Antimaleware Doctor entfernt - Logfiles zur Auswertung

dare2b

Guten Abend Liebe trojaner-board.de´ler

habe mir auf meinem Notebook heute den Antimalware Doctor eingefangen...
Nach kurzem googlen bin ich dann auch direkt bei Euch gelandet und muss erst mal sagen:
Daumen hoch!!!
Hatte bisher noch nie probleme mit Viren/Trojanern (auf jeden Fall nie bemerkt ) und hab hier eine sehr gute Anleitung zum entfernen gefunden.
Bin ein totaler PC Laie und konnte trotzdem etwas damit anfangen...Vielen Dank also schon mal!!!!

Jetzt meine Bitte / Problem:

Bin wie gesagt Eurer Anleitung ( http://www.trojaner-board.de/83172-a...entfernen.html ) gefolgt und denke auch, dass der "Doctor" weg ist (nachdem ich Malwarebytes hab laufen lassen und den Rechner neu gestartet habe, kam kein POP-Up Fenster mehr...)

Ihr schreibt ja aber, dass ich noch mal diese LOG-Files zum überprüfen hier hichladen soll. Daher meine Bitte, ob mir jemand sagen kann, ob jetzt alles OK ist und das Programm wirklich entfernt wurde?!?!

Hier die Auswertungen:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4042

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

27.04.2010 17:31:33
mbam-log-2010-04-27 (17-31-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 166615
Laufzeit: 34 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 10
Infizierte Registrierungswerte: 29
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 1
Infizierte Dateien: 90

Infizierte Speicherprozesse:
C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Trojan.Downloader) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\_tey-t0nrzt (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ed6a00d8-c592-00a7-0052-022d0a607fcf} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ed6a00d8-c592-00a7-0052-022d0a607fcf} (Adware.AdRotator) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intelzeroconfig (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newupdate1142c.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newupdate1142c .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hcontrol (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdcpl (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\alcmtr (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asus live update (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nb probe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wireless console (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syntplpr (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syntpenh (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\atipta (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intelwireless (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eouapp (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sunjavaupdatesched (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winampagent (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\opwarese2 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\easy-printtoolbox (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\NeroCheck.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nerofiltercheck (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobe reader speed launcher (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fixcamera (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\snpstd3 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tsnpstd3 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: c:\dokumente und einstellungen\sven\anwendungsdaten\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\sdra64.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Infizierte Dateien:
C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\B1FCC6ED88EB7E920B847EE6CC15E14F\newupdate1142C.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Sven\anwendungsdaten\b1fcc6ed88eb7e920b847ee6cc15e14f\newupdate1142c .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\ATK0100\HControl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rthdcpl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\alcmtr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\Asus\ASUS Live Update\alu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\Asus\NB Probe\NBProbe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\Asus\Wireless Console\wcourier.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\Java\jre6\bin\jusched.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\Winamp\winampa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\Canon\Easy-PrintToolBox\bjpsmain.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NeroCheck.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\FixCamera.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\vsnpstd3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\tsnpstd3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_TEY-t0nRzT.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rthdcpl .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\alcmtr .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Sven\Eigene Dateien\Downloads\Everest Poker(3).exe (PUP.Casino) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Sven\Lokale Einstellungen\Temp\tyysqcc .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\sdra64.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\Internet Explorer\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\Asus\Power4 Gear\batterylife.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\Windows Live\Messenger\msnmsgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000004.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000005.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000006.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000007.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000008.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000009.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000010.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000011.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000012.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000013.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000014.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000015.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000016.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000017.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000018.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000019.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000020.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000021.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000022.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000023.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000024.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000036.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000037.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000039.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000040.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000041.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000042.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000043.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000044.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000045.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000046.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000047.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000048.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000049.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000050.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000051.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000052.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000053.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000054.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000055.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000056.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000057.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000058.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000059.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Recycled\Dc42.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Recycled\Dc43.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Recycled\Dc67.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Recycled\Dc72.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\Dokumente und Einstellungen\Sven\Startmenü\Programme\Autostart\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Sven\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Sven\Startmenü\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
C:\WINDOWS\system32\bU-o24-d__us4.dll (Adware.AdRotator) -> Quarantined and deleted successfully.




info.txt logfile of random's system information tool 1.06 2010-04-27 18:42:59

======Uninstall list======

-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN0407.EXE -f"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\Setup.exe" -l0x7
Asus ChkMail-->C:\WINDOWS\IsUninst.exe -f"C:\Programme\Asus\Asus ChkMail\Uninst.isu"
ASUS Live Update-->C:\WINDOWS\IsUninst.exe -f"C:\Programme\ASUS\ASUS Live Update\Uninst.isu" -c"C:\Programme\ASUS\ASUS Live Update\Uninst.dll"
Asus_A6_ScreenSaver-->C:\WINDOWS\Asus_A6_ScreenSaver.scr /u
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
ATI Systemsteuerung-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATK0100 ACPI UTILITY-->C:\WINDOWS\ATK0100\XPunin.exe
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
BeCyBookKeeper-->C:\Programme\BeCyBookKeeper\UnInstall.exe
Bullzip PDF Printer 7.1.0.1007-->"C:\Programme\Bullzip\PDF Printer\unins000.exe"
Canon CanoScan Toolbox 4.9-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x7 anything
Canon iP5200-->C:\WINDOWS\system32\CNMCP79.exe "-PRINTERNAMECanon iP5200" "-HELPERDLLC:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP5200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0407.dll"
Canon ScanGear Starter-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x7 anything
Canon Setup Utility 2.0-->"C:\Programme\Canon\Canon Setup Utility 2.0\Maint.exe" /Uninstall C:\Programme\Canon\Canon Setup Utility 2.0\uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Programme\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
CD-LabelPrint-->"C:\Programme\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Easy-WebPrint-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\Canon\Easy-WebPrint\Uninst.isu
Everest Casino (Remove Only)-->C:\Programme\Everest Casino\cstart.exe /uninstall
Everest Poker (Remove Only)-->C:\Programme\Everest Poker\cstart.exe /uninstall
GoldWave v5.52-->"C:\Programme\GoldWave\unstall.exe" "GoldWave v5.52" "C:\Programme\GoldWave\unstall.log"
Google Earth-->MsiExec.exe /X{08C0729E-3E50-11DF-9D81-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GPL Ghostscript Lite 8.64-->"C:\Programme\Bullzip\PDF Printer\gs\unins000.exe"
GTK+ Runtime 2.14.7 rev a (nur entfernen)-->C:\Programme\Gemeinsame Dateien\GTK\2.0\uninst.exe
HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Programme\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_10431966
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HyperCam 2-->C:\Programme\HyCam2\UnHyCam2.exe
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Manual CanoScan LiDE 60-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{23B72D50-1C7E-491C-8086-9E060051D316}\setup.exe" -l0x7
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU.msi-->MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MIKSOFT Mobile AMR converter-->"C:\Programme\MIKSOFT\Mobile AMR converter\unins000.exe"
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.6.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Programme\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{7CD7A451-7224-49C8-95EF-9A1859C66607}
NB Probe-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.exe" -l0x9
Nero Suite-->C:\Programme\Gemeinsame Dateien\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
OpenOffice.org 3.1-->MsiExec.exe /I{D765F1CE-5AE5-4C47-B134-AE58AC474740}
PC Camera-168-->C:\Programme\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\setup.exe -runfromtemp -l0x0007 -removeonly
Pidgin-->C:\Programme\Pidgin\pidgin-uninst.exe
Power4 Gear-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4462AD13-F2AA-4CBD-9F95-293C38EED870}\setup.exe" -l0x9
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x7 -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sicherheitsupdate für Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9L$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB981350)-->"C:\WINDOWS\$NtUninstallKB981350$\spuninst\spuninst.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update für Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
Update für Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
VLC media player 1.0.2-->C:\Programme\VideoLAN\VLC\uninstall.exe
Wacom Tablett-->C:\Programme\Tablet\Wacom\Remove.exe /u
WAV to MP3-->C:\WAVTOMP3\Uninstal.exe
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinFlash-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9
WinRAR-->C:\Programme\WinRAR\uninstall.exe
Wireless Console-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\setup.exe" -l0x9 -removeonly

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: PCSVEN
Event Code: 7036
Message: Dienst "Google Update Service (gupdate)" befindet sich jetzt im Status "Beendet".

Record Number: 8704
Source Name: Service Control Manager
Time Written: 20100302080324.000000+060
Event Type: Informationen
User:

Computer Name: PCSVEN
Event Code: 17
Message: AVGNTFLT successfully loaded

Record Number: 8703
Source Name: avgntflt
Time Written: 20100302080311.000000+060
Event Type: Informationen
User:

Computer Name: PCSVEN
Event Code: 83
Message: Port A is down

Record Number: 8702
Source Name: yukonwxp
Time Written: 20100302080311.000000+060
Event Type: Informationen
User:

Computer Name: PCSVEN
Event Code: 7036
Message: Dienst "Computerbrowser" befindet sich jetzt im Status "Beendet".

Record Number: 8701
Source Name: Service Control Manager
Time Written: 20100302080259.000000+060
Event Type: Informationen
User:

Computer Name: PCSVEN
Event Code: 7036
Message: Dienst "Gatewaydienst auf Anwendungsebene" befindet sich jetzt im Status "Ausgeführt".

Record Number: 8700
Source Name: Service Control Manager
Time Written: 20100302080257.000000+060
Event Type: Informationen
User:

=====Application event log=====

Computer Name: PCSVEN
Event Code: 0
Message:
Record Number: 5
Source Name: RegSrvc
Time Written: 20091218195228.000000+060
Event Type: Informationen
User:

Computer Name: PCSVEN
Event Code: 0
Message:
Record Number: 4
Source Name: OwnershipProtocol
Time Written: 20091218195228.000000+060
Event Type: Informationen
User:

Computer Name: PCSVEN
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 3
Source Name: LightScribeService
Time Written: 20091218195227.000000+060
Event Type: Informationen
User:

Computer Name: PCSVEN
Event Code: 0
Message:
Record Number: 2
Source Name: gupdate
Time Written: 20091218195227.000000+060
Event Type: Informationen
User:

Computer Name: PCSVEN
Event Code: 0
Message:
Record Number: 1
Source Name: EvtEng
Time Written: 20091218195225.000000+060
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


Logfile of random's system information tool 1.06 (written by random/random)
Run by Sven at 2010-04-27 18:42:57
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 25 GB (57%) free of 45 GB
Total RAM: 1023 MB (65% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Programme\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"msnmsgr"=c:\programme\windows live\messenger\msnmsgr .exe [2009-07-26 3883840]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
ASUS ChkMail.lnk - C:\Programme\Asus\Asus ChkMail\ChkMail.exe
Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Dokumente und Einstellungen\Sven\Startmenü\Programme\Autostart
OpenOffice.org 3.1.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-30 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Programme\Intel\Wireless\Bin\LgNotify.dll [2005-05-31 110592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Java\jre6\bin\javaw.exe"="C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{122122cc-b49e-11de-9583-0015f237a387}]
shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b602422-b506-11de-b680-0015003e2b44}]
shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a0090d8-39c8-11df-b797-0015003e2b44}]
shell\AutoRun\command - H:\Get_Started_for_Win.exe


======List of files/folders created in the last 1 months======

2010-04-27 18:42:57 ----D---- C:\rsit
2010-04-27 18:42:57 ----D---- C:\Programme\trend micro
2010-04-27 18:10:47 ----D---- C:\Programme\CCleaner
2010-04-27 16:52:22 ----D---- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Malwarebytes
2010-04-27 16:51:35 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-04-27 16:51:35 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-04-27 13:39:56 ----D---- C:\WINDOWS\system32\LogFiles
2010-04-27 13:35:08 ----D---- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\B1FCC6ED88EB7E920B847EE6CC15E14F
2010-04-27 13:35:07 ----A---- C:\feed.txt
2010-04-15 00:27:39 ----HD---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-15 00:27:27 ----HD---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-15 00:27:21 ----HD---- C:\WINDOWS\$NtUninstallKB981350$
2010-04-15 00:27:14 ----HD---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-15 00:27:08 ----HD---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-15 00:27:02 ----HD---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-15 00:26:55 ----HD---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-15 00:26:38 ----HD---- C:\WINDOWS\$NtUninstallKB979402_WM9L$
2010-03-31 17:25:32 ----HD---- C:\WINDOWS\$NtUninstallKB980182$
2010-03-29 12:42:17 ----D---- C:\Programme\BeCyBookKeeper

======List of files/folders modified in the last 1 months======

2010-04-27 18:29:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-26 12:08:46 ----A---- C:\WINDOWS\a20.ini
2010-04-21 12:32:56 ----A---- C:\WINDOWS\win.ini
2010-04-14 23:55:12 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40192]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-10-09 17801]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R2 ghaio;ghaio; \??\C:\Programme\ASUS\NB Probe\SPM\ghaio.sys []
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-01-16 13059]
R2 s24trans;WLAN-Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-05-03 11354]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-30 1333760]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-01-16 1036928]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-01-16 163328]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-07 3959808]
R3 irsir;Microsoft serieller Infrarottreiber; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-12-21 186240]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-04-30 3281408]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2008-07-11 13352]
R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-01-16 702592]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\yukonwxp.sys [2004-06-01 142464]
S3 Asushwio;Asushwio; \??\C:\WINDOWS\system32\drivers\Asushwio.sys []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2009-06-22 10498688]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wacmoumonitor;Wacom Mode Helper; C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-30 376832]
R2 EvtEng;EvtEng; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [2005-06-03 86016]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-09 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2005-06-20 53248]
R2 OwnershipProtocol;OwnershipProtocol; C:\Programme\Intel\Wireless\Bin\OProtSvc.exe [2005-05-31 98304]
R2 RegSrvc;RegSrvc; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [2005-06-03 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [2005-06-03 372809]
R2 spmgr;spmgr; C:\Programme\ASUS\NB Probe\SPM\spmgr.exe [2005-04-20 118784]
R2 TabletServiceWacom;TabletServiceWacom; C:\WINDOWS\system32\Wacom_Tablet.exe [2009-03-27 2789672]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe [2009-10-19 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-01-12 68096]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 Dac9frasu-4;Dac9frasu-4; C:\WINDOWS\system32\vssadmin.exe [2004-08-04 33792]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Vielen Dank schon mal...!!!!!!!!!!!!!