Ihrgendwas beeinflusst meinen PC

Roby019 · 10.04.2010, 17:23

Hallo Leute,

Suche seit 1-2 Stunden in google nach nem passenden Problem und einer Lösung, aber nichts gutes gefunden, also wende ich mich an euch.

Es geht darum:

Habe den Laptop jetzt seit etwa 2 Jahre und hatte noch nie Probleme mit ihm, bis jetzt!

Nach ner Zeit wo er läuft hängen sich immer wieder random Programme auf, und dan geht die sauerrein so richtig los.

Er wird extrem langsam, die CPU auslastung geht nichtmehr unter 90%, ihrgenswas müllt mir den Physikalischen Speicher auf etwa 1.5GB bis 2.5 GB voll das sind etwa 50-80%.

Habe folgendes in letztes zeit gemacht:

Norten Full System Scan, CCleaner, Tune Up (alles durch), Defrag, Festplatte aufgeräumt; (Hat wenig gebracht)!!

Hier noch schnell der auszug aus Hijackthis:

PS: Es kommt ihrgendwann zwischendurch eine Fehlhermeldung wenn ich den HijackThis durchführe, falls ihr die auch sehen wollt stell ich euch das bild online.

------------------------------------------------------------------------------

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Users\Roby\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Programme\Itunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Programme\Deamon\DAEMON Tools Lite\daemon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Programme\Spy Bot\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telekom Austria TA AG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spy Bot\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\Itunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programme\Deamon\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Showbalm] "C:\ProgramData\jump program program.d5g3t4z"
O4 - HKCU\..\Run: [DEBUG FLAW BODY CLOCK] "C:\ProgramData\Debug bib delete.7gfbnm"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spy Bot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spy Bot\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spy Bot\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/DE-AT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Programme\Common\Database\bin\fbserver.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Programme\Spy Bot\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Windows\
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14077 bytes

------------------------------------------------------------------------------

Ich hoffe ihr könnt mir gute Tipps geben und das problem zu finden!

Danke für eure Hilfe!!

lg,roby

Chris4You · 10.04.2010, 17:39

Hi,

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen!
(nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den
Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\ProgramData\jump program program.d5g3t4z
C:\ProgramData\Debug bib delete.7gfbnm

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris
Für mich:
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll

Roby019 · 10.04.2010, 18:24

C:\ProgramData\jump program program.d5g3t4z sagt folgendes:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.04.10 -
AhnLab-V3 5.0.0.2 2010.04.10 -
AntiVir 7.10.6.55 2010.04.09 -
Antiy-AVL 2.0.3.7 2010.04.09 -
Authentium 5.2.0.5 2010.04.10 -
Avast 4.8.1351.0 2010.04.10 -
Avast5 5.0.332.0 2010.04.10 -
AVG 9.0.0.787 2010.04.10 -
BitDefender 7.2 2010.04.10 -
CAT-QuickHeal 10.00 2010.04.10 -
ClamAV 0.96.0.3-git 2010.04.10 -
Comodo 4557 2010.04.10 -
DrWeb 5.0.2.03300 2010.04.10 -
eSafe 7.0.17.0 2010.04.08 -
eTrust-Vet 35.2.7418 2010.04.09 -
F-Prot 4.5.1.85 2010.04.10 -
F-Secure 9.0.15370.0 2010.04.10 -
Fortinet 4.0.14.0 2010.04.10 -
GData 19 2010.04.10 -
Ikarus T3.1.1.80.0 2010.04.10 -
Jiangmin 13.0.900 2010.04.10 -
Kaspersky 7.0.0.125 2010.04.10 -
McAfee-GW-Edition 6.8.5 2010.04.09 -
Microsoft 1.5605 2010.04.10 -
NOD32 5015 2010.04.10 -
Norman 6.04.11 2010.04.10 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.10 -
PCTools 7.0.3.5 2010.04.10 -
Prevx 3.0 2010.04.10 -
Rising 22.42.04.03 2010.04.09 -
Sophos 4.52.0 2010.04.10 -
Sunbelt 6161 2010.04.10 -
Symantec 20091.2.0.41 2010.04.10 -
TheHacker 6.5.2.0.259 2010.04.10 -
TrendMicro 9.120.0.1004 2010.04.10 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.10.2270 2010.04.10 -
VirusBuster 5.0.27.0 2010.04.10 -
weitere Informationen
File size: 139280 bytes
MD5 : f726b53e084899f44fccc6fabbdf25d8
SHA1 : 249fff14d84f5d1578e16b283bb75cf67664438c
SHA256: 76a4f78a1d72b935300ca26f960d94b8d39efb8365188ddf07e8352809da3df3
TrID : File type identification
Unknown!
ssdeep: 3072:jP0SHrSZvE9qCTVcc3cjjBRkRmc963qOyOE9w:jPRHrSZvEYIyc3cjjPeL98q5J9w
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
-

----------------------------------------------------

C:\ProgramData\Debug bib delete.7gfbnm sagt folgendes:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.04.10 -
AhnLab-V3 5.0.0.2 2010.04.10 -
AntiVir 7.10.6.55 2010.04.09 -
Antiy-AVL 2.0.3.7 2010.04.09 -
Authentium 5.2.0.5 2010.04.10 -
Avast 4.8.1351.0 2010.04.10 -
Avast5 5.0.332.0 2010.04.10 -
AVG 9.0.0.787 2010.04.10 -
BitDefender 7.2 2010.04.10 -
CAT-QuickHeal 10.00 2010.04.10 -
ClamAV 0.96.0.3-git 2010.04.10 -
Comodo 4557 2010.04.10 -
DrWeb 5.0.2.03300 2010.04.10 -
eTrust-Vet 35.2.7418 2010.04.09 -
F-Prot 4.5.1.85 2010.04.10 -
F-Secure 9.0.15370.0 2010.04.10 -
Fortinet 4.0.14.0 2010.04.10 -
GData 19 2010.04.10 -
Ikarus T3.1.1.80.0 2010.04.10 -
Jiangmin 13.0.900 2010.04.10 -
Kaspersky 7.0.0.125 2010.04.10 -
McAfee-GW-Edition 6.8.5 2010.04.09 -
Microsoft 1.5605 2010.04.10 -
NOD32 5015 2010.04.10 -
Norman 6.04.11 2010.04.10 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.10 -
PCTools 7.0.3.5 2010.04.10 -
Prevx 3.0 2010.04.10 -
Rising 22.42.04.03 2010.04.09 -
Sophos 4.52.0 2010.04.10 -
Sunbelt 6161 2010.04.10 -
Symantec 20091.2.0.41 2010.04.10 -
TheHacker 6.5.2.0.259 2010.04.10 -
TrendMicro 9.120.0.1004 2010.04.10 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.10.2270 2010.04.10 -
VirusBuster 5.0.27.0 2010.04.10 -
weitere Informationen
File size: 159760 bytes
MD5...: d99e4aa1be1eeece37033dbbcab968b8
SHA1..: 1c8287d2c490452b2a69c115ade8d566698c26cf
SHA256: 64f3c3fb0116924a793459d61e6bb24be6046af6df03be5c5823c2b33994f5be
ssdeep: 3072:iripYkziFT+Z3LNA3DN+ooZTlyWbu38xU0YLak/DGR4Z8TO1PVgRWRNBd7k
myVUJ:iGYkGFT+Z5EDNUTlFeqU0gLG6Z8K1PcE
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Roby019 · 10.04.2010, 19:26

PC ist gerade ganz weg gewesen, nach dem neu hochfahren waren auf einmal 3 neue Desktop Icons da.

Sie sind so halb durchsichtig.

2 mal desktop.ini: beim öffnen kommen Textdateien

1 mal ein altes exel file

Können die was mit mein problem zu tuhen haben?

lg

Chris4You · 10.04.2010, 20:39

Hi,

das kann fast nicht sein, dass nichts erkannt wird...oder was sehr neues!

Was macht MAM?
Wir fixen die Einträge erst mal mit HJ:

Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!
(Falls vorhanden, Teatimer von Spyboot wie folgt deaktivieren:
Modus-->Erweiterte Modus-->Ja-->Werkzeuge-->Resident-->dHäkchen entfernen aus der "Resident "TeaTimer" (Schutz aller Systemeinstellungen)->exit)

Code:

ATTFilter

O4 - HKCU\..\Run: [Showbalm] "C:\ProgramData\jump program program.d5g3t4z"
O4 - HKCU\..\Run: [DEBUG FLAW BODY CLOCK] "C:\ProgramData\Debug bib delete.7gfbnm"

Unbedingt MAM laufen lassen, alles bereinigen lassen und Log posten!

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

Falls kein Win7 zusätzlich noch:
Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (http://www.gmer.net/#files), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.

chris

Roby019 · 10.04.2010, 22:25

Hey,

Danke erstmal für die tolle hilfe.

Die 2 Logs die du meinst die ich entfernen soll sind zwar im txt drin, was es erstellt, aber nicht in der Liste in HijackTHis

Den MAM und den OTL Bericht werd ich in etwa 10 Minuten nachliefern

lg

Roby019 · 10.04.2010, 22:42

MAM:

Ging recht schnell da ich es vor 4 stunden machte, da waren aber genau so 0 Gefundene Objekte.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3975

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

10.04.2010 23:35:10
mbam-log-2010-04-10 (23-35-10).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 108288
Laufzeit: 13 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

---------------------------------------------------

OTL:

OTL logfile created on: 10.04.2010 23:31:08 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Roby\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 57,77 Gb Free Space | 40,07% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 122,47 Gb Free Space | 84,96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBERT-LAPTOP
Current User Name: Roby
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Roby\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Programme\Malwarebytes\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
PRC - D:\Programme\Spy Bot\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - D:\Programme\Spy Bot\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Users\Roby\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

========== Modules (SafeList) ==========

MOD - C:\Users\Roby\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Norton Internet Security\Engine\17.6.0.32\asoehook.dll (Symantec Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Akamai) -- c:\Programme\Common Files\Akamai\rswin_3653.dll ()
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.21006_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (SBSDWSCService) -- D:\Programme\Spy Bot\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (msvsmon90) -- D:\Programme\Visual Studio\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

========== Driver Services (SafeList) ==========

DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1106000.020\Ironx86.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1106000.020\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1106000.020\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\system32\drivers\NIS\1106000.020\ccHPx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100410.004\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100410.004\NAVENG.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1106000.020\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1106000.020\SYMEFA.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1106000.020\SYMDS.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSvix86.sys (Symantec Corporation)
DRV - (VSPerfDrv100) -- C:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (L6UX1) -- C:\Windows\System32\drivers\L6UX1.sys (Line 6)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (HopperP) WiFi Hopper (Vista) -- C:\Windows\System32\drivers\hopperp.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (alcaudsl) -- C:\Windows\System32\drivers\alcaudsl.sys (THOMSON multimedia)
DRV - (alcan5wn) Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\Windows\System32\drivers\alcan5wn.sys (THOMSON multimedia)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://apps.facebook.com/treasureisle/index.php?ref=bookmark
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: zigboom@hotmail.com:1.1.5
FF - prefs.js..keyword.URL: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9050
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 8118
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8118
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 8118
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8118
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010.01.02 15:48:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010.01.26 22:48:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 15:01:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.03 15:01:28 | 000,000,000 | ---D | M]

[2008.10.02 10:24:51 | 000,000,000 | ---D | M] -- C:\Users\Roby\AppData\Roaming\mozilla\Extensions
[2010.04.10 20:35:19 | 000,000,000 | ---D | M] -- C:\Users\Roby\AppData\Roaming\mozilla\Firefox\Profiles\ur1c3dsz.default\extensions
[2009.09.02 19:01:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Roby\AppData\Roaming\mozilla\Firefox\Profiles\ur1c3dsz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.10 15:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roby\AppData\Roaming\mozilla\Firefox\Profiles\ur1c3dsz.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010.04.10 15:41:36 | 000,000,000 | ---D | M] -- C:\Users\Roby\AppData\Roaming\mozilla\Firefox\Profiles\ur1c3dsz.default\extensions\redshift_V2@shift-themes.com
[2010.03.31 23:43:22 | 000,000,000 | ---D | M] -- C:\Users\Roby\AppData\Roaming\mozilla\Firefox\Profiles\ur1c3dsz.default\extensions\zigboom@hotmail.com
[2009.06.02 17:58:15 | 000,001,681 | ---- | M] () -- C:\Users\Roby\AppData\Roaming\Mozilla\FireFox\Profiles\ur1c3dsz.default\searchplugins\ask.uk.xml
[2009.01.02 16:09:17 | 000,001,632 | ---- | M] () -- C:\Users\Roby\AppData\Roaming\Mozilla\FireFox\Profiles\ur1c3dsz.default\searchplugins\live-search.xml
[2010.01.02 15:53:11 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.22 23:49:52 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.22 23:49:52 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.22 23:49:52 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.22 23:49:52 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.22 23:49:52 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spy Bot\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Programme\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spy Bot\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\System32\PrxerNsp.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: C:\Users\Roby\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Roby\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0211a8dc-8a21-11dd-aa93-001d723bbd87}\Shell - "" = AutoRun
O33 - MountPoints2\{0211a8dc-8a21-11dd-aa93-001d723bbd87}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{08ff4ad9-0853-11df-9a06-001d723bbd87}\Shell - "" = AutoRun
O33 - MountPoints2\{08ff4ad9-0853-11df-9a06-001d723bbd87}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{08ff4afb-0853-11df-9a06-001d723bbd87}\Shell - "" = AutoRun
O33 - MountPoints2\{08ff4afb-0853-11df-9a06-001d723bbd87}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{17ea23e3-9048-11dd-9bc9-001d723bbd87}\Shell - "" = AutoRun
O33 - MountPoints2\{17ea23e3-9048-11dd-9bc9-001d723bbd87}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{96006e98-8282-11dd-a164-0016ea51321c}\Shell - "" = AutoRun
O33 - MountPoints2\{96006e98-8282-11dd-a164-0016ea51321c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9e0f4cee-ec3f-11dd-a1df-001d723bbd87}\Shell - "" = Autorun
O33 - MountPoints2\{9e0f4cee-ec3f-11dd-a1df-001d723bbd87}\Shell\Open\command - "" = G:\resycled\boot.com -- File not found
O33 - MountPoints2\{9e0f4cf3-ec3f-11dd-a1df-001d723bbd87}\Shell - "" = AutoRun
O33 - MountPoints2\{9e0f4cf3-ec3f-11dd-a1df-001d723bbd87}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9e81ac32-4439-11de-9c4b-001d723bbd87}\Shell - "" = Autorun
O33 - MountPoints2\{9e81ac32-4439-11de-9c4b-001d723bbd87}\Shell\Open\command - "" = F:\resycled\boot.com -- File not found
O33 - MountPoints2\{b2c3e14a-de3c-11dd-a8cb-001d723bbd87}\Shell - "" = AutoRun
O33 - MountPoints2\{b2c3e14a-de3c-11dd-a8cb-001d723bbd87}\Shell\AutoRun\command - "" = I:\SETUP.EXE -- File not found
O33 - MountPoints2\{beed534e-ba66-11de-894d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{beed534e-ba66-11de-894d-806e6f6e6963}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.10 23:25:46 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Roby\Desktop\OTL.exe
[2010.04.10 18:46:40 | 000,000,000 | ---D | C] -- C:\Users\Roby\AppData\Roaming\Malwarebytes
[2010.04.10 18:45:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.10 18:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.10 18:45:10 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.08 20:37:59 | 000,000,000 | ---D | C] -- C:\Users\Roby\AppData\Roaming\PACE Anti-Piracy
[2010.04.08 20:37:59 | 000,000,000 | ---D | C] -- C:\Users\Roby\AppData\Local\PACE Anti-Piracy
[2010.04.08 20:21:15 | 000,000,000 | ---D | C] -- C:\Users\Roby\Documents\Sonoma Wire Works
[2010.04.08 20:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonoma Wire Works
[2010.04.08 20:09:52 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\ReWire.dll
[2010.04.08 20:09:52 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\REX Shared Library.dll
[2010.04.08 19:57:54 | 000,000,000 | ---D | C] -- C:\Users\Roby\Documents\Line 6
[2010.04.08 19:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Line 6
[2010.04.08 19:53:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Line 6
[2010.04.08 19:47:13 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Digidesign
[2010.03.31 12:00:35 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.03.31 12:00:35 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 12:00:34 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.03.31 12:00:34 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.03.31 12:00:34 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 12:00:34 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.03.31 12:00:34 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.03.31 12:00:34 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.03.31 12:00:34 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.03.31 12:00:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.03.31 12:00:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.03.31 12:00:34 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.03.31 12:00:34 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.03.31 12:00:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.03.31 12:00:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.03.26 15:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2010.03.23 20:20:48 | 000,000,000 | ---D | C] -- C:\Users\Roby\AppData\Roaming\TS3Client
[2010.03.23 20:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2010.03.22 13:12:34 | 000,000,000 | ---D | C] -- C:\Users\Roby\Desktop\Covers
[2010.03.21 00:16:55 | 000,000,000 | R-SD | C] -- C:\Users\Roby\Documents\My Stationery
[2010.03.12 09:48:28 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe

========== Files - Modified Within 30 Days ==========

[2010.04.10 23:37:21 | 011,796,480 | ---- | M] () -- C:\Users\Roby\ntuser.dat
[2010.04.10 23:35:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.10 23:26:15 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Roby\Desktop\OTL.exe
[2010.04.10 23:10:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.10 23:00:02 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.04.10 22:19:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.10 22:19:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.10 22:13:18 | 001,921,758 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\Cat.DB
[2010.04.10 20:20:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.04.10 20:20:03 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.10 20:19:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.10 20:18:59 | 3215,855,616 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.10 18:45:42 | 000,000,711 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2010.04.09 23:05:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.04.09 23:05:38 | 000,524,288 | -HS- | M] () -- C:\Users\Roby\ntuser.dat{208f6a85-f7a4-11de-9763-001d723bbd87}.TMContainer00000000000000000001.regtrans-ms
[2010.04.09 23:05:38 | 000,065,536 | -HS- | M] () -- C:\Users\Roby\ntuser.dat{208f6a85-f7a4-11de-9763-001d723bbd87}.TM.blf
[2010.04.09 23:05:27 | 002,860,182 | -H-- | M] () -- C:\Users\Roby\AppData\Local\IconCache.db
[2010.04.09 23:04:59 | 000,012,436 | ---- | M] () -- C:\Users\Roby\Documents\Novarock 2010.xlsx
[2010.04.09 21:06:47 | 000,039,936 | ---- | M] () -- C:\Users\Roby\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.09 14:38:12 | 000,000,471 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010.04.09 14:38:12 | 000,000,052 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2010.04.08 20:20:49 | 000,000,768 | ---- | M] () -- C:\Users\Roby\Desktop\RiffWorks T4.lnk
[2010.04.08 20:02:46 | 000,001,024 | ---- | M] () -- C:\Users\Roby\Desktop\POD Farm.lnk
[2010.04.08 19:15:17 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010.04.07 06:16:41 | 001,860,504 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.07 06:16:41 | 000,786,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.07 06:16:41 | 000,727,084 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.07 06:16:41 | 000,193,284 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.07 06:16:41 | 000,155,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.01 22:05:52 | 000,013,562 | ---- | M] () -- C:\Users\Roby\Documents\Medienfachmann.xlsx
[2010.04.01 13:30:29 | 000,002,633 | ---- | M] () -- C:\Users\Roby\Desktop\Microsoft Office Excel 2007.lnk
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.27 02:57:35 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\isolate.ini
[2010.03.26 15:59:26 | 000,000,664 | ---- | M] () -- C:\Users\Roby\Desktop\TmForeverLauncher.lnk
[2010.03.25 13:20:46 | 000,000,175 | ---- | M] () -- C:\Users\Roby\AppData\Roaming\Current.prx
[2010.03.24 13:41:21 | 000,119,617 | ---- | M] () -- C:\Users\Roby\Documents\CVInstructions_en_GB.pdf
[2010.03.23 20:19:37 | 000,000,700 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.03.23 12:38:27 | 000,010,517 | ---- | M] () -- C:\Users\Roby\Documents\Die Hochzeit von Auschwitz.docx
[2010.03.23 12:30:02 | 000,002,631 | ---- | M] () -- C:\Users\Roby\Desktop\Microsoft Office Word 2007.lnk

========== Files Created - No Company Name ==========

[2010.04.10 18:45:42 | 000,000,711 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2010.04.09 18:32:19 | 000,012,436 | ---- | C] () -- C:\Users\Roby\Documents\Novarock 2010.xlsx
[2010.04.08 20:20:47 | 000,000,768 | ---- | C] () -- C:\Users\Roby\Desktop\RiffWorks T4.lnk
[2010.04.08 20:02:46 | 000,001,024 | ---- | C] () -- C:\Users\Roby\Desktop\POD Farm.lnk
[2010.04.01 13:58:15 | 000,013,562 | ---- | C] () -- C:\Users\Roby\Documents\Medienfachmann.xlsx
[2010.03.26 15:59:25 | 000,000,664 | ---- | C] () -- C:\Users\Roby\Desktop\TmForeverLauncher.lnk
[2010.03.24 13:41:21 | 000,119,617 | ---- | C] () -- C:\Users\Roby\Documents\CVInstructions_en_GB.pdf
[2010.03.23 20:19:36 | 000,000,700 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.03.23 12:38:26 | 000,010,517 | ---- | C] () -- C:\Users\Roby\Documents\Die Hochzeit von Auschwitz.docx
[2010.02.08 12:03:35 | 000,000,175 | ---- | C] () -- C:\Users\Roby\AppData\Roaming\Current.prx
[2010.01.11 12:42:10 | 000,223,895 | ---- | C] () -- C:\Users\Roby\AppData\Local\debuggee.mdmp
[2010.01.02 16:31:40 | 000,524,288 | -HS- | C] () -- C:\Users\Roby\ntuser.dat{208f6a85-f7a4-11de-9763-001d723bbd87}.TMContainer00000000000000000002.regtrans-ms
[2010.01.02 16:31:40 | 000,524,288 | -HS- | C] () -- C:\Users\Roby\ntuser.dat{208f6a85-f7a4-11de-9763-001d723bbd87}.TMContainer00000000000000000001.regtrans-ms
[2010.01.02 16:31:40 | 000,065,536 | -HS- | C] () -- C:\Users\Roby\ntuser.dat{208f6a85-f7a4-11de-9763-001d723bbd87}.TM.blf
[2009.10.12 14:01:47 | 000,000,162 | ---- | C] () -- C:\Users\Roby\.packettracer
[2009.09.11 20:31:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.09 08:27:44 | 000,524,288 | -HS- | C] () -- C:\Users\Roby\ntuser.dat{2f39e3fb-9d07-11de-9929-0016ea51321c}.TMContainer00000000000000000002.regtrans-ms
[2009.09.09 08:27:44 | 000,524,288 | -HS- | C] () -- C:\Users\Roby\ntuser.dat{2f39e3fb-9d07-11de-9929-0016ea51321c}.TMContainer00000000000000000001.regtrans-ms
[2009.09.09 08:27:44 | 000,065,536 | -HS- | C] () -- C:\Users\Roby\ntuser.dat{2f39e3fb-9d07-11de-9929-0016ea51321c}.TM.blf
[2009.08.23 22:28:37 | 000,524,288 | -HS- | C] () -- C:\Users\Roby\ntuser.dat{36f24ce3-8fd5-11de-9c96-001d723bbd87}.TMContainer00000000000000000002.regtrans-ms
[2009.08.23 22:28:37 | 000,524,288 | -HS- | C] () -- C:\Users\Roby\ntuser.dat{36f24ce3-8fd5-11de-9c96-001d723bbd87}.TMContainer00000000000000000001.regtrans-ms
[2009.08.23 22:28:37 | 000,065,536 | -HS- | C] () -- C:\Users\Roby\ntuser.dat{36f24ce3-8fd5-11de-9c96-001d723bbd87}.TM.blf
[2009.08.13 19:08:06 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.08.13 12:41:50 | 000,524,288 | -HS- | C] () -- C:\Users\Roby\ntuser.dat{c9d3623b-87f5-11de-87a7-0016ea51321c}.TMContainer00000000000000000002.regtrans-ms
[2009.08.13 12:41:50 | 000,524,288 | -HS- | C] () -- C:\Users\Roby\ntuser.dat{c9d3623b-87f5-11de-87a7-0016ea51321c}.TMContainer00000000000000000001.regtrans-ms
[2009.08.13 12:41:50 | 000,065,536 | -HS- | C] () -- C:\Users\Roby\ntuser.dat{c9d3623b-87f5-11de-87a7-0016ea51321c}.TM.blf
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.11 14:28:24 | 000,000,040 | ---- | C] () -- C:\Windows\opt_7050.ini
[2009.06.03 13:05:35 | 000,524,288 | -HS- | C] () -- C:\Users\Roby\NTUSER.DAT{efcf32f4-5012-11de-b7ce-001d723bbd87}.TMContainer00000000000000000002.regtrans-ms
[2009.06.03 13:05:35 | 000,524,288 | -HS- | C] () -- C:\Users\Roby\NTUSER.DAT{efcf32f4-5012-11de-b7ce-001d723bbd87}.TMContainer00000000000000000001.regtrans-ms
[2009.06.03 13:05:34 | 000,065,536 | -HS- | C] () -- C:\Users\Roby\NTUSER.DAT{efcf32f4-5012-11de-b7ce-001d723bbd87}.TM.blf
[2009.05.14 08:54:16 | 000,008,592 | ---- | C] () -- C:\Programme\PHILIPSPLUGIN_INSTALLER.txt
[2009.05.03 12:46:30 | 000,524,288 | -HS- | C] () -- C:\Users\Roby\NTUSER.DAT{bbadfead-37ba-11de-b93a-0016ea51321c}.TMContainer00000000000000000002.regtrans-ms
[2009.05.03 12:46:30 | 000,524,288 | -HS- | C] () -- C:\Users\Roby\NTUSER.DAT{bbadfead-37ba-11de-b93a-0016ea51321c}.TMContainer00000000000000000001.regtrans-ms
[2009.05.03 12:46:30 | 000,065,536 | -HS- | C] () -- C:\Users\Roby\NTUSER.DAT{bbadfead-37ba-11de-b93a-0016ea51321c}.TM.blf
[2009.05.02 11:22:02 | 000,524,288 | -HS- | C] () -- C:\Users\Roby\NTUSER.DAT{d290df29-36f8-11de-b69e-0016ea51321c}.TMContainer00000000000000000002.regtrans-ms
[2009.05.02 11:22:02 | 000,524,288 | -HS- | C] () -- C:\Users\Roby\NTUSER.DAT{d290df29-36f8-11de-b69e-0016ea51321c}.TMContainer00000000000000000001.regtrans-ms
[2009.05.02 11:22:02 | 000,065,536 | -HS- | C] () -- C:\Users\Roby\NTUSER.DAT{d290df29-36f8-11de-b69e-0016ea51321c}.TM.blf
[2009.04.03 19:49:40 | 000,524,288 | -HS- | C] () -- C:\Users\Roby\NTUSER.DAT{e780de62-2072-11de-a711-001d723bbd87}.TMContainer00000000000000000002.regtrans-ms
[2009.04.03 19:49:40 | 000,524,288 | -HS- | C] () -- C:\Users\Roby\NTUSER.DAT{e780de62-2072-11de-a711-001d723bbd87}.TMContainer00000000000000000001.regtrans-ms
[2009.04.03 19:49:40 | 000,065,536 | -HS- | C] () -- C:\Users\Roby\NTUSER.DAT{e780de62-2072-11de-a711-001d723bbd87}.TM.blf
[2009.02.20 17:57:10 | 000,139,280 | ---- | C] () -- C:\ProgramData\jump program program.d5g3t4z
[2009.02.20 17:35:19 | 000,237,584 | ---- | C] () -- C:\ProgramData\jump program program.cq3jr
[2009.02.20 17:13:05 | 000,172,048 | ---- | C] () -- C:\ProgramData\jump program program.qzxh3
[2009.02.20 16:51:15 | 000,086,032 | ---- | C] () -- C:\ProgramData\jump program program.llqej36
[2009.02.20 16:29:24 | 000,294,928 | ---- | C] () -- C:\ProgramData\jump program program.d9fv4y
[2009.02.20 16:07:05 | 000,323,600 | ---- | C] () -- C:\ProgramData\jump program program.i69uh7
[2009.02.20 15:45:12 | 000,081,936 | ---- | C] () -- C:\ProgramData\jump program program.2sy706t
[2009.02.20 15:23:21 | 000,360,464 | ---- | C] () -- C:\ProgramData\jump program program.jmoec
[2009.02.13 23:05:20 | 000,524,288 | -HS- | C] () -- C:\Users\Roby\NTUSER.DAT{1fb694b6-fa08-11dd-abcd-001d723bbd87}.TMContainer00000000000000000002.regtrans-ms
[2009.02.13 23:05:20 | 000,524,288 | -HS- | C] () -- C:\Users\Roby\NTUSER.DAT{1fb694b6-fa08-11dd-abcd-001d723bbd87}.TMContainer00000000000000000001.regtrans-ms
[2009.02.13 23:05:19 | 000,065,536 | -HS- | C] () -- C:\Users\Roby\NTUSER.DAT{1fb694b6-fa08-11dd-abcd-001d723bbd87}.TM.blf
[2009.02.09 23:10:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2009.02.09 22:21:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.02.02 13:28:22 | 000,159,760 | ---- | C] () -- C:\ProgramData\Debug bib delete.7gfbnm
[2009.02.02 13:27:57 | 000,393,232 | ---- | C] () -- C:\ProgramData\jump program program.o4l2p
[2009.02.02 13:27:57 | 000,221,200 | ---- | C] () -- C:\ProgramData\jump program program.tx3ago
[2009.01.05 15:09:40 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2009.01.05 15:08:51 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.01.05 15:07:40 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.11.13 12:19:05 | 000,000,471 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008.11.13 12:19:05 | 000,000,052 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008.10.28 13:57:17 | 000,000,636 | ---- | C] () -- C:\Users\Roby\.ems.cfg
[2008.10.21 10:08:47 | 000,006,944 | ---- | C] () -- C:\Users\Roby\AppData\Local\d3d9caps.dat
[2008.09.24 12:57:34 | 000,000,450 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.09.24 12:06:45 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.09.14 10:32:14 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008.09.14 10:32:14 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008.09.14 10:32:14 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008.09.13 20:23:27 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008.09.13 20:02:50 | 000,039,936 | ---- | C] () -- C:\Users\Roby\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.13 18:47:02 | 000,000,020 | -HS- | C] () -- C:\Users\Roby\ntuser.ini
[2008.09.13 18:47:01 | 011,796,480 | ---- | C] () -- C:\Users\Roby\ntuser.dat
[2008.09.13 18:47:01 | 000,524,288 | -HS- | C] () -- C:\Users\Roby\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008.09.13 18:47:01 | 000,524,288 | -HS- | C] () -- C:\Users\Roby\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2008.09.13 18:47:01 | 000,262,144 | -H-- | C] () -- C:\Users\Roby\ntuser.dat.LOG1
[2008.09.13 18:47:01 | 000,065,536 | -HS- | C] () -- C:\Users\Roby\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2008.09.13 18:47:01 | 000,000,000 | -H-- | C] () -- C:\Users\Roby\ntuser.dat.LOG2
[2008.09.13 11:35:40 | 000,005,607 | ---- | C] () -- C:\Windows\System32\stci.dll
[2008.06.25 06:25:29 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.06.24 20:48:57 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.06.24 20:44:20 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.06.24 20:43:12 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.06.24 20:43:11 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008.06.24 20:39:19 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.05.11 23:08:01 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.11 23:04:23 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.11 23:04:23 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.05.07 09:26:05 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.05.07 09:26:05 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.05.07 09:26:04 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
< End of report >

Chris4You · 10.04.2010, 22:52

Hi,

das hier ist kein gutes Zeichen:

Zitat:

O33 - MountPoints2\{9e0f4cee-ec3f-11dd-a1df-001d723bbd87}\Shell\Open\command - "" = G:\resycled\boot.com -- File not found
O33 - MountPoints2\{9e0f4cf3-ec3f-11dd-a1df-001d723bbd87}\Shell - "" = AutoRun

Was ist Laufwerk G? Eine USB-Festplatte oder Stick? Die ist verseucht...

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
[2009.02.20 17:57:10 | 000,139,280 | ---- | C] () -- C:\ProgramData\jump program program.d5g3t4z
[2009.02.20 17:35:19 | 000,237,584 | ---- | C] () -- C:\ProgramData\jump program program.cq3jr
[2009.02.20 17:13:05 | 000,172,048 | ---- | C] () -- C:\ProgramData\jump program program.qzxh3
[2009.02.20 16:51:15 | 000,086,032 | ---- | C] () -- C:\ProgramData\jump program program.llqej36
[2009.02.20 16:29:24 | 000,294,928 | ---- | C] () -- C:\ProgramData\jump program program.d9fv4y
[2009.02.20 16:07:05 | 000,323,600 | ---- | C] () -- C:\ProgramData\jump program program.i69uh7
[2009.02.20 15:45:12 | 000,081,936 | ---- | C] () -- C:\ProgramData\jump program program.2sy706t
[2009.02.20 15:23:21 | 000,360,464 | ---- | C] () -- C:\ProgramData\jump program program.jmoec
[2009.02.02 13:28:22 | 000,159,760 | ---- | C] () -- C:\ProgramData\Debug bib delete.7gfbnm
[2009.02.02 13:27:57 | 000,393,232 | ---- | C] () -- C:\ProgramData\jump program program.o4l2p
[2009.02.02 13:27:57 | 000,221,200 | ---- | C] () -- C:\ProgramData\jump program program.tx3ago
:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet!
(Das erledigt normalerweise CF selber...)

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Wenn Dir bekannt ist welcher Stick/Festplatte das ist, mit gedrückter SHIFT-Taste anschließen, danach Combofix starten...

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen.

chris

Highway2010 · 10.04.2010, 22:57

Stecke alle Datenträger an die du hast! (Usb-stick,externe Festplatten etc)
Dann mach mit Malwarebytes einen vollständigen Systemscan!
Poste das Logfile von Malwarebytes im Forum

Das wars auch schon..

Roby019 · 10.04.2010, 22:58

Ich glaube ich habs gefunden:

Die werden immer mehr...

Highway2010 · 10.04.2010, 23:01

Zitat:

Zitat von Roby019

Ich glaube ich habs gefunden:

Die werden immer mehr...

Mach das hier so schnell wie möglich:

Stecke alle Datenträger an die du hast! (Usb-stick,externe Festplatten etc)
Dann mach mit Malwarebytes einen vollständigen Systemscan!
Poste das Logfile von Malwarebytes im Forum

Danach würde ich einen vollständigen scan mit Avira antivir machen!

Roby019 · 10.04.2010, 23:07

Ok mach ich mal alles.

Mich wundert es das die Dateien seit länger als 1 Jahr da sind Oo

Highway2010 · 10.04.2010, 23:10

Wie alt ist denn dein PC?
Wusstest du von diesen Dateien?

Roby019 · 10.04.2010, 23:20

Hey,

@Highway: Der Laptop ist knappe 2 Jahre alt, und ja die Dateien sind mir bekannt, mit den hatte ich schon vor etwa 1 Jahr Probleme, sie damals bei TuneUP in der Registry gelöscht und weg war das problem.

@Chris:

All processes killed
========== OTL ==========
C:\ProgramData\jump program program.d5g3t4z moved successfully.
C:\ProgramData\jump program program.cq3jr moved successfully.
C:\ProgramData\jump program program.qzxh3 moved successfully.
C:\ProgramData\jump program program.llqej36 moved successfully.
C:\ProgramData\jump program program.d9fv4y moved successfully.
C:\ProgramData\jump program program.i69uh7 moved successfully.
C:\ProgramData\jump program program.2sy706t moved successfully.
C:\ProgramData\jump program program.jmoec moved successfully.
C:\ProgramData\Debug bib delete.7gfbnm moved successfully.
C:\ProgramData\jump program program.o4l2p moved successfully.
C:\ProgramData\jump program program.tx3ago moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 116 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Roby
->Temp folder emptied: 5531766 bytes
->Temporary Internet Files folder emptied: 9665824 bytes
->Java cache emptied: 14854382 bytes
->FireFox cache emptied: 41876362 bytes
->Google Chrome cache emptied: 5925846 bytes
->Apple Safari cache emptied: 221169 bytes
->Opera cache emptied: 49203688 bytes
->Flash cache emptied: 5142 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1048576 bytes
RecycleBin emptied: 661 bytes

Total Files Cleaned = 122,00 mb

OTL by OldTimer - Version 3.2.1.1 log created on 04112010_001133

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP00000068DC02486775CBDB34 not found!

Registry entries deleted on Reboot...

Roby019 · 11.04.2010, 00:10

3 Neue Nachrichten für euch:

1.) CCleaner hatte Infos (siehe Bild Oben)

2.) Habe in TuneUp die Registry durchsucht der hat auch was gefunden (siehe Bild Unten)

3.) Habe nochmal so am PC gesucht und der fand ne Verknüfung mit den namen unter:

User -> AppData -> Roaming -> Microsoft -> Windows -> Recent

Ihrgendwas beeinflusst meinen PC

Plagegeister aller Art und deren Bekämpfung: Ihrgendwas beeinflusst meinen PC