekte

Hallo Ralf,

uff das ist aber eine Zumutung für Dich, so viel zu lesen, aber ich poste mal, was sich ergeben hat.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4157

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

31.05.2010 10:46:02
mbam-log-2010-05-31 (10-46-02).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 117709
Laufzeit: 8 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 3
Infizierte Registrierungsschlüssel: 15
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 11

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
D:\Programme\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Delete on reboot.
D:\Programme\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
D:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Infizierte Dateien:
D:\Programme\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Delete on reboot.
D:\Programme\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
D:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rasqervy.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\sdfinacs.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\sdfixwcs.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wuasirvy.dll (Trojan.Banker) -> Quarantined and deleted successfully.

info.txtRSIT Logfile:

Code:

logfile of random's system information tool 1.06 2010-05-31 10:53:30
 

======Uninstall list======
 

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNNMP.exe /UNINSTALL

-->D:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

AC2-FileShredder 1.1-->D:\Programme\A-Coder2 FileShredder\uninst.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}

Ask Toolbar-->rundll32 D:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O 

Avira AntiVir Personal - Free Antivirus-->D:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE

CCleaner-->"D:\Programme\CCleaner\uninst.exe"

Free PDF to Word Doc Converter v1.1-->"D:\Programme\Free PDF to Word Doc Converter\unins000.exe"

FrostWire 4.18.6-->D:\Programme\FrostWire\Uninstall.exe

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall

IrfanView (remove only)-->D:\Programme\IrfanView\iv_uninstall.exe

Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}

Kaspersky Anti-Virus 2010-->MsiExec.exe /I{943B6738-4801-4982-90EC-0442EF7AEB16}

Kaspersky Anti-Virus 2010-->MsiExec.exe /I{943B6738-4801-4982-90EC-0442EF7AEB16}

Malwarebytes' Anti-Malware-->"D:\Programme\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft Office 97, Professional Edition-->D:\Programme\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Mozilla Firefox (3.6.3)-->D:\Programme\Mozilla Firefox\uninstall\helper.exe

Nero Suite-->C:\Programme\Gemeinsame Dateien\Ahead\Uninstall\Setup.exe /uninstall

Neue deutsche Rechtschreibung für Microsoft Office 9x-->D:\PROGRA~1\MICROS~1\RECHTS~1\UNWISE.EXE D:\PROGRA~1\MICROS~1\RECHTS~1\INSTALL.LOG

REALTEK GbE & FE Ethernet PCI-E NIC Driver-->D:\Programme\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0007 -removeonly

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x7  -removeonly
 

SMC2602W 11Mbps Wireless PCI Card-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F15CD7D0-633F-4A3F-80F7-C0BC4EE90B28} 

Winamp-->"D:\Programme\Winamp\UninstWA.exe"

Windows Media Format Runtime-->"D:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
 

======Hosts File======
 

127.0.0.1 99.189.54

127.0.0.1 99.189.52

127.0.0.1 99.14.103

127.0.0.1 98.223.73

127.0.0.1 97.80.137

127.0.0.1 95.134.16

127.0.0.1 95.133.8.

127.0.0.1 95.133.23

127.0.0.1 95.133.23

127.0.0.1 95.133.14
 

======Security center information======
 

AV: AntiVir Desktop

AV: Kaspersky Anti-Virus
 

======System event log======
 

Computer Name: PRAXIS

Event Code: 7036

Message: Dienst "WMI-Leistungsadapter" befindet sich jetzt im Status "Beendet".
 

Record Number: 26076

Source Name: Service Control Manager

Time Written: 20100222084635.000000+060

Event Type: Informationen

User: 
 

Computer Name: PRAXIS

Event Code: 7036

Message: Dienst "Gatewaydienst auf Anwendungsebene" befindet sich jetzt im Status "Ausgeführt".
 

Record Number: 26075

Source Name: Service Control Manager

Time Written: 20100222084635.000000+060

Event Type: Informationen

User: 
 

Computer Name: PRAXIS

Event Code: 7035

Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Gatewaydienst auf Anwendungsebene" gesendet.
 

Record Number: 26074

Source Name: Service Control Manager

Time Written: 20100222084635.000000+060

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: PRAXIS

Event Code: 7036

Message: Dienst "WMI-Leistungsadapter" befindet sich jetzt im Status "Ausgeführt".
 

Record Number: 26073

Source Name: Service Control Manager

Time Written: 20100222084635.000000+060

Event Type: Informationen

User: 
 

Computer Name: PRAXIS

Event Code: 7035

Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "WMI-Leistungsadapter" gesendet.
 

Record Number: 26072

Source Name: Service Control Manager

Time Written: 20100222084635.000000+060

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

=====Application event log=====
 

Computer Name: PRAXIS

Event Code: 102

Message: wuaueng.dll (1592) SUS20ClientDataStore: Das Datenbankmodul hat eine neue Instanz gestartet (0).
 

Record Number: 3553

Source Name: ESENT

Time Written: 20100426082440.000000+120

Event Type: Informationen

User: 
 

Computer Name: PRAXIS

Event Code: 100

Message: wuauclt (1592) Das Datenbankmodul 5.01.2600.2180 ist gestartet.
 

Record Number: 3552

Source Name: ESENT

Time Written: 20100426082440.000000+120

Event Type: Informationen

User: 
 

Computer Name: PRAXIS

Event Code: 4096

Message: Der AntiVir Dienst wurde erfolgreich gestartet!
 

Record Number: 3551

Source Name: Avira AntiVir

Time Written: 20100426082405.000000+120

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: PRAXIS

Event Code: 1800

Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
 

Record Number: 3550

Source Name: SecurityCenter

Time Written: 20100426082355.000000+120

Event Type: Informationen

User: 
 

Computer Name: PRAXIS

Event Code: 101

Message: wuauclt (1608) Das Datenbankmodul wurde beendet.
 

Record Number: 3549

Source Name: ESENT

Time Written: 20100423075945.000000+120

Event Type: Informationen

User: 
 

======Environment variables======
 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel

"PROCESSOR_REVISION"=1c02

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP
 

-----------------EOF-----------------

--- --- ---

RSIT Logfile:

Code:

Logfile of random's system information tool 1.07 (written by random/random)

Run by Markus at 2010-05-31 10:53:17

Microsoft Windows XP Home Edition Service Pack 2

System drive C: has 27 GB (85%) free of 32 GB

Total RAM: 1015 MB (51% free)
 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:53:25, on 31.05.2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Programme\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

D:\Programme\Avira\AntiVir Desktop\avguard.exe

D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

D:\Programme\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\igfxsrvc.exe

D:\Programme\Java\jre6\bin\jusched.exe

D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

D:\Programme\Avira\AntiVir Desktop\avshadow.exe

D:\Programme\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe

D:\Programme\Microsoft Office\Office\OSA.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

D:\Programme\Microsoft Office\Office\Winword.exe

D:\Programme\Malwarebytes' Anti-Malware\mbam.exe

D:\Programme\Mozilla Firefox\firefox.exe

D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe

C:\Dokumente und Einstellungen\Markus\Desktop\RSIT.exe

D:\Programme\trend micro\Markus.exe
 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://www.winamp.com/player

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programme\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVP] "D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Office-Start.lnk = D:\Programme\Microsoft Office\Office\OSA.EXE

O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programme\Java\jre6\bin\jqs.exe
 

--

End of file - 5169 bytes
 

======Registry dump======
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

Ask Search Assistant BHO - D:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2009-01-27 66912]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]

IEVkbdBHO Class - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-10-20 68112]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - D:\Programme\Java\jre6\bin\jp2ssv.dll [2009-06-30 41368]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]

FilterBHO Class - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-10-20 268816]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-30 73728]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-07 16860672]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

"SunJavaUpdateSched"=D:\Programme\Java\jre6\bin\jusched.exe [2009-06-30 148888]

"AVP"=D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340456]

"avgnt"=D:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
 

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart

Adobe Reader Speed Launch.lnk - D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Office-Start.lnk - D:\Programme\Microsoft Office\Office\OSA.EXE
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\WINDOWS\system32\klogon.dll [2009-10-20 219664]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"D:\Programme\FrostWire\FrostWire.exe"="D:\Programme\FrostWire\FrostWire.exe:*:Enabled:FrostWire"

"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:enable"
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
 

======List of files/folders created in the last 1 months======
 

2010-05-31 10:53:18 ----D---- D:\Programme\trend micro

2010-05-31 10:53:17 ----D---- C:\rsit

2010-05-31 10:35:04 ----D---- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Malwarebytes

2010-05-31 10:34:50 ----D---- D:\Programme\Malwarebytes' Anti-Malware

2010-05-31 10:34:50 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

2010-05-31 10:27:28 ----D---- D:\Programme\CCleaner

2010-05-31 09:02:23 ----D---- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Avira

2010-05-31 08:59:50 ----D---- D:\Programme\Avira

2010-05-31 08:59:50 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira

2010-05-31 08:16:12 ----D---- D:\Programme\Kaspersky Lab

2010-05-31 08:16:12 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab

2010-05-31 08:10:01 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files

2010-05-21 09:53:25 ----D---- C:\WINDOWS\system32\LogFiles

2010-05-20 08:44:34 ----D---- C:\WINDOWS\system32\NtmsData

2010-05-19 08:48:39 ----A---- C:\feed.txt
 

======List of files/folders modified in the last 1 months======
 

2010-05-31 10:53:20 ----D---- C:\WINDOWS\Prefetch

2010-05-31 10:49:17 ----D---- C:\WINDOWS

2010-05-31 10:49:04 ----D---- C:\WINDOWS\Temp

2010-05-31 10:49:02 ----D---- C:\WINDOWS\system32\CatRoot2

2010-05-31 10:48:06 ----D---- C:\WINDOWS\system32\drivers

2010-05-31 10:48:06 ----D---- C:\WINDOWS\Media

2010-05-31 10:47:46 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-05-31 10:46:02 ----D---- C:\WINDOWS\system32

2010-05-31 10:30:49 ----D---- C:\WINDOWS\Minidump

2010-05-31 10:30:49 ----D---- C:\WINDOWS\Debug

2010-05-31 09:02:58 ----D---- C:\WINDOWS\Registration

2010-05-31 08:17:26 ----SHD---- C:\WINDOWS\Installer

2010-05-31 08:16:57 ----HD---- C:\WINDOWS\inf

2010-05-20 08:44:34 ----D---- C:\WINDOWS\repair

2010-05-19 08:29:55 ----SHD---- C:\System Volume Information

2010-05-19 08:29:55 ----D---- C:\WINDOWS\system32\Restore

2010-05-18 08:49:02 ----D---- D:\Programme\Mozilla Firefox
 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R1 avgio;avgio; \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 40192]

R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys []

R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-05-31 315408]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-09 4703744]

R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-05-07 106368]

R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-17 26624]

R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-17 57600]

R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-17 20480]

S1 kbdhid;kbdhid; C:\WINDOWS\system32\drivers\kbdhid.sys [2004-08-17 14848]

S3 Am772;SMC2602W 11 Mbps Wireless 802.11 Adapter; C:\WINDOWS\system32\DRIVERS\Am772.sys [2004-02-12 174278]

S3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-17 9600]

S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-17 12288]

S3 RTL8169;Realtek 8169 NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]

S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 UXDCMN;UXDCMN; \??\c:\WinStress\UXDCMN.SYS []

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Programme\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]

R2 AntiVirService;Avira AntiVir Guard; D:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-05-31 267432]

R2 AVP;Kaspersky Anti-Virus; D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340456]

R2 JavaQuickStarterService;Java Quick Starter; D:\Programme\Java\jre6\bin\jqs.exe [2009-06-30 152984]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
 

-----------------EOF-----------------

--- --- ---