Mein Laptop hängt wegen hoher CPU Auslastung

#1 Guten Abend

ich habe ein Acer Aspire 5530G Laptop,
mein Problem ist das mein CPU (AMD Turionx2 64) dauernd ueberlastet ist.
Seit einigen Tagen ist mein Antivirus-Programm Mc-Affee abgeloffen doch ich habe noch Avira AntiVir Personal.Aber ich glaube das dieser Programm nicht sicher ist könnt ihr mir helfen ein am besten kostenloses Antivirusprogramm zusuchen?Nun zu dem Hauptthema ich habe mein Laptop mit HijackThis untersuchen lassen:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:15, on 09.04.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Cheng\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Cheng\AppData\Local\Temp\Rar$EX00.290\procexp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_5530
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13166&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Connection Manager (Nomad) - Unknown owner - C:\Program Files\BVRP Connection Manager\NomadSvr.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12382 bytes

____________________________________________________________
Ich hoffe ihr könnt mir helfen.
Mit freundlich grüßen
Shinox

#2

Zitat

Seit einigen Tagen ist mein Antivirus-Programm Mc-Affee abgeloffen doch ich habe noch Avira AntiVir Personal

Verstehe ich Dich richtig, dass du beide Programme miteinander laufen hast? Gemäss HJT Log sind beide am laufen... Also zwei Kapitäne können auch kein Schiff steuern. Also nur ein Antivirenprogramm benutzen. Avira sollte sicherlich genügen und ist gratis.

>>
Askbar entfernen
Start -> Einstellungen -> Systemsteuerung -> Software >
Schau ob AskSBar,SrchAstt oder Ask Search Assistant dazwischen steht,entfernen

>>
Lösche die temp Dateien mit CCleaner

>>
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Einträgen bei: (falls diese noch vorhanden sind)

Zitat

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

und wähle fix checked.

Starte den Rechner neu.

>>
Scanne mit Malwarebytes, lass das gefundene löschen und poste das Log:
(Vor der Anwendung Update nicht vergessen)
http://virus-protect.org/artikel/tools/malwarebytes.html

>>
Wende Combofix an und poste das Log:
http://www.virus-protect.org/artikel/tools/combofix.html


Gruss Swiss

#3 Malwarebytes' Anti-Malware 1.36
Datenbank Version: 1959
Windows 6.0.6001 Service Pack 1

09.04.2009 23:35:32
mbam-log-2009-04-09 (23-35-32).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 62365
Laufzeit: 9 minute(s), 29 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\kt_bho.KettleBho (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

#4 Und wann folgt der Rest?

Gruss Swiss

#5 Ich habe Combofix benutzt doch ich weis nicht wie ich den Bericht lesen kann

#6 Gehe nach C:\combofix.txt soltest du da finden und poste den Inhalt.

Gruss Swiss

#7 ComboFix 09-04-04.01 - Cheng 2009-04-10 22:06:25.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.3293.2143 [GMT 2:00]
ausgeführt von:: c:\users\Cheng\Downloads\ComboFix.exe
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Cheng\AppData\Roaming\.#
c:\windows\system32\winio.vxd

.
((((((((((((((((((((((( Dateien erstellt von 2009-03-10 bis 2009-04-10 ))))))))))))))))))))))))))))))
.

2009-04-10 22:02 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe
2009-04-10 18:28 . 2009-04-10 18:28 0 --a------ c:\windows\System32\msexcr.ini
2009-04-10 15:46 . 2009-04-10 15:46 <DIR> d-------- c:\program files\NEXON
2009-04-09 23:59 . 2009-04-10 00:00 343,435,407 --a------ c:\windows\MEMORY.DMP
2009-04-09 22:45 . 2009-04-09 22:45 <DIR> d-------- c:\users\Cheng\AppData\Roaming\Malwarebytes
2009-04-09 22:45 . 2009-04-09 22:45 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-04-09 22:45 . 2009-04-09 22:45 <DIR> d-------- c:\programdata\Malwarebytes
2009-04-09 22:45 . 2009-04-09 22:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-09 22:45 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-09 22:45 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-09 22:34 . 2009-04-09 22:34 <DIR> d-------- c:\program files\CCleaner
2009-04-09 21:20 . 2009-04-09 21:20 <DIR> d-------- c:\program files\Trend Micro
2009-04-08 13:23 . 2009-04-08 13:23 <DIR> d-------- c:\users\Cheng\Neuer Ordner
2009-04-08 13:11 . 1996-12-11 12:22 69,632 --a------ c:\windows\UNINSTCC.EXE
2009-04-08 13:10 . 2009-04-08 13:12 <DIR> d-------- C:\WESTWOOD
2009-04-08 13:09 . 1997-04-08 20:08 299,520 --a------ c:\windows\uninst.exe
2009-04-06 22:21 . 2009-04-06 22:21 <DIR> d-------- c:\program files\GpotatoEu
2009-04-03 12:07 . 2009-04-03 12:07 <DIR> d-------- c:\program files\alaplaya
2009-04-02 20:43 . 2009-04-02 20:43 <DIR> d-------- c:\program files\Gamigo Games
2009-03-24 22:19 . 2009-03-24 22:24 <DIR> d-------- c:\program files\Movavi Video Converter 6
2009-03-24 21:31 . 2009-03-24 22:12 <DIR> d-------- c:\program files\MediaCoder
2009-03-24 21:30 . 2009-03-24 21:30 <DIR> d-------- c:\program files\Free Offers from Freeze.com
2009-03-22 17:17 . 2009-03-22 17:17 <DIR> d-------- c:\users\All Users\Adobe Systems
2009-03-22 17:17 . 2009-03-22 17:17 <DIR> d-------- c:\programdata\Adobe Systems
2009-03-22 17:15 . 2009-03-22 17:15 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-03-22 17:12 . 2009-03-22 17:12 <DIR> d-------- C:\InDesign CS2 Tryout
2009-03-21 12:27 . 2009-03-21 12:27 <DIR> d-------- c:\program files\VirtualDJ
2009-03-14 19:18 . 2009-03-24 18:59 <DIR> d-------- c:\users\Cheng\AppData\Roaming\DivX
2009-03-14 12:17 . 2009-03-14 12:18 <DIR> d-------- c:\program files\DivX
2009-03-14 12:17 . 2009-03-14 12:17 <DIR> d-------- c:\program files\Common Files\PX Storage Engine
2009-03-14 12:17 . 2009-03-14 12:17 <DIR> d-------- c:\program files\Common Files\DivX Shared
2009-03-11 18:28 . 2009-03-11 18:28 55 --a------ c:\windows\SpeedGear.INI
2009-03-11 18:27 . 2009-03-11 18:30 <DIR> d-------- c:\program files\Speed Gear
2009-03-11 14:09 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 14:09 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 14:09 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 14:09 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 14:09 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 14:09 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 11:23 --------- d-----w c:\users\Cheng\AppData\Roaming\Skype
2009-04-10 10:24 --------- d-----w c:\users\Cheng\AppData\Roaming\skypePM
2009-04-07 07:54 --------- d-----w c:\program files\d-lusion
2009-04-06 19:29 --------- d-----w c:\program files\Gpotato
2009-04-03 10:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-26 21:37 --------- d-----w c:\program files\McAfee
2009-03-26 14:06 43,520 ----a-w c:\windows\System32\CmdLineExt03.dll
2009-03-22 15:15 --------- d-----w c:\program files\Common Files\Adobe
2009-03-20 13:38 201,816 ----a-w c:\windows\System32\PnkBstrB.exe
2009-03-20 13:38 137,992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-12 16:08 --------- d-----w c:\program files\Windows Mail
2009-03-11 11:59 --------- d-----w c:\program files\Google
2009-03-09 10:21 --------- d-----w c:\program files\ICQ6.5
2009-03-08 12:02 --------- d-----w c:\users\Cheng\AppData\Roaming\NCH Swift Sound
2009-03-08 12:02 --------- d-----w c:\programdata\NCH Swift Sound
2009-03-08 12:02 --------- d-----w c:\program files\NCH Swift Sound
2009-03-08 12:01 --------- d-----w c:\program files\NCH Software
2009-03-08 11:28 --------- d-----w c:\program files\Fly For Hero Client v.3
2009-03-08 09:56 --------- d-----w c:\programdata\McAfee
2009-02-22 19:55 --------- d-----w c:\program files\AviSynth 2.5
2009-02-22 19:54 --------- d-----w c:\program files\eRightSoft
2009-02-19 19:52 --------- d-----w c:\program files\foobar2000
2009-02-18 13:46 --------- d-----w c:\program files\AbiSuite2
2009-02-16 14:17 421,888 ----a-w c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-02-15 11:58 --------- d-----w c:\program files\My Video Downloader
2009-02-15 11:21 --------- d-----w c:\program files\DVDVideoSoft
2009-02-15 11:21 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-02-12 16:01 --------- d-----w c:\programdata\CyberLink
2009-02-10 12:01 --------- d-----w c:\programdata\Microsoft Help
2009-02-10 11:56 --------- d-----w c:\program files\Microsoft Works
2009-01-27 01:34 90,112 ----a-w c:\windows\System32\dpl100.dll
2009-01-27 01:34 823,296 ----a-w c:\windows\System32\divx_xx0c.dll
2009-01-27 01:34 823,296 ----a-w c:\windows\System32\divx_xx07.dll
2009-01-27 01:34 815,104 ----a-w c:\windows\System32\divx_xx0a.dll
2009-01-27 01:34 802,816 ----a-w c:\windows\System32\divx_xx11.dll
2009-01-27 01:34 684,032 ----a-w c:\windows\System32\DivX.dll
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-11-27 17:51 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-11-27 17:51 56 ---ha-w c:\programdata\ezsidmv.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2009-01-27 01:34 1,044,480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 200,704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2008-11-26 19:19 157168 --a------ c:\programdata\Partner\partner.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-09 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-05-27 850440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DelayShred"="c:\progra~1\mcafee\mshr\ShrCL.EXE" [2009-01-09 113168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0942DABE-5997-42B7-9CB3-F892F476E9D3}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{463DDD33-3EA5-4A68-8255-95D3A00718BD}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E829CE93-107B-4CEA-96D5-7E94E0CDAD9E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{957512EE-4688-470F-86D8-6C2353D8ED56}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{24DC5CB8-203B-407E-B201-F1546FEC58DA}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{70776BD7-A543-477E-A80B-847500D0180D}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{0FBDCDB9-F380-4520-A8CB-C034C7CA4A63}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{E0A303B7-4CBC-4EF4-9BAA-50A2EDD00E82}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{13DE1542-C1CE-4DFF-94F0-BD704E111E66}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{CB2E9942-304A-47DA-81ED-BAD46CCB22BF}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{5A0B40C7-2E0F-4C07-9276-1980836A3852}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{F2FD47BD-6877-47AF-94AC-7D77B7B250A9}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{9B85A0E9-8B14-44A4-B779-99E0B3394276}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{6C462C38-5DA6-4A25-A713-C7BB1151D57B}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"TCP Query User{AAE1C8D2-08C8-4B40-B4AD-C8AE6EAD0E0A}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{E6C58335-E427-4C77-9399-E22B110355DB}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"{215BA139-406F-4E6E-90AF-42FF150BEE29}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0E9B6F86-A6B9-4E0E-B982-5E639B1A2CC0}"= UDP:c:\program files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142
"{EE8FCE1F-4C04-4570-8018-F7E1084B51F2}"= TCP:c:\program files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142
"TCP Query User{BC075711-56EB-4894-8D7E-BF792A4860F6}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"UDP Query User{5698761B-1F8A-4907-B9FD-A1C7C67D5B7F}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"TCP Query User{8A950A9C-4E2F-4F3E-A10B-0B2979CFCC85}c:\\users\\cheng\\temp\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\users\cheng\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"UDP Query User{4465F763-7070-4620-BB1E-23149238F504}c:\\users\\cheng\\temp\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\users\cheng\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"TCP Query User{AED12E78-062F-4599-80ED-687A0AA18756}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood
"UDP Query User{9DD1A1E0-68D8-40DD-94B3-5951FBE1FE20}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood
"TCP Query User{3BDE053C-3F84-470C-B736-5AB891745A6A}c:\\program files\\zattoo\\zattoo.exe"= UDP:c:\program files\zattoo\zattoo.exe:
"UDP Query User{C52E71A1-3575-4D50-9642-821254D82159}c:\\program files\\zattoo\\zattoo.exe"= TCP:c:\program files\zattoo\zattoo.exe:
"TCP Query User{D205666C-84E1-490D-BCA0-4F6C881005BC}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= UDP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine
"UDP Query User{51BCD685-F61E-4C84-981D-1DD5AC798650}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= TCP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine
"{1736D37E-E5EF-4A68-8B6C-A4E134198BA8}"= UDP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager
"{CC97B749-7386-458D-B5A9-97806F8B5189}"= TCP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager
"{C92E8911-5F90-48FA-8518-1ADC98B7132C}"= UDP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core
"{972C6E20-27DF-44BB-A9B6-8ADFCABE75A7}"= TCP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core
"TCP Query User{60FBF24B-5DD0-4094-A25A-5337DCDB7BC8}c:\\program files\\sierra\\empire earth ii\\ee2.exe"= UDP:c:\program files\sierra\empire earth ii\ee2.exe:Empire Earth II
"UDP Query User{CECCE8E3-E030-4B7F-A077-A29FD49695E9}c:\\program files\\sierra\\empire earth ii\\ee2.exe"= TCP:c:\program files\sierra\empire earth ii\ee2.exe:Empire Earth II

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-09-29 03:35:29 61424]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-09-29 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-05-20 24576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-11-27 210216]
R2 Nomad;Connection Manager;c:\program files\BVRP Connection Manager\NomadSvr.exe [2009-02-03 65536]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-09-29 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-05-21 210432]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-05-21 54784]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [2008-09-29 22072]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-05-20 93968]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2008-11-27 17536]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - dump_wmimmc
.
Inhalt des "geplante Tasks" Ordners

2009-04-10 c:\windows\Tasks\AUfräumen.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 11:53]

2008-05-20 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 11:53]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 11:53]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-eRecoveryService - (no file)
HKU-Default-Run-Connection Manager - c:\program files\BVRP Connection Manager\Nomad.exe


.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://de.intl.acer.yahoo.com
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Cheng\AppData\Roaming\Mozilla\Firefox\Profiles\tfacd3yz.default\
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 22:13:27
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwQuerySystemInformation

Scanne versteckte Prozesse...

? [872]
? [5164]
Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2009-04-10 22:18:27
ComboFix-quarantined-files.txt 2009-04-10 20:18:20

Vor Suchlauf: 25 Verzeichnis(se), 97,675,747,328 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 97,641,070,592 Bytes frei

231 --- E O F --- 2009-04-07 08:01:02

#8 >>
Combofix entfernen:
Windows Taste + R drücken
Kopiere rein: Combofix /U - klicke "OK"
(oder, wenn es nicht funktioniert: C:\QooBox löschen)

>>
Scanne mit GMER und poste das Log:
http://virus-protect.org/artikel/tools/gmer.html

>>
scanne mit smitfraudfix (option 1 und 2) - poste beide scanreporte
http://virus-protect.org/artikel/tools/smitfrautfix.html

Gruss Swiss