Trojaner-Board - Cpu Auslastung sehr hoch

Hallo !

Ich habe seit paar Tagen Probleme mit der Cpu Auslastung. Ständig ist es bei 80-100% , wenn ich ein programm öffne steigt die Cpu auf 100%. Welches Programm dafür genau zuständig ist weiß ich nicht , dass es sich immer abwechselt. Meinstens aber ein acktives Programm , wenn ich gar nichts offen habe ist es die explorer.exe oder taskmanager.

Nach Viren habe ich schon gesucht mit Kaspersky und Malwarebytes , da wurde Trojan.Win32.Genome.hwut gefunden und entfernt , hat aber nichts geändert an der Cpu.

Dann wollte ich die Load.exe von dieser Seite runterladen , aber Kaspersky hat da den Virus HEUR:Trojan.Downloader.Win32.Generic gefunden.

Hier mal der Hijackscan:
HiJackthis Logfile:

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:41:31, on 12.09.2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18498)

Boot mode: Normal
 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Users\eugen\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0510&m=aspire_7720zg

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0510&m=aspire_7720zg

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

R3 - URLSearchHook: (no name) -  - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\ievkbd.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [Steam] "c:\program files\neuer ordner\steam.exe" -silent

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O4 - Startup: CurseClientStartup.ccip

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\ie_banner_deny.htm

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\SCIEPlgn.dll

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelsp.dll

O13 - Gopher Prefix: 

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Security Suite CBE 09 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe

O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: WTGService - Unknown owner - C:\Program Files\Verbindungsassistent\WTGService.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
 

--

End of file - 10624 bytes

--- --- ---

So hier der Log :

Combofix Logfile:

Code:

ComboFix 10-09-11.03 - eugen 12.09.2010  17:12:48.1.2 - x86 NETWORK

Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3069.2462 [GMT 2:00]

ausgeführt von:: c:\users\eugen\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.
  ADS - Windows: deleted 24 bytes in 1 streams. 
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\users\eugen\AppData\Roaming\.#
 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-08-12 bis 2010-09-12  ))))))))))))))))))))))))))))))

.
 

2010-09-12 15:18 . 2010-09-12 15:19        --------        d-----w-        c:\users\eugen\AppData\Local\temp

2010-09-12 15:18 . 2010-09-12 15:18        --------        d-----w-        c:\users\Default\AppData\Local\temp

2010-09-12 06:51 . 2010-09-12 15:02        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2010-09-12 06:51 . 2010-09-12 15:02        --------        d-----w-        c:\program files\Spybot - Search & Destroy

2010-09-12 06:41 . 2010-09-12 06:41        --------        d-----w-        c:\program files\Trend Micro

2010-09-09 08:13 . 2010-09-09 08:10        185640        ----a-w-        c:\programdata\DivX\Setup\finishPlugin.dll

2010-09-09 08:13 . 2010-09-09 08:13        56765        ----a-w-        c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-09-09 08:13 . 2010-09-09 08:13        56997        ----a-w-        c:\programdata\DivX\WebPlayer\Uninstaller.exe

2010-09-09 08:13 . 2010-09-09 08:13        53600        ----a-w-        c:\programdata\DivX\Update\Uninstaller.exe

2010-09-09 08:13 . 2010-09-09 08:13        57691        ----a-w-        c:\programdata\DivX\Player\Uninstaller.exe

2010-09-09 08:12 . 2010-09-09 08:12        84063        ----a-w-        c:\programdata\DivX\TransferWizard\Uninstaller.exe

2010-09-09 08:12 . 2010-09-09 08:12        54153        ----a-w-        c:\programdata\DivX\DFXPlugin\Uninstaller.exe

2010-09-09 08:10 . 2010-09-09 08:10        144696        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-08-28 21:28 . 2010-08-28 21:28        --------        d-----w-        c:\programdata\NVIDIA Corporation

2010-08-28 21:28 . 2010-09-12 05:52        --------        d-----w-        c:\program files\NVIDIA Corporation

2010-08-28 21:26 . 2010-07-09 22:37        56936        ----a-w-        c:\windows\system32\OpenCL.dll

2010-08-28 21:26 . 2010-07-09 22:37        5107816        ----a-w-        c:\windows\system32\nvwgf2um.dll

2010-08-28 21:26 . 2010-07-09 22:37        11008040        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys

2010-08-28 21:26 . 2010-07-09 22:37        9818728        ----a-w-        c:\windows\system32\nvd3dum.dll

2010-08-28 21:26 . 2010-07-09 22:37        4553832        ----a-w-        c:\windows\system32\nvcuda.dll

2010-08-28 21:26 . 2010-07-09 22:37        2892904        ----a-w-        c:\windows\system32\nvcuvid.dll

2010-08-28 21:26 . 2010-07-09 22:37        2506344        ----a-w-        c:\windows\system32\nvcuvenc.dll

2010-08-28 21:26 . 2010-07-09 22:37        14092904        ----a-w-        c:\windows\system32\nvoglv32.dll

2010-08-28 21:26 . 2010-07-09 22:37        236136        ----a-w-        c:\windows\system32\nvcod1922.dll

2010-08-28 21:26 . 2010-07-09 22:37        236136        ----a-w-        c:\windows\system32\nvcod.dll

2010-08-28 21:26 . 2010-07-09 22:37        1625192        ----a-w-        c:\windows\system32\nvapi.dll

2010-08-28 21:26 . 2010-07-09 22:37        10267240        ----a-w-        c:\windows\system32\nvcompiler.dll

2010-08-16 14:49 . 2010-08-16 14:49        --------        d-----w-        c:\users\eugen\AppData\Local\cache

2010-08-16 14:47 . 2010-09-09 20:45        --------        d-----w-        c:\users\eugen\AppData\Local\FullTiltPoker

2010-08-16 14:46 . 2010-09-09 20:45        --------        d-----w-        c:\program files\Full Tilt Poker

2010-08-13 21:09 . 2010-08-13 21:09        --------        d-----w-        c:\users\eugen\AppData\Local\Apps

2010-08-13 21:09 . 2010-08-16 13:30        --------        d-----w-        c:\users\eugen\AppData\Local\Deployment

2010-08-13 18:02 . 2010-07-06 11:20        30016        ----a-w-        c:\windows\system32\uxtuneup.dll

2010-08-13 16:51 . 2010-08-13 16:55        --------        d-----w-        c:\programdata\SecTaskMan

2010-08-13 16:51 . 2010-08-13 16:51        --------        d-----w-        c:\program files\Security Task Manager
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-12 15:11 . 2008-01-21 07:15        627756        ----a-w-        c:\windows\system32\perfh007.dat

2010-09-12 15:11 . 2008-01-21 07:15        125870        ----a-w-        c:\windows\system32\perfc007.dat

2010-09-12 15:05 . 2010-07-26 21:28        6361632        --sha-w-        c:\windows\system32\drivers\fidbox.dat

2010-09-12 15:05 . 2010-07-26 21:28        5768        --sha-w-        c:\windows\system32\drivers\fidbox2.idx

2010-09-12 15:05 . 2010-07-26 21:28        51828        --sha-w-        c:\windows\system32\drivers\fidbox.idx

2010-09-12 15:05 . 2010-07-26 21:28        1064992        --sha-w-        c:\windows\system32\drivers\fidbox2.dat

2010-09-12 15:05 . 2010-06-14 18:18        --------        d-----w-        c:\program files\Neuer Ordner

2010-09-12 15:04 . 2010-07-26 21:28        --------        d-----w-        c:\programdata\Kaspersky Lab

2010-09-12 14:15 . 2010-06-14 17:29        --------        d-----w-        c:\users\eugen\AppData\Roaming\ICQ

2010-09-12 05:52 . 2010-06-15 21:06        --------        d-----w-        c:\programdata\DivX

2010-09-12 05:52 . 2010-08-09 14:03        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2010-09-12 05:52 . 2010-06-15 21:07        --------        d-----w-        c:\program files\DivX

2010-09-12 05:52 . 2010-06-14 18:19        --------        d-----w-        c:\program files\Common Files\Steam

2010-09-12 05:35 . 2010-08-28 22:09        89377        ----a-w-        c:\programdata\nvModes.dat

2010-09-11 00:36 . 2010-06-03 08:00        680        ----a-w-        c:\users\eugen\AppData\Local\d3d9caps.dat

2010-09-09 08:13 . 2010-06-15 21:11        57344        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-09-09 08:10 . 2010-06-15 21:10        1062184        ----a-w-        c:\programdata\DivX\Setup\Resource.dll

2010-09-09 08:10 . 2010-06-15 21:10        850200        ----a-w-        c:\programdata\DivX\Setup\DivXSetup.exe

2010-09-08 10:54 . 2010-07-28 15:52        --------        d-----w-        c:\program files\JDownloader

2010-09-02 14:04 . 2010-06-16 19:13        --------        d-----w-        c:\program files\Common Files\DVDVideoSoft

2010-08-28 22:09 . 2010-05-26 13:39        --------        d-----w-        c:\programdata\NVIDIA

2010-08-23 11:41 . 2010-06-14 17:29        --------        d-----w-        c:\program files\ICQ7.2

2010-08-13 18:02 . 2010-05-26 14:16        --------        d-----w-        c:\program files\TuneUp Utilities 2010

2010-08-13 16:54 . 2010-06-19 20:05        --------        d-----w-        c:\program files\Verbindungsassistent

2010-08-12 15:50 . 2010-08-12 15:50        --------        d-----w-        c:\program files\Ubisoft

2010-08-12 15:50 . 2008-03-25 10:49        --------        d--h--w-        c:\program files\InstallShield Installation Information

2010-08-12 01:00 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail

2010-08-11 15:16 . 2010-08-11 15:02        --------        d-----w-        c:\programdata\POPWWPROFILES

2010-08-10 14:47 . 2010-08-02 23:25        214592        ----a-w-        c:\windows\system32\PnkBstrB.exe

2010-08-10 14:45 . 2010-08-02 23:25        138968        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys

2010-08-10 11:51 . 2010-08-10 11:51        --------        d-----w-        c:\users\eugen\AppData\Roaming\Leadertech

2010-08-10 11:16 . 2010-07-03 18:06        --------        d-----w-        c:\program files\Electronic Arts

2010-08-10 09:43 . 2010-08-10 09:41        --------        d-----w-        c:\users\eugen\AppData\Roaming\WinSplit

2010-08-10 09:40 . 2010-08-10 09:40        --------        d-----w-        c:\program files\WinSplit

2010-08-09 21:07 . 2010-05-26 13:35        --------        d-----w-        c:\program files\Google

2010-08-09 21:03 . 2010-08-09 21:03        509552        ----a-w-        c:\programdata\Google\Google Toolbar\Update\gtbAE32.tmp.exe

2010-08-09 14:04 . 2010-08-09 14:04        --------        d-----w-        c:\users\eugen\AppData\Roaming\Malwarebytes

2010-08-09 14:03 . 2010-08-09 14:03        --------        d-----w-        c:\programdata\Malwarebytes

2010-08-08 11:31 . 2010-08-08 11:31        --------        d-----w-        c:\program files\SlySoft

2010-08-07 21:17 . 2010-06-14 20:07        --------        d-----w-        c:\users\eugen\AppData\Roaming\Apple Computer

2010-08-07 21:17 . 2010-06-14 20:04        --------        d-----w-        c:\programdata\Apple

2010-08-02 23:25 . 2010-08-02 23:25        139152        ----a-w-        c:\users\eugen\AppData\Roaming\PnkBstrK.sys

2010-08-02 23:25 . 2010-08-02 23:25        139152        ----a-w-        c:\users\eugen\AppData\Roaming\PnkBstrK.sys

2010-08-02 23:25 . 2010-08-02 23:25        794408        ----a-w-        c:\windows\system32\pbsvc.exe

2010-08-02 23:25 . 2010-08-02 23:25        75064        ----a-w-        c:\windows\system32\PnkBstrA.exe

2010-08-01 13:13 . 2010-08-01 13:13        --------        d-----w-        c:\program files\Bethesda Softworks

2010-07-31 13:29 . 2010-07-03 18:06        --------        d-----w-        c:\programdata\Electronic Arts

2010-07-31 07:10 . 2010-07-31 07:10        --------        d-----w-        c:\users\eugen\AppData\Roaming\bizarre creations

2010-07-30 10:27 . 2010-07-30 10:20        --------        d-----w-        c:\users\eugen\AppData\Roaming\DAEMON Tools Lite

2010-07-30 10:21 . 2010-07-30 10:21        --------        d-----w-        c:\program files\DAEMON Tools Toolbar

2010-07-30 10:21 . 2010-07-30 10:20        --------        d-----w-        c:\program files\DAEMON Tools Lite

2010-07-30 10:20 . 2010-07-30 10:20        691696        ----a-w-        c:\windows\system32\drivers\sptd.sys

2010-07-30 10:20 . 2010-07-30 10:20        --------        d-----w-        c:\programdata\DAEMON Tools Lite

2010-07-30 08:58 . 2010-07-30 08:58        --------        d-----w-        c:\program files\Common Files\Futuremark Shared

2010-07-30 08:53 . 2010-07-30 08:53        --------        d-----w-        c:\program files\IsoBuster

2010-07-30 08:51 . 2010-07-26 21:29        97549        ----a-w-        c:\windows\system32\drivers\klick.dat

2010-07-30 08:51 . 2010-07-26 21:29        113933        ----a-w-        c:\windows\system32\drivers\klin.dat

2010-07-28 15:48 . 2010-07-28 09:22        --------        d-----w-        c:\program files\FlashGet

2010-07-28 09:22 . 2010-07-28 09:22        --------        d-----w-        c:\users\eugen\AppData\Roaming\FlashGet

2010-07-26 21:50 . 2010-07-26 21:50        12888        ----a-w-        c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\cbild\8.0.0.506\wmifw.exe

2010-07-26 21:50 . 2010-07-26 21:50        12888        ----a-w-        c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\cbild\8.0.0.506\wmiav.exe

2010-07-26 21:50 . 2010-07-26 21:50        12888        ----a-w-        c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\cbild\8.0.0.506\wmias.exe

2010-07-26 21:50 . 2010-07-26 21:50        208616        ----a-w-        c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\cbild\8.0.0.506\avp.exe

2010-07-26 21:50 . 2010-07-26 21:50        59920        ----a-w-        c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\cbild\8.0.0.506\mzvkbd.dll

2010-07-26 21:50 . 2010-07-26 21:50        109072        ----a-w-        c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\cbild\8.0.0.506\mzvkbd3.dll

2010-07-26 21:28 . 2010-07-26 21:28        --------        d-----w-        c:\program files\Kaspersky Lab

2010-07-26 14:24 . 2010-07-18 18:34        --------        d-----w-        c:\program files\iTunes

2010-07-26 14:23 . 2010-07-26 14:23        --------        d-----w-        c:\program files\iPod

2010-07-26 14:23 . 2010-06-14 20:04        --------        d-----w-        c:\program files\Common Files\Apple

2010-07-26 14:23 . 2010-06-14 20:05        --------        d-----w-        c:\programdata\Apple Computer

2010-07-26 14:16 . 2010-07-26 14:16        73000        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

2010-07-18 18:31 . 2010-07-18 18:31        --------        d-----w-        c:\program files\Bonjour

2010-07-18 18:25 . 2010-07-18 18:25        --------        d-----w-        c:\program files\Safari

2010-07-18 18:23 . 2010-07-18 18:23        71992        ----a-w-        c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe

2010-07-09 14:20 . 2010-09-12 05:41        1881704        ----a-w-        c:\windows\system32\TBD2A5B.tmp

2010-07-09 14:20 . 2010-09-12 05:41        1469544        ----a-w-        c:\windows\system32\TBD2A6C.tmp

2010-07-09 14:20 . 2010-09-12 05:41        129640        ----a-w-        c:\windows\system32\TBD2A3B.tmp

2010-07-07 12:03 . 2010-05-26 13:22        604776        ----a-w-        c:\windows\system32\nvuninst.exe

2010-07-06 11:26 . 2010-05-26 14:17        30528        ----a-w-        c:\windows\system32\TURegOpt.exe

2010-07-06 11:20 . 2010-05-26 14:17        21312        ----a-w-        c:\windows\system32\authuitu.dll

2010-07-04 14:52 . 2010-07-04 14:52        15440        ----a-w-        c:\windows\system32\drivers\hamachi.sys

2010-06-28 20:25 . 2010-06-28 18:28        1        ----a-w-        c:\users\eugen\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-06-28 20:11 . 2010-05-26 13:35        76064        ----a-w-        c:\users\eugen\AppData\Local\GDIPFONTCACHEV1.DAT

2010-06-28 18:24 . 2010-06-28 18:24        411368        ----a-w-        c:\windows\system32\deployJava1.dll

2010-06-28 16:17 . 2010-08-11 04:25        833024        ----a-w-        c:\windows\system32\wininet.dll

2010-06-28 16:13 . 2010-08-11 04:25        78336        ----a-w-        c:\windows\system32\ieencode.dll

2010-06-21 13:18 . 2010-08-11 04:25        2036736        ----a-w-        c:\windows\system32\win32k.sys

2010-06-19 20:05 . 2010-06-19 20:05        621056        ----a-w-        c:\windows\system32\drivers\mod7700.sys

2010-06-19 20:05 . 2010-06-19 20:05        23424        ----a-w-        c:\windows\system32\drivers\ewdcsc.sys

2010-06-18 16:43 . 2010-08-11 04:25        36352        ----a-w-        c:\windows\system32\rtutils.dll

2010-06-18 14:43 . 2010-08-11 04:25        302080        ----a-w-        c:\windows\system32\drivers\srv.sys

2010-06-18 14:43 . 2010-08-11 04:25        144896        ----a-w-        c:\windows\system32\drivers\srv2.sys

2010-06-16 15:59 . 2010-08-11 04:25        898952        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2010-06-16 01:17 . 2006-11-02 10:25        665600        ----a-w-        c:\windows\inf\drvindex.dat

2010-06-15 21:10 . 2010-06-15 21:10        57054        ----a-w-        c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe

2010-06-15 21:10 . 2010-06-15 21:10        54166        ----a-w-        c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe

2010-06-15 21:10 . 2010-06-15 21:10        57532        ----a-w-        c:\programdata\DivX\DSASPDecoder\Uninstaller.exe

2010-06-15 21:10 . 2010-06-15 21:10        56458        ----a-w-        c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe

2010-06-15 21:10 . 2010-06-15 21:10        54174        ----a-w-        c:\programdata\DivX\DSAACDecoder\Uninstaller.exe

2010-06-15 21:10 . 2010-06-15 21:10        54644        ----a-w-        c:\programdata\DivX\TranscodeEngine\Uninstaller.exe

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-01-03 01:00        39472        ----a-w-        c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\neuer ordner\steam.exe" [2010-08-27 1242448]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-26 68856]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]

"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]

"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]
 

c:\users\eugen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2010-8-13 0]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll,c:\progra~1\KASPER~1\KASPER~1\adialhk.dll,c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter

"ICQ"="c:\program files\ICQ7.2\ICQ.exe" silent loginmode=4
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe"

"WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

"LManager"=c:\progra~1\LAUNCH~1\LManager.exe

"eDataSecurity Loader"=c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001
 

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-30 691696]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 41456]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-09 135664]

R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-07-06 1051968]

R2 WTGService;WTGService;c:\program files\Verbindungsassistent\WTGService.exe [x]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]

R3 GarenaPEngine;GarenaPEngine;c:\users\eugen\AppData\Local\Temp\RKH3F70.tmp [x]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]

S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-03-07 32256]
 
 

--- Andere Dienste/Treiber im Speicher ---
 

*NewlyCreated* - ECACHE
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

Inhalt des "geplante Tasks" Ordners
 

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-09 21:07]
 

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-09 21:07]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://start.icq.com/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0510&m=aspire_7720zg

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\gamelsp.dll

FF - ProfilePath - c:\users\eugen\AppData\Roaming\Mozilla\Firefox\Profiles\ew3pntnd.default\

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=

FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

FF - component: c:\users\eugen\AppData\Roaming\Mozilla\Firefox\Profiles\ew3pntnd.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

HKLM-RunOnce-<NO NAME> - (no file)
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2010-09-12 17:19

Windows 6.0.6001 Service Pack 1 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\users\eugen\AppData\Local\Temp\RKH3F70.tmp"
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'Explorer.exe'(1992)

c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

.

Zeit der Fertigstellung: 2010-09-12  17:21:02

ComboFix-quarantined-files.txt  2010-09-12 15:20
 

Vor Suchlauf: 11 Verzeichnis(se), 66.945.507.328 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 66.906.230.784 Bytes frei
 

- - End Of File - - 3168682DD2318B155F5CA31AA8846E5D

--- --- ---