| |
| |||||||
Log-Analyse und Auswertung: Merkwürdiges Verhalten aber keine VirenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.07.2011, 23:03
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Merkwürdiges Verhalten aber keine Viren Das glaub ich so nicht ganz, probier es bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.07.2011, 23:52
| #17 | |
 | Merkwürdiges Verhalten aber keine Viren Komisch, jetzt hat es auf anhieb geklappt:
__________________Zitat:
|
|
23.07.2011, 11:51
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdiges Verhalten aber keine Viren Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ |
|
23.07.2011, 12:52
| #19 |
| | Merkwürdiges Verhalten aber keine Viren Hier ist die Log.txt: [QUOTCombofix Logfile: Code:
ATTFilter ComboFix 11-07-23.01 - ******** 23.07.2011 13:35:54.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2047.1539 [GMT 2:00]
ausgeführt von:: c:\users\********\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
C:\Install.exe
c:\users\********\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
c:\users\********\AppData\Roaming\Adobe\plugs
c:\users\********\AppData\Roaming\Adobe\shed
c:\windows\IsUn0407.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\Script.vbs
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-23 bis 2011-07-23 ))))))))))))))))))))))))))))))
.
.
2011-07-23 11:43 . 2011-07-23 11:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-22 22:01 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 22:01 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-07-22 22:01 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 12:47 . 2011-07-22 12:47 -------- d-----w- c:\programdata\Zylom
2011-07-22 12:47 . 2011-07-22 12:47 -------- d-----w- c:\program files\Zylom Games
2011-07-22 12:47 . 2009-10-23 13:01 102400 ----a-w- c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
2011-07-22 11:08 . 2011-07-22 11:09 -------- d-----w- c:\program files\Ask.com
2011-07-22 11:08 . 2011-07-22 11:08 -------- d-----w- c:\users\********\AppData\Roaming\FreeHideIP
2011-07-22 11:08 . 2011-07-22 11:08 -------- d-----w- c:\programdata\FreeHideIP
2011-07-22 11:08 . 2011-07-22 11:08 -------- d-----w- c:\program files\FreeHideIP
2011-07-22 06:36 . 2011-07-22 06:36 -------- d-----w- c:\program files\DsNET Corp
2011-07-22 06:31 . 2011-07-22 06:31 -------- d-----w- c:\users\********\AppData\Roaming\DVDVideoSoft
2011-07-22 04:46 . 2011-07-22 04:46 -------- d-----w- c:\programdata\Electronic Arts
2011-07-22 04:46 . 2011-07-22 04:46 -------- d-----w- c:\programdata\EA Core
2011-07-22 04:43 . 2011-07-22 04:46 -------- d-----w- c:\programdata\Solidshield
2011-07-21 15:39 . 2011-07-21 15:39 -------- d-----w- c:\program files\ESET
2011-07-20 13:52 . 2011-07-20 13:52 -------- d-----w- C:\Temp
2011-07-20 13:39 . 2011-06-02 05:47 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-07-20 13:39 . 2011-06-02 05:47 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-07-20 13:39 . 2011-06-02 05:47 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-07-20 13:39 . 2011-06-02 05:47 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-07-20 13:39 . 2011-06-02 05:47 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-07-20 13:39 . 2011-06-02 05:47 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2011-07-20 13:39 . 2011-06-02 05:47 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-07-20 13:28 . 2011-07-20 13:38 -------- d-----w- c:\users\********\AppData\Local\Samsung
2011-07-17 23:19 . 2011-07-17 23:19 -------- d-----w- c:\program files\Veetle
2011-07-13 13:22 . 2011-06-11 02:29 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-07-10 16:51 . 2007-04-30 14:29 49152 ----a-w- c:\program files\Mozilla Firefox\plugins\np32dsw.dll
2011-07-09 17:51 . 1999-10-09 15:30 305152 ----a-w- c:\windows\IsUninst.exe
2011-07-09 14:15 . 2011-07-09 14:15 -------- d-----w- c:\users\UpdatusUser
2011-07-09 14:12 . 2011-05-25 07:24 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-09 14:12 . 2011-05-25 07:24 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-07-09 14:12 . 2011-05-25 07:24 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-07-09 14:12 . 2011-05-25 07:24 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-07-09 14:12 . 2011-05-25 07:24 11992680 ----a-w- c:\windows\system32\nvd3dum.dll
2011-07-09 14:12 . 2011-05-25 07:24 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-07-09 14:12 . 2011-05-25 07:24 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-07-09 14:12 . 2011-05-25 07:24 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-07-09 14:12 . 2011-05-25 07:24 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-07-09 14:12 . 2011-05-25 07:24 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-07-09 01:40 . 2011-07-09 01:43 -------- d-----w- c:\program files\AutoShutdownManager
2011-07-06 17:47 . 2011-07-06 17:47 -------- d-sh--w- c:\windows\ftpcache
2011-07-05 21:30 . 2011-07-21 01:30 -------- d-----w- c:\program files\JDownloader
2011-06-29 17:58 . 2011-06-29 17:58 -------- d-----w- c:\users\********\AppData\Roaming\ts3overlay
2011-06-29 11:38 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 11:38 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 11:38 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 11:38 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 11:38 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 11:38 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 11:38 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 11:38 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 11:38 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 11:38 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-28 16:05 . 2011-06-28 16:06 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-06-28 16:05 . 2011-06-28 16:05 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-06-27 13:08 . 2011-06-27 13:08 53248 ----a-w- c:\windows\system32\unrar.dll
2011-06-25 22:07 . 2000-08-19 17:29 268048 ----a-w- c:\windows\system32\dxtmeta2.dll
2011-06-25 21:06 . 2011-06-25 21:06 -------- d-----w- c:\program files\Elaborate Bytes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-22 15:51 . 2011-02-24 16:21 245632 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-07-11 19:25 . 2011-01-22 00:35 22328 ----a-w- c:\users\********\AppData\Roaming\PnkBstrK.sys
2011-07-06 17:52 . 2011-04-14 02:33 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-02 12:15 . 2010-12-30 18:42 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-02 12:15 . 2010-12-30 18:42 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-17 18:07 . 2011-05-13 20:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 11:19 . 2011-01-01 23:19 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-06-16 11:19 . 2011-01-01 23:19 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-08 20:29 . 2011-06-08 19:30 814041040 ----a-w- c:\program files\War_Rock_20110307_G1.exe
2011-05-25 07:24 . 2011-01-07 20:06 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 07:24 . 2011-01-07 20:06 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-05-25 07:24 . 2011-01-07 20:06 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-05-25 07:24 . 2011-01-07 20:06 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 07:24 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 07:24 . 2011-01-07 20:06 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 07:24 . 2011-01-07 20:06 543336 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-05-25 07:24 . 2009-07-13 22:09 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-05-25 07:24 . 2011-07-09 14:12 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-25 07:24 . 2011-03-15 13:19 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-05-20 20:35 . 2011-05-20 20:35 304744 ----a-w- c:\windows\system32\nvStreaming.exe
2011-05-06 00:23 . 2011-01-22 01:52 189480 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-05-03 04:30 . 2011-06-17 10:16 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-30 05:01 . 2011-04-30 05:01 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-30 05:01 . 2011-04-30 05:01 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-30 05:01 . 2011-04-30 05:01 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-30 05:01 . 2011-04-30 05:01 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-30 05:01 . 2011-04-30 05:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-30 05:01 . 2011-04-30 05:01 367104 ----a-w- c:\windows\system32\html.iec
2011-04-30 05:01 . 2011-04-30 05:01 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-30 05:01 . 2011-04-30 05:01 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-30 05:01 . 2011-04-30 05:01 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-30 05:01 . 2011-04-30 05:01 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-30 05:01 . 2011-04-30 05:01 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-30 05:01 . 2011-04-30 05:01 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-30 05:01 . 2011-04-30 05:01 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-30 05:01 . 2011-04-30 05:01 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-30 05:01 . 2011-04-30 05:01 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-30 05:01 . 2011-04-30 05:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-30 05:01 . 2011-04-30 05:01 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-30 05:01 . 2011-04-30 05:01 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-30 05:01 . 2011-04-30 05:01 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-29 13:44 . 2011-04-29 13:44 112 ----a-w- c:\users\********\AppData\Roaming\srvblck2.tmp
2011-04-29 02:46 . 2011-06-17 10:16 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:46 . 2011-06-17 10:16 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46 . 2011-06-17 10:16 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:17 . 2011-06-17 10:16 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:17 . 2011-06-17 10:16 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-27 02:17 . 2011-06-17 10:16 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 04:31 . 2011-06-17 10:16 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:18 . 2011-06-17 10:16 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 04:32 . 2011-06-21 15:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-06-24 941968]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-06-24 3373968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 20880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2011-6-30 2588784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"<NO NAME>"= 0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-03-05 22:23 119608 ----a-w- c:\program files\ICQ7.4\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 03:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-03-02 21:38 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FreeCT"=c:\program files\FreeCountdownTimer\FreeCountdownTimer.exe -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-12-10 3648584]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 136808]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 XDva386;XDva386;c:\windows\system32\XDva386.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
{D8F737AD-AF9D-40ED-B1683075A1C327EA}
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Free YouTube to MP3 Converter - c:\users\********\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
Trusted Zone: infospyware.net\www
FF - ProfilePath - c:\users\********\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)
SafeBoot-97676463.sys
MSConfigStartUp-Cattree - c:\users\********\AppData\Roaming\Linktree\linklib.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-437390453-843434285-2204248341-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fa,f8,29,4f,38,01,c2,a5,e3,21,8e,49,fd,6e,cd,a3,00,ea,84,90,ea,8d,f2,
bd,dc,a4,7d,24,03,04,e7,7e,c8,af,92,e3,ae,a6,df,6c,3a,1a,43,99,db,a1,1a,88,\
"??"=hex:fd,98,6f,a3,ce,27,fe,84,c2,c9,dc,dc,20,bb,24,ec
.
[HKEY_USERS\S-1-5-21-437390453-843434285-2204248341-1001\Software\SecuROM\License information*]
"datasecu"=hex:17,bd,98,59,d2,31,b6,4e,92,fa,27,6a,c4,f8,50,f8,9f,45,d8,0a,37,
96,f3,1e,f8,59,96,13,85,41,e7,b5,1e,4b,fb,3f,78,7c,b3,bd,15,3d,2f,57,ae,a2,\
"rkeysecu"=hex:a0,30,19,81,11,75,c1,62,1d,81,4a,05,c3,2b,bd,97
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-07-23 13:49:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-07-23 11:49
.
Vor Suchlauf: 13 Verzeichnis(se), 406.545.145.856 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 405.983.584.256 Bytes frei
.
- - End Of File - - 405C5EA67D1B68005CDAB0AD8D05B703
E][/QUOTE] |
|
25.07.2011, 08:38
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdiges Verhalten aber keine Viren Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.07.2011, 12:52
| #21 | |
| | Merkwürdiges Verhalten aber keine Viren Ok, habe ich gemacht: GMER:GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-07-25 13:40:24
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000066 WDC_WD50 rev.01.0
Running: gxr4ks0u.exe; Driver: C:\Users\******\AppData\Local\Temp\kxldrpog.sys
---- System - GMER 1.0.15 ----
SSDT 8E4C8B7E ZwCreateSection
SSDT 8E4C8B83 ZwSetContextThread
SSDT 8E4C8B1F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 82A4A339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A83D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82A8AEEC 4 Bytes [7E, 8B, 4C, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82A8B28C 4 Bytes [83, 8B, 4C, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82A8B364 4 Bytes [1F, 8B, 4C, 8E]
.reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0x99967300, 0x25D4C, 0xE0000060]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x999DA300, 0x1B7E, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[240] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 01361410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[940] USER32.dll!SetWindowLongA 76148BA3 5 Bytes JMP 5F73EDA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[940] USER32.dll!SetWindowLongW 76154449 5 Bytes JMP 5F73ED38 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[940] USER32.dll!GetWindowInfo 76154B5E 5 Bytes JMP 5F555451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[940] USER32.dll!TrackPopupMenu 76162228 5 Bytes JMP 5F555A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3376] ntdll.dll!DbgBreakPoint 778C40F0 3 Bytes [8B, 40, 30] {MOV EAX, [EAX+0x30]}
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\rundll32.exe[1856] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1856] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1856] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1856] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1868] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1868] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1868] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1868] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7596FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Hier OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 13:44:26 on 25.07.2011 OS: Windows 7 Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 5.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\******\AppData\Local\Temp\catchme.sys (File not found) "cpuz135" (cpuz135) - "CPUID" - C:\Windows\system32\drivers\cpuz135_x32.sys "EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys (File not found) "EagleXNt" (EagleXNt) - ? - C:\Windows\system32\drivers\EagleXNt.sys (File not found) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "kxldrpog" (kxldrpog) - ? - C:\Users\******\AppData\Local\Temp\kxldrpog.sys (Hidden registry entry, rootkit activity | File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "MBAMProtector" (MBAMProtector) - ? - C:\Windows\system32\drivers\mbam.sys (File not found) "MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys "SANDRA" (SANDRA) - ? - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2a\WNt500x86\Sandra.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "XDva386" (XDva386) - ? - C:\Windows\system32\XDva386.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "******ander Roshal" - C:\Program Files\WinRAR\rarext.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\System32\Macromed\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll "ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll {8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {D4027C7F-154A-4066-A1AD-4243D8127440} "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll {d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll {593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "GamersFirst LIVE!.lnk" - "GamersFirst" - C:\Program Files\GamersFirst\LIVE!\Live.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "KiesHelper" - "Samsung" - C:\Program Files\Samsung\Kies\KiesHelper.exe /s "KiesPDLR" - ? - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe "KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "amd_dc_opt" - "AMD" - C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\netsession_win_e477fed.dll (File found, but it contains no detailed information) "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des "NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe "Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE] Zu guterletzt aswMBR: Zitat:
|
|
25.07.2011, 13:06
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdiges Verhalten aber keine Viren Das Log von aswmbr ist unvollständig! Führe das Tool bitte genau wie in der Anleitung beschrieben aus!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.07.2011, 14:39
| #23 |
| | Merkwürdiges Verhalten aber keine Viren Ok ich hab es so gemacht wie du es gesagt hast. Dann hat sich laut Windows unerwartet runtergefahren. Eine Log-Datei fand ich jetzt aber nicht. |
|
25.07.2011, 14:45
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdiges Verhalten aber keine VirenZitat:
Führ aswmbr bitte nochmal aus
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.07.2011, 16:53
| #25 | |
| | Merkwürdiges Verhalten aber keine Viren Hier ist sie: Zitat:
|
|
25.07.2011, 21:13
| #27 |
| | Merkwürdiges Verhalten aber keine Viren Ok hab ich gemacht. |
|
26.07.2011, 08:22
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdiges Verhalten aber keine Viren Ok. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2011, 20:59
| #29 |
| | Merkwürdiges Verhalten aber keine Viren Ist es möglich es auf nächste Woche zu verschieben. Ich fliege im Urlaub und bin logischerweise nicht zuhause. |
|
28.07.2011, 10:34
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdiges Verhalten aber keine Viren Ja, mach es wenn du wieder da bist. Dann mal einen erholsamen Urlaub  
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Merkwürdiges Verhalten aber keine Viren |
| adobe, antivir, cpu-z, desktop, error, flash player, grand theft auto, install.exe, java/exploit.cve-2010-4452.a, java/trojandownloader.agent.me, jdownloader, js/kryptik.bd, js/kryptik.bi, keine viren, malware.trace, mp3, msvcrt, nvidia update, opera, security, shell32.dll, starten, starten nicht, trojan.agent.gen, trojan.downloader, trojan.fakeav, trojaner-board, viren, win32/packed.themida |
Linear-Darstellung
