Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Merkwürdiges Verhalten aber keine Viren

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 22.07.2011, 23:03   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Merkwürdiges Verhalten aber keine Viren - Standard

Merkwürdiges Verhalten aber keine Viren



Das glaub ich so nicht ganz, probier es bitte nochmal.

Alt 22.07.2011, 23:52   #17
Solaris
 
Merkwürdiges Verhalten aber keine Viren - Standard

Merkwürdiges Verhalten aber keine Viren



Komisch, jetzt hat es auf anhieb geklappt:
Zitat:
2011/07/23 00:51:18.0222 5620 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/23 00:51:18.0689 5620 ================================================================================
2011/07/23 00:51:18.0690 5620 SystemInfo:
2011/07/23 00:51:18.0690 5620
2011/07/23 00:51:18.0690 5620 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/23 00:51:18.0690 5620 Product type: Workstation
2011/07/23 00:51:18.0690 5620 ComputerName: ******-PC
2011/07/23 00:51:18.0691 5620 UserName: ******
2011/07/23 00:51:18.0691 5620 Windows directory: C:\Windows
2011/07/23 00:51:18.0691 5620 System windows directory: C:\Windows
2011/07/23 00:51:18.0691 5620 Processor architecture: Intel x86
2011/07/23 00:51:18.0691 5620 Number of processors: 2
2011/07/23 00:51:18.0691 5620 Page size: 0x1000
2011/07/23 00:51:18.0691 5620 Boot type: Normal boot
2011/07/23 00:51:18.0691 5620 ================================================================================
2011/07/23 00:51:20.0358 5620 Initialize success
2011/07/23 00:51:35.0996 5268 ================================================================================
2011/07/23 00:51:35.0996 5268 Scan started
2011/07/23 00:51:35.0996 5268 Mode: Manual;
2011/07/23 00:51:35.0996 5268 ================================================================================
2011/07/23 00:51:37.0297 5268 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/07/23 00:51:37.0344 5268 acedrv11 (a6fe70357a68ad1e279cd1012419cce6) C:\Windows\system32\drivers\acedrv11.sys
2011/07/23 00:51:37.0393 5268 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/07/23 00:51:37.0430 5268 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/07/23 00:51:37.0464 5268 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/23 00:51:37.0493 5268 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/23 00:51:37.0516 5268 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/23 00:51:37.0581 5268 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/07/23 00:51:37.0620 5268 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/07/23 00:51:37.0652 5268 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/23 00:51:37.0703 5268 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/07/23 00:51:37.0727 5268 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/07/23 00:51:37.0749 5268 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/07/23 00:51:37.0786 5268 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/23 00:51:37.0815 5268 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
2011/07/23 00:51:37.0834 5268 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/23 00:51:37.0879 5268 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/07/23 00:51:37.0908 5268 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/23 00:51:37.0940 5268 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/07/23 00:51:37.0990 5268 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/07/23 00:51:38.0031 5268 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/23 00:51:38.0052 5268 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/23 00:51:38.0095 5268 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/23 00:51:38.0116 5268 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/07/23 00:51:38.0165 5268 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
2011/07/23 00:51:38.0238 5268 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/23 00:51:38.0262 5268 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/23 00:51:38.0303 5268 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/23 00:51:38.0327 5268 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/23 00:51:38.0352 5268 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/23 00:51:38.0372 5268 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/23 00:51:38.0395 5268 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/23 00:51:38.0406 5268 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/23 00:51:38.0415 5268 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/23 00:51:38.0435 5268 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/23 00:51:38.0448 5268 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/23 00:51:38.0460 5268 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/23 00:51:38.0469 5268 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/23 00:51:38.0479 5268 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/23 00:51:38.0492 5268 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/23 00:51:38.0526 5268 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/23 00:51:38.0554 5268 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/23 00:51:38.0585 5268 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/23 00:51:38.0623 5268 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/23 00:51:38.0651 5268 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/07/23 00:51:38.0667 5268 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/23 00:51:38.0688 5268 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/23 00:51:38.0716 5268 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/23 00:51:38.0768 5268 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
2011/07/23 00:51:38.0786 5268 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/23 00:51:38.0850 5268 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/07/23 00:51:38.0915 5268 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/07/23 00:51:38.0938 5268 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/23 00:51:38.0975 5268 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/23 00:51:39.0031 5268 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/23 00:51:39.0068 5268 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/23 00:51:39.0250 5268 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/23 00:51:39.0415 5268 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/07/23 00:51:39.0444 5268 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/23 00:51:39.0495 5268 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/07/23 00:51:39.0544 5268 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/23 00:51:39.0565 5268 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/23 00:51:39.0783 5268 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/23 00:51:39.0844 5268 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/23 00:51:39.0867 5268 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/23 00:51:39.0888 5268 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/23 00:51:39.0924 5268 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/23 00:51:39.0956 5268 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/23 00:51:39.0977 5268 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/23 00:51:40.0013 5268 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/23 00:51:40.0040 5268 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/23 00:51:40.0086 5268 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/07/23 00:51:40.0126 5268 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/23 00:51:40.0177 5268 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/07/23 00:51:40.0214 5268 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/23 00:51:40.0237 5268 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/23 00:51:40.0255 5268 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/23 00:51:40.0282 5268 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/23 00:51:40.0320 5268 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/07/23 00:51:40.0363 5268 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/23 00:51:40.0402 5268 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/07/23 00:51:40.0440 5268 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/23 00:51:40.0478 5268 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/07/23 00:51:40.0516 5268 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/07/23 00:51:40.0554 5268 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/23 00:51:40.0588 5268 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/07/23 00:51:40.0613 5268 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/23 00:51:40.0650 5268 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/23 00:51:40.0668 5268 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/23 00:51:40.0700 5268 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/23 00:51:40.0737 5268 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/07/23 00:51:40.0769 5268 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/07/23 00:51:40.0803 5268 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/07/23 00:51:40.0841 5268 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/07/23 00:51:40.0880 5268 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/23 00:51:40.0908 5268 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/23 00:51:40.0996 5268 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/07/23 00:51:41.0020 5268 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/23 00:51:41.0068 5268 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/23 00:51:41.0114 5268 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/23 00:51:41.0133 5268 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/23 00:51:41.0159 5268 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/23 00:51:41.0192 5268 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/23 00:51:41.0301 5268 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/07/23 00:51:41.0335 5268 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/23 00:51:41.0359 5268 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/23 00:51:41.0390 5268 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/23 00:51:41.0423 5268 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/23 00:51:41.0454 5268 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/07/23 00:51:41.0475 5268 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/23 00:51:41.0533 5268 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/23 00:51:41.0566 5268 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/07/23 00:51:41.0612 5268 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/23 00:51:41.0668 5268 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/07/23 00:51:41.0716 5268 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/23 00:51:41.0774 5268 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/23 00:51:41.0816 5268 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/23 00:51:41.0843 5268 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/07/23 00:51:41.0882 5268 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/07/23 00:51:41.0928 5268 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/23 00:51:41.0949 5268 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/23 00:51:41.0980 5268 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/07/23 00:51:42.0015 5268 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/23 00:51:42.0036 5268 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/23 00:51:42.0057 5268 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/23 00:51:42.0084 5268 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/23 00:51:42.0117 5268 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/07/23 00:51:42.0134 5268 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/23 00:51:42.0154 5268 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/23 00:51:42.0176 5268 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/23 00:51:42.0222 5268 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/23 00:51:42.0263 5268 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/07/23 00:51:42.0307 5268 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/23 00:51:42.0324 5268 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/23 00:51:42.0359 5268 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/23 00:51:42.0386 5268 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/23 00:51:42.0418 5268 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/07/23 00:51:42.0440 5268 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/23 00:51:42.0480 5268 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/23 00:51:42.0535 5268 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/23 00:51:42.0563 5268 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/23 00:51:42.0605 5268 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/23 00:51:42.0669 5268 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/07/23 00:51:42.0726 5268 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/07/23 00:51:42.0755 5268 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/23 00:51:42.0791 5268 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2011/07/23 00:51:43.0072 5268 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/23 00:51:43.0285 5268 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/07/23 00:51:43.0313 5268 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/07/23 00:51:43.0364 5268 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/07/23 00:51:43.0398 5268 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/07/23 00:51:43.0434 5268 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/23 00:51:43.0473 5268 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/07/23 00:51:43.0490 5268 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/23 00:51:43.0541 5268 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/07/23 00:51:43.0568 5268 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/07/23 00:51:43.0592 5268 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/23 00:51:43.0612 5268 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/23 00:51:43.0639 5268 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/23 00:51:43.0750 5268 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/23 00:51:43.0773 5268 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/23 00:51:43.0824 5268 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/23 00:51:43.0869 5268 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/23 00:51:43.0909 5268 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/23 00:51:43.0937 5268 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/23 00:51:43.0960 5268 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/23 00:51:43.0991 5268 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/23 00:51:44.0015 5268 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/23 00:51:44.0047 5268 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/23 00:51:44.0067 5268 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/23 00:51:44.0105 5268 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/23 00:51:44.0130 5268 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/23 00:51:44.0158 5268 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/23 00:51:44.0198 5268 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/07/23 00:51:44.0218 5268 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/23 00:51:44.0247 5268 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/23 00:51:44.0275 5268 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/07/23 00:51:44.0319 5268 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/07/23 00:51:44.0395 5268 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/23 00:51:44.0424 5268 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/07/23 00:51:44.0515 5268 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/07/23 00:51:44.0557 5268 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/23 00:51:44.0599 5268 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/23 00:51:44.0635 5268 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/23 00:51:44.0657 5268 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/23 00:51:44.0705 5268 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/23 00:51:44.0768 5268 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/07/23 00:51:44.0853 5268 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/23 00:51:44.0924 5268 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/23 00:51:44.0943 5268 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/23 00:51:44.0995 5268 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/07/23 00:51:45.0029 5268 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/23 00:51:45.0047 5268 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/23 00:51:45.0075 5268 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/23 00:51:45.0129 5268 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/23 00:51:45.0209 5268 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
2011/07/23 00:51:45.0237 5268 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/23 00:51:45.0269 5268 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/23 00:51:45.0306 5268 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
2011/07/23 00:51:45.0349 5268 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
2011/07/23 00:51:45.0388 5268 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
2011/07/23 00:51:45.0422 5268 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/07/23 00:51:45.0453 5268 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/07/23 00:51:45.0495 5268 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/07/23 00:51:45.0538 5268 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/07/23 00:51:45.0612 5268 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/23 00:51:45.0669 5268 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/07/23 00:51:45.0702 5268 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/07/23 00:51:45.0727 5268 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/07/23 00:51:45.0825 5268 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/07/23 00:51:45.0899 5268 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/23 00:51:45.0944 5268 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/23 00:51:45.0984 5268 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/07/23 00:51:46.0005 5268 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/07/23 00:51:46.0038 5268 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/23 00:51:46.0078 5268 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/07/23 00:51:46.0148 5268 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/23 00:51:46.0209 5268 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/23 00:51:46.0256 5268 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/23 00:51:46.0290 5268 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/23 00:51:46.0323 5268 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/23 00:51:46.0368 5268 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/23 00:51:46.0410 5268 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/07/23 00:51:46.0437 5268 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/23 00:51:46.0481 5268 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
2011/07/23 00:51:46.0512 5268 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/07/23 00:51:46.0574 5268 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/23 00:51:46.0616 5268 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/07/23 00:51:46.0642 5268 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/23 00:51:46.0668 5268 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/23 00:51:46.0694 5268 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/23 00:51:46.0724 5268 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/23 00:51:46.0779 5268 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
2011/07/23 00:51:46.0803 5268 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/23 00:51:46.0826 5268 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/23 00:51:46.0848 5268 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/23 00:51:46.0878 5268 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/07/23 00:51:46.0906 5268 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/07/23 00:51:46.0933 5268 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/23 00:51:46.0964 5268 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/07/23 00:51:46.0993 5268 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/07/23 00:51:47.0022 5268 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/07/23 00:51:47.0044 5268 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/07/23 00:51:47.0090 5268 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/23 00:51:47.0137 5268 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/07/23 00:51:47.0173 5268 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/23 00:51:47.0198 5268 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/07/23 00:51:47.0251 5268 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/23 00:51:47.0303 5268 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/23 00:51:47.0320 5268 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/23 00:51:47.0365 5268 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/23 00:51:47.0398 5268 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/23 00:51:47.0470 5268 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/23 00:51:47.0491 5268 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/23 00:51:47.0572 5268 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/23 00:51:47.0631 5268 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/23 00:51:47.0680 5268 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/23 00:51:47.0741 5268 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/07/23 00:51:47.0769 5268 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/23 00:51:47.0855 5268 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/23 00:51:47.0869 5268 Boot (0x1200) (fde86bc9f39a8fb06c16fb1460c639c3) \Device\Harddisk0\DR0\Partition0
2011/07/23 00:51:47.0880 5268 ================================================================================
2011/07/23 00:51:47.0880 5268 Scan finished
2011/07/23 00:51:47.0880 5268 ================================================================================
2011/07/23 00:51:47.0895 4504 Detected object count: 0
2011/07/23 00:51:47.0896 4504 Actual detected object count: 0
__________________


Alt 23.07.2011, 11:51   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Merkwürdiges Verhalten aber keine Viren - Standard

Merkwürdiges Verhalten aber keine Viren



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
__________________

Alt 23.07.2011, 12:52   #19
Solaris
 
Merkwürdiges Verhalten aber keine Viren - Standard

Merkwürdiges Verhalten aber keine Viren



Hier ist die Log.txt:
[QUOTCombofix Logfile:
Code:
ATTFilter
ComboFix 11-07-23.01 - ******** 23.07.2011  13:35:54.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2047.1539 [GMT 2:00]
ausgeführt von:: c:\users\********\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
C:\Install.exe
c:\users\********\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
c:\users\********\AppData\Roaming\Adobe\plugs
c:\users\********\AppData\Roaming\Adobe\shed
c:\windows\IsUn0407.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\Script.vbs
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-06-23 bis 2011-07-23  ))))))))))))))))))))))))))))))
.
.
2011-07-23 11:43 . 2011-07-23 11:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-07-22 22:01 . 2011-04-22 23:25	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-07-22 22:01 . 2011-04-25 15:29	141104	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2011-07-22 22:01 . 2011-04-22 23:35	1797632	----a-w-	c:\windows\system32\jscript9.dll
2011-07-22 12:47 . 2011-07-22 12:47	--------	d-----w-	c:\programdata\Zylom
2011-07-22 12:47 . 2011-07-22 12:47	--------	d-----w-	c:\program files\Zylom Games
2011-07-22 12:47 . 2009-10-23 13:01	102400	----a-w-	c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
2011-07-22 11:08 . 2011-07-22 11:09	--------	d-----w-	c:\program files\Ask.com
2011-07-22 11:08 . 2011-07-22 11:08	--------	d-----w-	c:\users\********\AppData\Roaming\FreeHideIP
2011-07-22 11:08 . 2011-07-22 11:08	--------	d-----w-	c:\programdata\FreeHideIP
2011-07-22 11:08 . 2011-07-22 11:08	--------	d-----w-	c:\program files\FreeHideIP
2011-07-22 06:36 . 2011-07-22 06:36	--------	d-----w-	c:\program files\DsNET Corp
2011-07-22 06:31 . 2011-07-22 06:31	--------	d-----w-	c:\users\********\AppData\Roaming\DVDVideoSoft
2011-07-22 04:46 . 2011-07-22 04:46	--------	d-----w-	c:\programdata\Electronic Arts
2011-07-22 04:46 . 2011-07-22 04:46	--------	d-----w-	c:\programdata\EA Core
2011-07-22 04:43 . 2011-07-22 04:46	--------	d-----w-	c:\programdata\Solidshield
2011-07-21 15:39 . 2011-07-21 15:39	--------	d-----w-	c:\program files\ESET
2011-07-20 13:52 . 2011-07-20 13:52	--------	d-----w-	C:\Temp
2011-07-20 13:39 . 2011-06-02 05:47	136808	----a-w-	c:\windows\system32\drivers\ssadmdm.sys
2011-07-20 13:39 . 2011-06-02 05:47	12776	----a-w-	c:\windows\system32\drivers\ssadmdfl.sys
2011-07-20 13:39 . 2011-06-02 05:47	10472	----a-w-	c:\windows\system32\drivers\ssadcmnt.sys
2011-07-20 13:39 . 2011-06-02 05:47	10472	----a-w-	c:\windows\system32\drivers\ssadcm.sys
2011-07-20 13:39 . 2011-06-02 05:47	10344	----a-w-	c:\windows\system32\drivers\ssadwhnt.sys
2011-07-20 13:39 . 2011-06-02 05:47	10344	----a-w-	c:\windows\system32\drivers\ssadwh.sys
2011-07-20 13:39 . 2011-06-02 05:47	121064	----a-w-	c:\windows\system32\drivers\ssadbus.sys
2011-07-20 13:28 . 2011-07-20 13:38	--------	d-----w-	c:\users\********\AppData\Local\Samsung
2011-07-17 23:19 . 2011-07-17 23:19	--------	d-----w-	c:\program files\Veetle
2011-07-13 13:22 . 2011-06-11 02:29	2334208	----a-w-	c:\windows\system32\win32k.sys
2011-07-10 16:51 . 2007-04-30 14:29	49152	----a-w-	c:\program files\Mozilla Firefox\plugins\np32dsw.dll
2011-07-09 17:51 . 1999-10-09 15:30	305152	----a-w-	c:\windows\IsUninst.exe
2011-07-09 14:15 . 2011-07-09 14:15	--------	d-----w-	c:\users\UpdatusUser
2011-07-09 14:12 . 2011-05-25 07:24	57960	----a-w-	c:\windows\system32\OpenCL.dll
2011-07-09 14:12 . 2011-05-25 07:24	16456296	----a-w-	c:\windows\system32\nvoglv32.dll
2011-07-09 14:12 . 2011-05-25 07:24	899688	----a-w-	c:\windows\system32\nvdispco3220150.dll
2011-07-09 14:12 . 2011-05-25 07:24	865896	----a-w-	c:\windows\system32\nvgenco322090.dll
2011-07-09 14:12 . 2011-05-25 07:24	11992680	----a-w-	c:\windows\system32\nvd3dum.dll
2011-07-09 14:12 . 2011-05-25 07:24	10589800	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2011-07-09 14:12 . 2011-05-25 07:24	2804328	----a-w-	c:\windows\system32\nvcuvid.dll
2011-07-09 14:12 . 2011-05-25 07:24	5301352	----a-w-	c:\windows\system32\nvcuda.dll
2011-07-09 14:12 . 2011-05-25 07:24	2082408	----a-w-	c:\windows\system32\nvcuvenc.dll
2011-07-09 14:12 . 2011-05-25 07:24	13011560	----a-w-	c:\windows\system32\nvcompiler.dll
2011-07-09 01:40 . 2011-07-09 01:43	--------	d-----w-	c:\program files\AutoShutdownManager
2011-07-06 17:47 . 2011-07-06 17:47	--------	d-sh--w-	c:\windows\ftpcache
2011-07-05 21:30 . 2011-07-21 01:30	--------	d-----w-	c:\program files\JDownloader
2011-06-29 17:58 . 2011-06-29 17:58	--------	d-----w-	c:\users\********\AppData\Roaming\ts3overlay
2011-06-29 11:38 . 2011-05-24 10:44	293376	----a-w-	c:\windows\system32\umpnpmgr.dll
2011-06-29 11:38 . 2011-05-04 04:34	1549312	----a-w-	c:\windows\system32\tquery.dll
2011-06-29 11:38 . 2011-05-04 04:32	337408	----a-w-	c:\windows\system32\mssph.dll
2011-06-29 11:38 . 2011-05-04 04:32	1401344	----a-w-	c:\windows\system32\mssrch.dll
2011-06-29 11:38 . 2011-05-04 04:28	427520	----a-w-	c:\windows\system32\SearchIndexer.exe
2011-06-29 11:38 . 2011-05-04 04:28	164352	----a-w-	c:\windows\system32\SearchProtocolHost.exe
2011-06-29 11:38 . 2011-05-04 04:32	666624	----a-w-	c:\windows\system32\mssvp.dll
2011-06-29 11:38 . 2011-05-04 04:32	197120	----a-w-	c:\windows\system32\mssphtb.dll
2011-06-29 11:38 . 2011-05-04 04:32	59392	----a-w-	c:\windows\system32\msscntrs.dll
2011-06-29 11:38 . 2011-05-04 04:28	86528	----a-w-	c:\windows\system32\SearchFilterHost.exe
2011-06-28 16:05 . 2011-06-28 16:06	271360	----a-w-	c:\windows\system32\drivers\atksgt.sys
2011-06-28 16:05 . 2011-06-28 16:05	18048	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2011-06-27 13:08 . 2011-06-27 13:08	53248	----a-w-	c:\windows\system32\unrar.dll
2011-06-25 22:07 . 2000-08-19 17:29	268048	----a-w-	c:\windows\system32\dxtmeta2.dll
2011-06-25 21:06 . 2011-06-25 21:06	--------	d-----w-	c:\program files\Elaborate Bytes
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-22 15:51 . 2011-02-24 16:21	245632	----a-w-	c:\windows\system32\drivers\volsnap.sys
2011-07-11 19:25 . 2011-01-22 00:35	22328	----a-w-	c:\users\********\AppData\Roaming\PnkBstrK.sys
2011-07-06 17:52 . 2011-04-14 02:33	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-02 12:15 . 2010-12-30 18:42	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-07-02 12:15 . 2010-12-30 18:42	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-06-17 18:07 . 2011-05-13 20:02	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 11:19 . 2011-01-01 23:19	444952	----a-w-	c:\windows\system32\wrap_oal.dll
2011-06-16 11:19 . 2011-01-01 23:19	109080	----a-w-	c:\windows\system32\OpenAL32.dll
2011-06-08 20:29 . 2011-06-08 19:30	814041040	----a-w-	c:\program files\War_Rock_20110307_G1.exe
2011-05-25 07:24 . 2011-01-07 20:06	615528	----a-w-	c:\windows\system32\nvvsvc.exe
2011-05-25 07:24 . 2011-01-07 20:06	2557544	----a-w-	c:\windows\system32\nvsvc.dll
2011-05-25 07:24 . 2011-01-07 20:06	2560616	----a-w-	c:\windows\system32\nvsvcr.dll
2011-05-25 07:24 . 2011-01-07 20:06	66664	----a-w-	c:\windows\system32\nvshext.dll
2011-05-25 07:24 . 2011-01-07 20:06	111208	----a-w-	c:\windows\system32\nvmctray.dll
2011-05-25 07:24 . 2011-01-07 20:06	3693672	----a-w-	c:\windows\system32\nvcpl.dll
2011-05-25 07:24 . 2011-01-07 20:06	543336	----a-w-	c:\windows\system32\easyUpdatusAPIU.dll
2011-05-25 07:24 . 2009-07-13 22:09	6555240	----a-w-	c:\windows\system32\nvwgf2um.dll
2011-05-25 07:24 . 2011-07-09 14:12	12392	----a-w-	c:\windows\system32\drivers\nvBridge.kmd
2011-05-25 07:24 . 2011-03-15 13:19	2335848	----a-w-	c:\windows\system32\nvapi.dll
2011-05-20 20:35 . 2011-05-20 20:35	304744	----a-w-	c:\windows\system32\nvStreaming.exe
2011-05-06 00:23 . 2011-01-22 01:52	189480	----a-w-	c:\windows\system32\PnkBstrB.xtr
2011-05-03 04:30 . 2011-06-17 10:16	741376	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-30 05:01 . 2011-04-30 05:01	86528	----a-w-	c:\windows\system32\iesysprep.dll
2011-04-30 05:01 . 2011-04-30 05:01	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-04-30 05:01 . 2011-04-30 05:01	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-04-30 05:01 . 2011-04-30 05:01	63488	----a-w-	c:\windows\system32\tdc.ocx
2011-04-30 05:01 . 2011-04-30 05:01	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-04-30 05:01 . 2011-04-30 05:01	367104	----a-w-	c:\windows\system32\html.iec
2011-04-30 05:01 . 2011-04-30 05:01	161792	----a-w-	c:\windows\system32\msls31.dll
2011-04-30 05:01 . 2011-04-30 05:01	1126912	----a-w-	c:\windows\system32\wininet.dll
2011-04-30 05:01 . 2011-04-30 05:01	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-04-30 05:01 . 2011-04-30 05:01	74752	----a-w-	c:\windows\system32\iesetup.dll
2011-04-30 05:01 . 2011-04-30 05:01	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-04-30 05:01 . 2011-04-30 05:01	35840	----a-w-	c:\windows\system32\imgutil.dll
2011-04-30 05:01 . 2011-04-30 05:01	23552	----a-w-	c:\windows\system32\licmgr10.dll
2011-04-30 05:01 . 2011-04-30 05:01	152064	----a-w-	c:\windows\system32\wextract.exe
2011-04-30 05:01 . 2011-04-30 05:01	150528	----a-w-	c:\windows\system32\iexpress.exe
2011-04-30 05:01 . 2011-04-30 05:01	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2011-04-30 05:01 . 2011-04-30 05:01	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2011-04-30 05:01 . 2011-04-30 05:01	11776	----a-w-	c:\windows\system32\mshta.exe
2011-04-30 05:01 . 2011-04-30 05:01	101888	----a-w-	c:\windows\system32\admparse.dll
2011-04-29 13:44 . 2011-04-29 13:44	112	----a-w-	c:\users\********\AppData\Roaming\srvblck2.tmp
2011-04-29 02:46 . 2011-06-17 10:16	311808	----a-w-	c:\windows\system32\drivers\srv.sys
2011-04-29 02:46 . 2011-06-17 10:16	310272	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46 . 2011-06-17 10:16	114688	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:17 . 2011-06-17 10:16	223744	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:17 . 2011-06-17 10:16	96768	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-04-27 02:17 . 2011-06-17 10:16	123904	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 04:31 . 2011-06-17 10:16	1290624	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:18 . 2011-06-17 10:16	338944	----a-w-	c:\windows\system32\drivers\afd.sys
2011-06-16 04:32 . 2011-06-21 15:09	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44	1400712	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-06-24 941968]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-06-24 3373968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 20880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2011-6-30 2588784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"<NO NAME>"= 0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-03-05 22:23	119608	----a-w-	c:\program files\ICQ7.4\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 03:17	1174016	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-03-02 21:38	1242448	----a-w-	c:\program files\Steam\steam.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FreeCT"=c:\program files\FreeCountdownTimer\FreeCountdownTimer.exe -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-12-10 3648584]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 136808]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 XDva386;XDva386;c:\windows\system32\XDva386.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
{D8F737AD-AF9D-40ED-B1683075A1C327EA}
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Free YouTube to MP3 Converter - c:\users\********\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
Trusted Zone: infospyware.net\www
FF - ProfilePath - c:\users\********\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)
SafeBoot-97676463.sys
MSConfigStartUp-Cattree - c:\users\********\AppData\Roaming\Linktree\linklib.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-437390453-843434285-2204248341-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fa,f8,29,4f,38,01,c2,a5,e3,21,8e,49,fd,6e,cd,a3,00,ea,84,90,ea,8d,f2,
   bd,dc,a4,7d,24,03,04,e7,7e,c8,af,92,e3,ae,a6,df,6c,3a,1a,43,99,db,a1,1a,88,\
"??"=hex:fd,98,6f,a3,ce,27,fe,84,c2,c9,dc,dc,20,bb,24,ec
.
[HKEY_USERS\S-1-5-21-437390453-843434285-2204248341-1001\Software\SecuROM\License information*]
"datasecu"=hex:17,bd,98,59,d2,31,b6,4e,92,fa,27,6a,c4,f8,50,f8,9f,45,d8,0a,37,
   96,f3,1e,f8,59,96,13,85,41,e7,b5,1e,4b,fb,3f,78,7c,b3,bd,15,3d,2f,57,ae,a2,\
"rkeysecu"=hex:a0,30,19,81,11,75,c1,62,1d,81,4a,05,c3,2b,bd,97
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-07-23  13:49:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-07-23 11:49
.
Vor Suchlauf: 13 Verzeichnis(se), 406.545.145.856 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 405.983.584.256 Bytes frei
.
- - End Of File - - 405C5EA67D1B68005CDAB0AD8D05B703
         
--- --- ---
E][/QUOTE]

Alt 25.07.2011, 08:38   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Merkwürdiges Verhalten aber keine Viren - Standard

Merkwürdiges Verhalten aber keine Viren



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Alt 25.07.2011, 12:52   #21
Solaris
 
Merkwürdiges Verhalten aber keine Viren - Standard

Merkwürdiges Verhalten aber keine Viren



Ok, habe ich gemacht:

GMER:GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-07-25 13:40:24
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000066 WDC_WD50 rev.01.0
Running: gxr4ks0u.exe; Driver: C:\Users\******\AppData\Local\Temp\kxldrpog.sys


---- System - GMER 1.0.15 ----

SSDT            8E4C8B7E                                                                                                 ZwCreateSection
SSDT            8E4C8B83                                                                                                 ZwSetContextThread
SSDT            8E4C8B1F                                                                                                 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13C1                                                                            82A4A339 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                   82A83D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                      82A8AEEC 4 Bytes  [7E, 8B, 4C, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                      82A8B28C 4 Bytes  [83, 8B, 4C, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 166F                                                                      82A8B364 4 Bytes  [1F, 8B, 4C, 8E]
.reloc          C:\Windows\system32\drivers\acedrv11.sys                                                                 section is executable [0x99967300, 0x25D4C, 0xE0000060]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                   section is writeable [0x999DA300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!LdrLoadDll                                   778F22B8 5 Bytes  JMP 01361410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[940] USER32.dll!SetWindowLongA                     76148BA3 5 Bytes  JMP 5F73EDA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[940] USER32.dll!SetWindowLongW                     76154449 5 Bytes  JMP 5F73ED38 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[940] USER32.dll!GetWindowInfo                      76154B5E 5 Bytes  JMP 5F555451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[940] USER32.dll!TrackPopupMenu                     76162228 5 Bytes  JMP 5F555A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3376] ntdll.dll!DbgBreakPoint         778C40F0 3 Bytes  [8B, 40, 30] {MOV EAX, [EAX+0x30]}

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\system32\rundll32.exe[1856] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[1856] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[1856] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[1856] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[1868] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[1868] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[1868] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[1868] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000052                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
--- --- ---


Hier OSAM:
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:44:26 on 25.07.2011

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 5.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\******\AppData\Local\Temp\catchme.sys  (File not found)
"cpuz135" (cpuz135) - "CPUID" - C:\Windows\system32\drivers\cpuz135_x32.sys
"EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys  (File not found)
"EagleXNt" (EagleXNt) - ? - C:\Windows\system32\drivers\EagleXNt.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"kxldrpog" (kxldrpog) - ? - C:\Users\******\AppData\Local\Temp\kxldrpog.sys  (Hidden registry entry, rootkit activity | File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - ? - C:\Windows\system32\drivers\mbam.sys  (File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys
"SANDRA" (SANDRA) - ? - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2a\WNt500x86\Sandra.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"XDva386" (XDva386) - ? - C:\Windows\system32\XDva386.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "******ander Roshal" - C:\Program Files\WinRAR\rarext.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\System32\Macromed\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
"ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{D4027C7F-154A-4066-A1AD-4243D8127440} "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"GamersFirst LIVE!.lnk" - "GamersFirst" - C:\Program Files\GamersFirst\LIVE!\Live.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"KiesHelper" - "Samsung" - C:\Program Files\Samsung\Kies\KiesHelper.exe /s
"KiesPDLR" - ? - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
"KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"amd_dc_opt" - "AMD" - C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\netsession_win_e477fed.dll  (File found, but it contains no detailed information)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
"Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]
Zu guterletzt aswMBR:
Zitat:
aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-25 13:46:38
-----------------------------
13:46:38.696 OS Version: Windows 6.1.7601 Service Pack 1
13:46:38.697 Number of processors: 2 586 0x6B01
13:46:38.698 ComputerName: ******-PC UserName: ******
13:46:40.130 Initialize success
13:50:04.348 AVAST engine defs: 11072500
13:50:35.122 The log file has been saved successfully to "C:\Users\******\Desktop\aswMBR.txt"


Alt 25.07.2011, 13:06   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Merkwürdiges Verhalten aber keine Viren - Standard

Merkwürdiges Verhalten aber keine Viren



Das Log von aswmbr ist unvollständig! Führe das Tool bitte genau wie in der Anleitung beschrieben aus!

Alt 25.07.2011, 14:39   #23
Solaris
 
Merkwürdiges Verhalten aber keine Viren - Standard

Merkwürdiges Verhalten aber keine Viren



Ok ich hab es so gemacht wie du es gesagt hast.
Dann hat sich laut Windows unerwartet runtergefahren.
Eine Log-Datei fand ich jetzt aber nicht.

Alt 25.07.2011, 14:45   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Merkwürdiges Verhalten aber keine Viren - Standard

Merkwürdiges Verhalten aber keine Viren



Zitat:
Dann hat sich laut Windows unerwartet runtergefahren.
Hätteste du auch mal sagen können...
Führ aswmbr bitte nochmal aus

Alt 25.07.2011, 16:53   #25
Solaris
 
Merkwürdiges Verhalten aber keine Viren - Standard

Merkwürdiges Verhalten aber keine Viren



Hier ist sie:
Zitat:
aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-25 17:44:31
-----------------------------
17:44:31.666 OS Version: Windows 6.1.7601 Service Pack 1
17:44:31.666 Number of processors: 2 586 0x6B01
17:44:31.666 ComputerName: ******-PC UserName: ******
17:44:49.154 Initialize success
17:44:54.629 AVAST engine defs: 11072500
17:45:31.725 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
17:45:31.725 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
17:45:31.787 Disk 0 MBR read successfully
17:45:31.787 Disk 0 MBR scan
17:45:31.818 Disk 0 Windows 7 default MBR code
17:45:31.834 Disk 0 scanning sectors +976752000
17:45:32.021 Disk 0 scanning C:\Windows\system32\drivers
17:45:40.445 Service scanning
17:45:42.052 Modules scanning
17:45:48.526 Disk 0 trace - called modules:
17:45:48.542 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
17:45:48.557 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8587d370]
17:45:48.557 3 CLASSPNP.SYS[88a0459e] -> nt!IofCallDriver -> [0x848bbc48]
17:45:48.557 5 ACPI.sys[887a73d4] -> nt!IofCallDriver -> \Device\00000066[0x85169980]
17:45:50.164 AVAST engine scan C:\Windows
17:45:53.565 AVAST engine scan C:\Windows\system32
17:47:26.494 AVAST engine scan C:\Windows\system32\drivers
17:47:34.466 AVAST engine scan C:\Users\******
17:51:32.163 AVAST engine scan C:\ProgramData
17:52:09.135 Scan finished successfully
17:52:44.422 Disk 0 MBR has been saved successfully to "C:\Users\******\Desktop\MBR.dat"
17:52:44.422 The log file has been saved successfully to "C:\Users\******\Desktop\aswMBR.txt"


Alt 25.07.2011, 18:39   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Merkwürdiges Verhalten aber keine Viren - Standard

Merkwürdiges Verhalten aber keine Viren



Zitat:
"XDva386" (XDva386) - ? - C:\Windows\system32\XDva386.sys (File not found)
Bitte mit OSAM deaktivieren und löschen

Alt 25.07.2011, 21:13   #27
Solaris
 
Merkwürdiges Verhalten aber keine Viren - Standard

Merkwürdiges Verhalten aber keine Viren



Ok hab ich gemacht.

Alt 26.07.2011, 08:22   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Merkwürdiges Verhalten aber keine Viren - Standard

Merkwürdiges Verhalten aber keine Viren



Ok. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Alt 27.07.2011, 20:59   #29
Solaris
 
Merkwürdiges Verhalten aber keine Viren - Standard

Merkwürdiges Verhalten aber keine Viren



Ist es möglich es auf nächste Woche zu verschieben.
Ich fliege im Urlaub und bin logischerweise nicht zuhause.

Alt 28.07.2011, 10:34   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Merkwürdiges Verhalten aber keine Viren - Standard

Merkwürdiges Verhalten aber keine Viren



Ja, mach es wenn du wieder da bist. Dann mal einen erholsamen Urlaub

Antwort

Themen zu Merkwürdiges Verhalten aber keine Viren
adobe, antivir, cpu-z, desktop, error, flash player, grand theft auto, install.exe, java/exploit.cve-2010-4452.a, java/trojandownloader.agent.me, jdownloader, js/kryptik.bd, js/kryptik.bi, keine viren, malware.trace, mp3, msvcrt, nvidia update, opera, security, shell32.dll, starten, starten nicht, trojan.agent.gen, trojan.downloader, trojan.fakeav, trojaner-board, viren, win32/packed.themida



Ähnliche Themen: Merkwürdiges Verhalten aber keine Viren


  1. PC Start merkwürdiges Verhalten-geht aus an
    Plagegeister aller Art und deren Bekämpfung - 03.03.2015 (7)
  2. Merkwürdiges Verhalten (z.B. unkontrolliertes Scrollen)
    Log-Analyse und Auswertung - 19.02.2015 (8)
  3. Neue Festplatte , System neu ,merkwürdiges Verhalten ,0x80070005 Fehler
    Plagegeister aller Art und deren Bekämpfung - 01.11.2014 (6)
  4. Merkwürdiges Verhalten nach Programminstallation
    Log-Analyse und Auswertung - 21.09.2014 (9)
  5. Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung)
    Log-Analyse und Auswertung - 22.11.2013 (7)
  6. keine Symptome aber eventuell weitere Viren vorhanden?
    Log-Analyse und Auswertung - 13.11.2013 (3)
  7. Isearch AVG Toolbar, merkwürdiges Verhalten
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (5)
  8. Merkwürdiges Verhalten bei Laptop-Benutzung im Hotel - Windows Update
    Plagegeister aller Art und deren Bekämpfung - 18.05.2013 (0)
  9. Virenscanner zeigt 8 Trojaner und zig Verfolgungscookies an. Aber eigentlich keine Viren
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (3)
  10. Merkwürdiges verhalten Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 30.04.2009 (1)
  11. System Volume Information Viren, aber keine Rechte
    Plagegeister aller Art und deren Bekämpfung - 21.09.2008 (1)
  12. Merkwürdiges verhalten meines PCs
    Plagegeister aller Art und deren Bekämpfung - 17.08.2008 (2)
  13. Gefundene Viren: 6 - aber keine da ...
    Log-Analyse und Auswertung - 18.01.2008 (4)
  14. Merkwürdiges Keyboard-Verhalten + logfile
    Log-Analyse und Auswertung - 03.01.2008 (3)
  15. Merkwürdiges Verhalten von IE 6: Unerwünschte Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 07.11.2007 (4)
  16. merkwürdiges Verhalten des Browsers
    Log-Analyse und Auswertung - 24.08.2007 (10)
  17. Merkwürdiges Verhalten beim Surfen (vermutlich Hijacker) + WLAN Konfiguration
    Plagegeister aller Art und deren Bekämpfung - 16.10.2005 (1)

Zum Thema Merkwürdiges Verhalten aber keine Viren - Das glaub ich so nicht ganz, probier es bitte nochmal. - Merkwürdiges Verhalten aber keine Viren...
Archiv
Du betrachtest: Merkwürdiges Verhalten aber keine Viren auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.