Hohe CPU Auslastung |
||
---|---|---|
#0
| ||
12.04.2010, 19:03
Member
Beiträge: 31 |
||
|
||
12.04.2010, 20:01
Moderator
Beiträge: 5694 |
#2
Hallo und herzlich Willkommen auf Protecus.de
Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte: • Halte Dich an die Anweisungen des jeweiligen Helfers. • Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an. • Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden. • Bitte arbeite jeden Schritt der Reihe nach ab. • Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben. • Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt. • Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist. • Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden. • Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden. • Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird. • Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert. • Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät. • In letzter Instanz ist dann immer der User welcher entscheidet. Vista und Win7 User: Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen. Schritt 1 Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop >Doppelklick auf die OTL.exe -->Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen >Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output >Unter Extra Registry, wähle bitte Use SafeList >Klicke nun auf Run Scan links oben >Wenn der Scan beendet wurde werden 2 Logfiles erstellt >Poste die Logfiles in Code-Tags hier in den Thread. Schritt 2 Datei-Überprüfung Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. Dafür musst Du jede Datei einzeln über den Button "Durchsuchen" und "Senden der Datei" nach VirusTotal hochladen und prüfen lassen. Wenn VirusTotal die Datei empfangen hat, wird sie diese mit mehreren Anti-Virus-Scannern prüfen und die Ergebnisse anzeigen. Sollte VirusTotal melden, dass die Datei bereits überpüft wurde, lasse sie trotzdem über den Button "Analysiere die Datei" erneut prüfen. Wenn das Ergebnis vorliegt, den kleinen Button "Filter" links oberhalb der Ergebnisse drücken, dann das Ergebnis (egal wie es aussieht und dabei auch die Zeilen mit Namen und Größe der Datei, MD5 und SHA1 kopieren) hier posten. Solltest Du die Datei/en nicht finden oder hochladen können, dann teile uns das ebenfalls mit. Solltest Du die Datei/en nicht finden, überprüfe, ob folgende Einstellungen richtig gesetzt sind. Zitat C:\Program Files\ForexCodeGuard\ForexCodeGuardLoader.exe |
|
|
||
12.04.2010, 20:58
Member
Themenstarter Beiträge: 31 |
#3
OTL logfile created on: 12.04.2010 20:14:13 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\ZZ\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 126,42 Gb Total Space | 2,70 Gb Free Space | 2,14% Space Free | Partition Type: NTFS Drive D: | 186,31 Gb Total Space | 1,75 Gb Free Space | 0,94% Space Free | Partition Type: NTFS Drive E: | 55,47 Gb Total Space | 24,55 Gb Free Space | 44,26% Space Free | Partition Type: NTFS Drive F: | 117,69 Gb Total Space | 33,38 Gb Free Space | 28,36% Space Free | Partition Type: NTFS G: Drive not present or media not loaded Unable to calculate disk information. I: Drive not present or media not loaded Computer Name: ZZ-PC Current User Name: ZZ Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\ZZ\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.) PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\Sandboxie\SbieSvc.exe (tzuk) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Programme\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems) PRC - C:\Programme\a-squared Free\a2service.exe (Emsi Software GmbH) PRC - C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) PRC - C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe (ESET) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.) PRC - C:\Programme\SYNCING.NET Technologies\SYNCING.NET\bin\SyncingOLWatchService.exe () PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation) PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT) PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\Programme\Security Task Manager\SpyProtector.exe (Neuber Software GmbH - www.neuber.com) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Users\ZZ\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk) SRV - (GoogleDesktopManager-093009-130223) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH) SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET) SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (astcc) -- C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT) SRV - (acssrv) -- C:\Programme\Agnitum\Outpost Firewall Pro\acs.exe (Agnitum Ltd.) SRV - (AcronisOSSReinstallSvc) -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe () SRV - (PCZeitschaltuhrService) -- C:\Programme\DATA BECKER\PC Zeitschaltuhr\PCZeitschaltuhrService.exe () SRV - (ATMsrvc) -- C:\Windows\System32\ATMsrvc.exe (Adobe Systems Incorporated) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ASWFilt) -- C:\Windows\System32\Filt\ASWFilt.dll (Agnitum Ltd.) DRV - (SandBox) -- C:\Windows\System32\drivers\SandBox.sys (Agnitum Ltd.) DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis) DRV - (WinVd32) -- C:\Windows\System32\WinVd32.sys () DRV - (WinFLdrv) -- C:\Windows\System32\WinFLdrv.sys () DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk) DRV - (afwcore) -- C:\Windows\System32\drivers\afwcore.sys (Agnitum Ltd.) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\system32\DRIVERS\tdrpm251.sys (Acronis) DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (epfwwfpr) -- C:\Windows\System32\drivers\epfwwfpr.sys (ESET) DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET) DRV - (eamon) -- C:\Windows\System32\drivers\eamon.sys (ESET) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.) DRV - (afw) -- C:\Windows\System32\drivers\afw.sys (Agnitum Ltd.) DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT) DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz) DRV - (HCW88TSE) -- C:\Windows\System32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc) DRV - (CXAVSAUD) -- C:\Windows\System32\drivers\pvavsaud.sys (Conexant Systems, Inc.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.zinseszins.net/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 8A 91 B1 61 4F CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.zinseszins.net" FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.09 17:16:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.09 17:16:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.10.18 13:04:20 | 000,000,000 | ---D | M] [2009.12.23 18:22:34 | 000,000,000 | ---D | M] -- C:\Users\ZZ\AppData\Roaming\mozilla\Extensions [2009.12.23 18:22:34 | 000,000,000 | ---D | M] -- C:\Users\ZZ\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2010.04.09 17:17:37 | 000,000,000 | ---D | M] -- C:\Users\ZZ\AppData\Roaming\mozilla\Firefox\Profiles\rwfluuxs.default\extensions [2010.04.12 17:03:14 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.02.01 15:56:33 | 000,001,337 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 applian.securesites.com O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OutpostMonitor] C:\Programme\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.) O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk) O4 - HKCU..\Run: [Spy Protector] C:\Program Files\Security Task Manager\SpyProtector.exe (Neuber Software GmbH - www.neuber.com) O4 - HKCU..\Run: [SyncService] C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe (SYNCING.NET Technologies GmbH) O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - Startup: C:\Users\ZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2009.11.26 17:33:04 | 000,000,000 | -H-D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8 - Extra context menu item: RF - Formular speichern - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet) O15 - HKCU\..Trusted Domains: zdf.de ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll) - c:\Programme\Agnitum\Outpost Firewall Pro\wl_hook.dll (Agnitum Ltd.) O20 - AppInit_DLLs: (c:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - c:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (C:\Windows\System32\ForexCodeGuard.dll) - C:\Windows\System32\ForexCodeGuard.dll File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {7B0E5486-E11D-437f-AC8B-7901C7D3FCCB} - C:\Programme\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll (SYNCING.NET Technologies GmbH) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.04.02 23:40:00 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010.04.12 20:12:27 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\ZZ\Desktop\OTL.exe [2010.04.12 18:40:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2010.04.12 18:12:40 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.04.12 18:09:15 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2010.04.12 18:09:15 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2010.04.12 18:04:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.04.12 17:55:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.04.12 17:54:56 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.04.12 17:54:55 | 000,000,000 | ---D | C] -- C:\Users\ZZ\AppData\Local\temp [2010.04.12 17:19:55 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2010.04.12 17:18:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.04.12 17:18:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.04.12 17:18:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.04.12 17:13:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.04.12 17:03:12 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.04.12 17:03:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.04.12 17:03:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.04.12 16:46:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.04.12 16:41:04 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.04.11 03:00:46 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2010.04.09 15:58:56 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll [2010.04.08 20:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2010.04.08 20:13:32 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager [2010.04.06 23:08:39 | 000,000,000 | ---D | C] -- C:\Users\ZZ\Application Data [2010.04.05 20:35:59 | 000,000,000 | ---D | C] -- C:\Users\ZZ\AppData\Roaming\Malwarebytes [2010.04.05 20:35:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.05 20:35:29 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.05 20:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.05 20:35:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.05 14:47:38 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010.04.05 14:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.04.05 14:41:53 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2010.04.05 14:17:12 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.04.05 14:16:38 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.04.05 14:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.04.05 13:59:42 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.04.05 13:46:42 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.03.31 08:50:02 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.03.31 08:50:01 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.03.31 08:50:00 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.03.27 11:28:26 | 000,000,000 | ---D | C] -- C:\AllDupBackup [2010.03.27 11:28:06 | 000,000,000 | ---D | C] -- C:\Users\ZZ\AppData\Roaming\AllDup [2010.03.27 11:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AllDup [2010.03.27 11:27:23 | 002,254,768 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v12.1.1.ocx [2010.03.27 11:27:23 | 001,000,992 | ---- | C] (Bennet-Tec Information Systems, Inc) -- C:\Windows\System32\TList8.ocx [2010.03.27 11:27:23 | 000,204,480 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtExplorerBar.ocx [2010.03.27 11:27:23 | 000,171,712 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtRTF.ocx [2010.03.27 11:27:23 | 000,089,792 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtFrame.ocx [2010.03.27 11:27:23 | 000,044,736 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtSubclass.dll [2010.03.27 11:27:22 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL [2010.03.27 11:27:22 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL [2010.03.27 11:27:22 | 000,085,696 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\System32\mtSplitter.ocx [2010.03.27 11:27:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMDLGDE.DLL [2010.03.27 11:27:19 | 000,000,000 | ---D | C] -- C:\Programme\AllDup [2010.03.25 18:38:06 | 000,000,000 | ---D | C] -- C:\Programme\FLV Player [2010.03.25 15:45:31 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll [2010.03.25 15:45:25 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll [2010.03.25 15:45:20 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2010.03.25 15:45:17 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll [2010.03.25 15:45:17 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5 [2010.03.25 15:09:45 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax [2010.03.25 15:09:45 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax [2010.03.25 15:09:44 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax [2010.03.25 15:09:43 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax [2010.03.25 15:09:40 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax [2010.03.25 15:09:29 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax [2010.03.25 15:09:21 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll [2010.03.25 15:09:18 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll [2010.03.25 15:09:12 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax [2010.03.25 15:09:11 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll [2010.03.25 15:09:05 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax [2010.03.25 15:09:01 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax [2010.03.25 15:08:02 | 000,000,000 | ---D | C] -- C:\Programme\eRightSoft [2010.03.24 20:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Metatrader licenses [2010.03.23 00:39:50 | 000,000,000 | ---D | C] -- C:\Users\ZZ\AppData\Roaming\DivX [2010.03.23 00:36:07 | 000,000,000 | ---D | C] -- C:\Programme\RM Converter [2010.03.23 00:01:03 | 000,000,000 | ---D | C] -- C:\Users\ZZ\AppData\Roaming\SYNCING.NET [2010.03.23 00:00:16 | 000,000,000 | ---D | C] -- C:\Programme\SYNCING.NET Technologies [2010.03.17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx [2010.03.17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010.04.12 20:18:43 | 004,980,736 | ---- | M] () -- C:\Users\ZZ\NTUSER.DAT [2010.04.12 20:12:48 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\ZZ\Desktop\OTL.exe [2010.04.12 18:52:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.04.12 18:52:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.04.12 18:43:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.04.12 18:43:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.04.12 18:43:35 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys [2010.04.12 18:41:49 | 000,980,439 | -H-- | M] () -- C:\Users\ZZ\AppData\Local\IconCache.db [2010.04.12 17:45:54 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.04.12 17:02:52 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.04.12 17:02:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.04.12 17:02:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.04.12 17:02:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll [2010.04.12 15:47:28 | 000,524,288 | -HS- | M] () -- C:\Users\ZZ\NTUSER.DAT{c1bb872c-4636-11df-bb55-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2010.04.12 15:47:28 | 000,524,288 | -HS- | M] () -- C:\Users\ZZ\NTUSER.DAT{c1bb872c-4636-11df-bb55-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2010.04.12 15:47:28 | 000,065,536 | -HS- | M] () -- C:\Users\ZZ\NTUSER.DAT{c1bb872c-4636-11df-bb55-806e6f6e6963}.TM.blf [2010.04.12 15:27:10 | 005,505,024 | -HS- | M] () -- C:\Users\ZZ\NTUSER.DAT_tureg_old [2010.04.09 22:21:29 | 000,002,100 | -H-- | M] () -- C:\Users\ZZ\Documents\Default.rdp [2010.04.06 11:26:07 | 000,001,618 | ---- | M] () -- C:\Windows\Sandboxie.ini [2010.04.05 21:11:55 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.04.05 21:11:55 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.04.05 21:11:55 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.04.05 21:11:55 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.04.05 21:11:55 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.05 14:25:30 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.04.01 16:06:39 | 000,006,144 | ---- | M] () -- C:\Users\ZZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.01 15:31:43 | 000,004,096 | -H-- | M] () -- C:\Users\ZZ\AppData\Local\keyfile3.drm [2010.04.01 15:17:48 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2010.04.01 15:11:38 | 000,021,320 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2010.04.01 15:11:26 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.03.25 16:46:43 | 000,091,680 | ---- | M] () -- C:\Users\ZZ\AppData\Local\GDIPFONTCACHEV1.DAT [2010.03.25 16:45:29 | 002,292,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.03.23 00:00:25 | 000,001,336 | ---- | M] () -- C:\Users\Public\Desktop\SYNCING.NET öffnen.lnk [2010.03.17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx [2010.03.17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010.04.12 17:18:52 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.04.12 17:18:48 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe [2010.04.12 17:18:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.04.12 17:18:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.04.12 17:18:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.04.12 15:43:52 | 000,524,288 | -HS- | C] () -- C:\Users\ZZ\NTUSER.DAT{c1bb872c-4636-11df-bb55-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2010.04.12 15:43:52 | 000,524,288 | -HS- | C] () -- C:\Users\ZZ\NTUSER.DAT{c1bb872c-4636-11df-bb55-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2010.04.12 15:43:52 | 000,065,536 | -HS- | C] () -- C:\Users\ZZ\NTUSER.DAT{c1bb872c-4636-11df-bb55-806e6f6e6963}.TM.blf [2010.04.12 15:27:07 | 000,000,000 | -HS- | C] () -- C:\Users\ZZ\NTUSER.DAT_tureg_new.LOG2 [2010.04.12 15:27:07 | 000,000,000 | -HS- | C] () -- C:\Users\ZZ\NTUSER.DAT_tureg_new.LOG1 [2010.04.05 14:25:30 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.04.01 15:31:43 | 000,004,096 | -H-- | C] () -- C:\Users\ZZ\AppData\Local\keyfile3.drm [2010.03.25 15:09:41 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax [2010.03.25 15:09:34 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax [2010.03.25 15:09:31 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax [2010.03.25 15:09:13 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax [2010.03.25 15:09:07 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax [2010.03.25 15:09:03 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax [2010.03.25 15:08:59 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax [2010.03.25 15:08:59 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax [2010.03.23 00:00:25 | 000,001,336 | ---- | C] () -- C:\Users\Public\Desktop\SYNCING.NET öffnen.lnk [2010.01.28 15:30:45 | 000,000,000 | ---- | C] () -- C:\Windows\KHKSManC.INI [2010.01.13 00:23:13 | 000,016,387 | ---- | C] () -- C:\Windows\German.ini [2009.12.31 14:02:35 | 000,001,618 | ---- | C] () -- C:\Windows\Sandboxie.ini [2009.12.28 19:35:47 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2009.12.28 19:34:59 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll [2009.12.28 19:34:59 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll [2009.12.22 16:44:36 | 000,180,224 | ---- | C] () -- C:\Windows\System32\WinVd32.sys [2009.12.22 16:44:21 | 000,017,984 | ---- | C] () -- C:\Windows\System32\WinFLdrv.sys [2009.12.22 16:44:21 | 000,000,990 | -HS- | C] () -- C:\Users\ZZ\AppData\Roaming\systemfl.$dk [2009.12.21 11:39:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.28 18:58:29 | 000,007,667 | ---- | C] () -- C:\Users\ZZ\AppData\Local\Resmon.ResmonCfg [2009.10.25 12:32:54 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.10.20 15:36:22 | 000,006,144 | ---- | C] () -- C:\Users\ZZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.17 21:32:51 | 005,505,024 | -HS- | C] () -- C:\Users\ZZ\NTUSER.DAT_tureg_old [2009.10.17 21:32:51 | 004,980,736 | ---- | C] () -- C:\Users\ZZ\NTUSER.DAT [2009.10.17 21:32:51 | 000,524,288 | -HS- | C] () -- C:\Users\ZZ\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2009.10.17 21:32:51 | 000,524,288 | -HS- | C] () -- C:\Users\ZZ\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2009.10.17 21:32:51 | 000,262,144 | -HS- | C] () -- C:\Users\ZZ\ntuser.dat.LOG1 [2009.10.17 21:32:51 | 000,065,536 | -HS- | C] () -- C:\Users\ZZ\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2009.10.17 21:32:51 | 000,000,020 | -HS- | C] () -- C:\Users\ZZ\ntuser.ini [2009.10.17 21:32:51 | 000,000,000 | -HS- | C] () -- C:\Users\ZZ\ntuser.dat.LOG2 [2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.04.14 07:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll [2006.12.30 19:50:08 | 000,000,403 | ---- | C] () -- C:\Windows\powermp3wavconverter.ini [2003.08.07 15:01:52 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 252 bytes -> C:\ProgramData\TEMP:F87C192A @Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:0295CBF7 < End of report > |
|
|
||
12.04.2010, 21:00
Moderator
Beiträge: 5694 |
||
|
||
12.04.2010, 21:38
Member
Themenstarter Beiträge: 31 |
#5
C:\Program Files\ForexCodeGuard\ForexCodeGuardLoader.exe - wurde schon vor dem Posting entfernd
O1 - Hosts: 127.0.0.1 activate.adobe.com - weshalb gelb markiert? |
|
|
||
12.04.2010, 21:43
Moderator
Beiträge: 5694 |
#6
Du sollst keine Schritte einfach so machen. Nichts löschen und nichts verändern ohne Anweisung!
Ich will wissen was du dazu sagst: Zitat O1 - Hosts: 127.0.0.1 activate.adobe.comHastdu den Adobe Photoshop? Wenn ja woher und wieviel dafür bezahlt? |
|
|
||
12.04.2010, 22:24
Member
Themenstarter Beiträge: 31 |
#7
ps4 bei ebay
|
|
|
||
13.04.2010, 18:43
Moderator
Beiträge: 5694 |
#8
PS4 ist auf illegalem Weg auf Dein System gekommen. Die Nutzung von Cracks, Keygens und Patchs, die das Ziel haben, Bezahlsoftware ohne Bezahlung nutzbar zu machen, ist illegal und wir haben uns unterdessen darauf geeinigt, dass wir uns nicht der Beihilfe schuldig machen. Dieses Forum unterliegt deutschen Gesetzen und die sind da ziemlich streng. Du hast Dir mit diesem Zeug Dein System infiziert, und dass Cracks und Keygens im Wesentlichen dazu dienen, um auf den Computern Malware unterzubringen, ist schließlich kein Geheimnis.
Also entweder du entfernet PS4 komplett von Deinem System oder ich muss den Support einstellen. |
|
|
||
14.04.2010, 08:55
Member
Themenstarter Beiträge: 31 |
#9
das ist keine illegale Version von PS - mittlerweile funktioniert es auch wieder, weshalb auch immer.
|
|
|
||
14.04.2010, 09:06
Moderator
Beiträge: 5694 |
#10
Zitat O1 - Hosts: 127.0.0.1 activate.adobe.comDieser hier blockt zum Beispiel die Verbindung zu Aktivierungs Server und den macht man eigentlich nur rein wenn man keine original Adobe Software nutzt. Also wenn diese gekaufte Box keine orignal CD´s enthält würde ich das ganze Zeug ganz schnell deinstallieren. Wer hat dann diese Einträge gemacht? |
|
|
||
nach dem Hochfahren stets über längere Zeit 100% CPU-Auslastung. Malewarebaytes- & Antivirenscan fanden nichts Verdächtiges
ComboFix & Hijackthis-Log siehe unten
Bitte um Support
Vielen Dank!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:54, on 12.04.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Security Task Manager\SpyProtector.exe
C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncingOLWatchService.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zinseszins.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [ForexCodeGuardLoader] C:\Program Files\ForexCodeGuard\ForexCodeGuardLoader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Voipwise] "C:\Program Files\Voipwise.com\Voipwise\voipwise.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [acSecurityLayer] C:\Program Files\A-Trust GmbH\Security Layer\acSecurityLayer.exe
O4 - HKCU\..\Run: [SyncService] "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent
O4 - HKCU\..\Run: [Spy Protector] C:\Program Files\Security Task Manager\SpyProtector.exe /autostart
O4 - Startup: AutorunsDisabled
O4 - Global Startup: a.sign Client.lnk = C:\Program Files\A-Trust GmbH\a.sign Client\acLauncher.exe
O4 - Global Startup: Register Mask Pro 3.0.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Mit dem LeechGet Wizard laden - file://C:\Program Files\LeechGet 2009\\Wizard.html
O8 - Extra context menu item: Mit LeechGet herunterladen - file://C:\Program Files\LeechGet 2009\\AddUrl.html
O8 - Extra context menu item: Mit LeechGet parsen - file://C:\Program Files\LeechGet 2009\\Parser.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RF - Formular ausfüllen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RF - Formular speichern - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF - Menü anpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://www.zdf.de
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDC16DE4-F722-4B93-953D-A56592AB4CBD}: NameServer = 192.168.178.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CDC16DE4-F722-4B93-953D-A56592AB4CBD}: NameServer = 192.168.178.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{CDC16DE4-F722-4B93-953D-A56592AB4CBD}: NameServer = 192.168.178.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll c:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll C:\Windows\System32\ForexCodeGuard.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\astsrv.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cyberJack PC/SC COM Service (cjpcsc) - REINER SCT - C:\Windows\system32\cjpcsc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Zeitschaltuhr Service (PCZeitschaltuhrService) - Unknown owner - C:\Program Files\DATA BECKER\PC Zeitschaltuhr\PCZeitschaltuhrService.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 13365 bytes
ComboFix 10-04-11.06 - ZZ 12.04.2010 17:23:28.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.43.1031.18.2048.908 [GMT 2:00]
ausgeführt von:: c:\users\ZZ\Downloads\ComboFix.exe
FW: Outpost Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
SP: Outpost Firewall Pro *disabled* (Updated) {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
* Im Speicher befindliches AV aktiv.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-3163621403-2613199023-1101206360-1001
c:\users\ZZ\AppData\Roaming\.#
c:\windows\system32\AVSredirect.dll
.
((((((((((((((((((((((( Dateien erstellt von 2010-03-12 bis 2010-04-12 ))))))))))))))))))))))))))))))
.
2010-04-12 15:42 . 2010-04-12 15:43 -------- d-----w- c:\users\ZZ\AppData\Local\temp
2010-04-12 15:42 . 2010-04-12 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-12 15:19 . 2010-04-12 15:20 -------- d-----w- C:\32788R22FWJFW
2010-04-11 01:00 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-09 13:58 . 2009-08-19 22:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-04-08 18:13 . 2010-04-08 18:13 314 ----a-w- c:\programdata\SecTaskMan\icn_4E4A76D00EB5A9C4A88DBA55B234F332.dll
2010-04-05 18:35 . 2010-04-05 18:35 -------- d-----w- c:\users\ZZ\AppData\Roaming\Malwarebytes
2010-04-05 18:35 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-05 18:35 . 2010-04-05 18:35 -------- d-----w- c:\programdata\Malwarebytes
2010-04-05 18:35 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-05 18:35 . 2010-04-05 18:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-05 12:47 . 2010-04-05 12:47 -------- d-----w- c:\windows\Sun
2010-04-05 12:41 . 2010-04-05 12:41 -------- d-----w- c:\program files\Common Files\Java
2010-04-05 12:17 . 2010-04-05 12:17 -------- d-----w- c:\program files\iPod
2010-04-05 12:16 . 2010-04-05 12:25 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-05 12:16 . 2010-04-05 12:25 -------- d-----w- c:\program files\iTunes
2010-04-05 11:59 . 2010-04-05 12:01 -------- d-----w- c:\program files\QuickTime
2010-04-05 11:46 . 2010-04-05 11:46 -------- d-----w- c:\program files\Bonjour
2010-04-05 11:36 . 2010-04-05 11:36 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-31 06:50 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-03-27 09:28 . 2010-03-27 10:26 -------- d-----w- C:\AllDupBackup
2010-03-27 09:28 . 2010-03-27 09:28 -------- d-----w- c:\users\ZZ\AppData\Roaming\AllDup
2010-03-27 09:27 . 2010-03-27 09:27 -------- d-----w- c:\programdata\AllDup
2010-03-27 09:27 . 2008-08-20 17:12 258048 ----a-w- c:\programdata\AllDup\FEShlExt.dll
2010-03-27 09:27 . 2009-10-12 22:02 44736 ----a-w- c:\windows\system32\mtSubclass.dll
2010-03-27 09:27 . 2000-10-01 22:00 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2010-03-27 09:27 . 1998-07-05 22:00 33792 ----a-w- c:\windows\system32\CMDLGDE.DLL
2010-03-27 09:27 . 1998-07-05 22:00 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2010-03-27 09:27 . 2010-03-27 09:27 -------- d-----w- c:\program files\AllDup
2010-03-25 16:38 . 2010-03-25 16:38 -------- d-----w- c:\program files\FLV Player
2010-03-25 13:45 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-03-25 13:45 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-03-25 13:45 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-03-25 13:45 . 2010-03-25 13:45 -------- d-----w- c:\program files\AviSynth 2.5
2010-03-25 13:45 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-03-25 13:09 . 2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-03-25 13:09 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-03-25 13:09 . 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-03-25 13:08 . 2010-03-25 13:08 -------- d-----w- c:\program files\eRightSoft
2010-03-24 18:09 . 2010-03-24 18:09 -------- d-----w- c:\programdata\Metatrader licenses
2010-03-24 18:07 . 2010-03-24 18:07 6144 ----a-r- c:\users\ZZ\AppData\Roaming\Microsoft\Installer\{9974CF44-375D-4A0B-AC4C-125CDD8E476D}\Icon11A84362.exe
2010-03-24 18:07 . 2010-03-24 18:07 -------- d-----w- c:\program files\ForexCodeGuard
2010-03-22 22:39 . 2010-03-22 22:39 -------- d-----w- c:\users\ZZ\AppData\Roaming\DivX
2010-03-22 22:36 . 2010-03-25 18:16 -------- d-----w- c:\program files\RM Converter
2010-03-22 22:01 . 2010-03-22 22:01 -------- d-----w- c:\users\ZZ\AppData\Roaming\SYNCING.NET
2010-03-22 22:00 . 2010-03-22 22:00 -------- d-----w- c:\program files\SYNCING.NET Technologies
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 15:48 . 2009-10-18 10:50 -------- d-----w- c:\users\ZZ\AppData\Roaming\uTorrent
2010-04-12 15:02 . 2009-11-03 09:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-12 14:26 . 2009-12-21 09:34 -------- d-----w- c:\users\ZZ\AppData\Roaming\Skype
2010-04-12 14:00 . 2009-12-21 09:39 -------- d-----w- c:\users\ZZ\AppData\Roaming\skypePM
2010-04-09 20:22 . 2010-04-08 18:13 -------- d-----w- c:\programdata\SecTaskMan
2010-04-08 18:13 . 2010-04-08 18:13 916 ----a-w- c:\programdata\SecTaskMan\icn_34053A86A55C7324889C73EEC136DE17.dll
2010-04-05 21:32 . 2009-11-03 09:46 -------- d-----w- c:\users\ZZ\AppData\Roaming\LimeWire
2010-04-05 19:11 . 2009-07-14 08:47 643628 ----a-w- c:\windows\system32\perfh007.dat
2010-04-05 19:11 . 2009-07-14 08:47 126188 ----a-w- c:\windows\system32\perfc007.dat
2010-04-05 12:40 . 2009-11-03 09:44 -------- d-----w- c:\program files\Java
2010-04-05 12:16 . 2009-10-24 11:29 -------- d-----w- c:\program files\Common Files\Apple
2010-03-31 17:38 . 2009-10-18 11:44 -------- d-----w- c:\users\ZZ\AppData\Roaming\GoodSync
2010-03-27 11:10 . 2009-12-19 16:57 -------- d-----w- c:\users\ZZ\AppData\Roaming\foobar2000
2010-03-25 18:39 . 2009-12-18 15:36 -------- d-----w- c:\program files\a-squared Free
2010-03-25 18:17 . 2010-01-15 11:55 -------- d-----w- c:\program files\Super Internet TV
2010-03-25 14:46 . 2009-10-18 15:55 91680 ----a-w- c:\users\ZZ\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-24 18:06 . 2009-11-03 16:11 -------- d-----w- c:\program files\FXCM MT4 powered by BT
2010-03-21 13:04 . 2009-11-03 09:43 -------- d-----w- c:\program files\LimeWire
2010-03-10 22:51 . 2009-10-17 19:55 -------- d-----w- c:\programdata\Microsoft Help
2010-02-24 08:16 . 2009-10-17 19:37 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 17:04 . 2010-02-23 17:04 116408 ----a-w- c:\windows\system32\ForexCodeGuard.dll
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-02 07:45 . 2010-02-24 11:17 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-18 23:29 . 2010-02-10 17:04 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 17:04 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 17:04 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 17:04 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 17:04 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 17:04 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 17:04 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 17:04 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-14 17:04 . 2009-10-17 19:49 714968 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2006-05-03 10:06 . 2010-03-25 13:09 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2010-03-25 13:09 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2010-03-25 13:09 216064 --sh--r- c:\windows\System32\nbDX.dll
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!1SYNCING.NET Unread]
@="{5C9D3C37-2C95-4b5b-9EF0-4E0AFCA5E78A}"
[HKEY_CLASSES_ROOT\CLSID\{5C9D3C37-2C95-4b5b-9EF0-4E0AFCA5E78A}]
2009-07-20 16:27 832904 ----a-w- c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!2SYNCING.NET Shared Folder]
@="{FB8CDFB0-B508-4F12-A91E-26E68ABB4DAE}"
[HKEY_CLASSES_ROOT\CLSID\{FB8CDFB0-B508-4F12-A91E-26E68ABB4DAE}]
2009-07-20 16:27 832904 ----a-w- c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!3SYNCING.NET CheckedOutByTeammate]
@="{5CBF1ABD-2D6A-4570-9A4F-A47798BBFC08}"
[HKEY_CLASSES_ROOT\CLSID\{5CBF1ABD-2D6A-4570-9A4F-A47798BBFC08}]
2009-07-20 16:27 832904 ----a-w- c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!4SYNCING.NET CheckedOutByMe]
@="{B133F3E9-124C-4669-BFFF-1B74508B5A84}"
[HKEY_CLASSES_ROOT\CLSID\{B133F3E9-124C-4669-BFFF-1B74508B5A84}]
2009-07-20 16:27 832904 ----a-w- c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!5SYNCING.NET DownArrow]
@="{0B914147-F836-4cfa-893A-ECE90B815982}"
[HKEY_CLASSES_ROOT\CLSID\{0B914147-F836-4cfa-893A-ECE90B815982}]
2009-07-20 16:27 832904 ----a-w- c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-18 319792]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-10-18 160592]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Voipwise"="c:\program files\Voipwise.com\Voipwise\voipwise.exe" [2010-03-17 9084720]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-12-01 389120]
"acSecurityLayer"="c:\program files\A-Trust GmbH\Security Layer\acSecurityLayer.exe" [2010-01-26 3232928]
"SyncService"="c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" [2009-07-20 1557896]
"Spy Protector"="c:\program files\Security Task Manager\SpyProtector.exe" [2008-06-24 114248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2010-01-13 439272]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5082488]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-27 30192]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-21 640440]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-02-14 1193472]
"ForexCodeGuardLoader"="c:\program files\ForexCodeGuard\ForexCodeGuardLoader.exe" [2010-02-10 48824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\users\ZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-10 503808]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
a.sign Client.lnk - c:\program files\A-Trust GmbH\a.sign Client\acLauncher.exe [2009-12-22 1008800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{7B0E5486-E11D-437f-AC8B-7901C7D3FCCB}"= "c:\program files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll" [2009-07-20 832904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\ForexCodeGuard.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
R2 PCZeitschaltuhrService;PC Zeitschaltuhr Service;c:\program files\DATA BECKER\PC Zeitschaltuhr\PCZeitschaltuhrService.exe [2006-02-05 484864]
R3 cjusb;REINER SCT cyberJack pinpad/e-com USB;c:\windows\system32\DRIVERS\cjusb.sys [2007-05-31 23040]
R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-10-27 30192]
S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2009-10-25 902432]
S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2009-02-18 29208]
S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2007-05-31 14949]
S1 CXAVSAUD;Prolink 2388x Audio Capture;c:\windows\system32\DRIVERS\pvavsaud.sys [2005-10-25 11008]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2010-01-14 714968]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2009-10-01 1858144]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009-02-14 402248]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2009-10-25 2326920]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [2009-04-15 654640]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 95896]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-03-29 303952]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-09 1044808]
S2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-12-22 17984]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2009-10-25 159168]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-11-02 319000]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2010-01-14 34488]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2006-04-01 299715]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-03-29 20824]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.zinseszins.net/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Mit dem LeechGet Wizard laden - file://c:\program files\LeechGet 2009\\Wizard.html
IE: Mit LeechGet herunterladen - file://c:\program files\LeechGet 2009\\AddUrl.html
IE: Mit LeechGet parsen - file://c:\program files\LeechGet 2009\\Parser.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: RF - Formular ausfüllen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RF - Formular speichern - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
Trusted Zone: zdf.de\www
TCP: {CDC16DE4-F722-4B93-953D-A56592AB4CBD} = 192.168.178.1
FF - ProfilePath - c:\users\ZZ\AppData\Roaming\Mozilla\Firefox\Profiles\rwfluuxs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.zinseszins.net
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-04-12 17:54:45
ComboFix-quarantined-files.txt 2010-04-12 15:54
Vor Suchlauf: 4.568.584.192 Bytes frei
Nach Suchlauf: 4.502.929.408 Bytes frei
- - End Of File - - 6FAE4C4239CE2E0C3DF865A56B829D90