Anwendungen beenden sich von selbst

cosinus · 12.05.2011, 19:40

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

dr.hardcore · 12.05.2011, 20:00

Hier der Log:
Combofix Logfile:

Code:

ATTFilter

ComboFix 11-05-11.04 - Josh 12.05.2011  20:50:38.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1033.18.4095.2606 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-12 bis 2011-05-12  ))))))))))))))))))))))))))))))
.
.
2011-05-12 18:54 . 2011-05-12 18:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-11 12:52 . 2011-05-11 12:53	--------	d-----w-	c:\program files (x86)\ERUNT
2011-05-10 19:22 . 2011-05-10 19:22	--------	d-----w-	c:\program files (x86)\PHYWE
2011-05-10 14:31 . 2011-05-10 14:31	--------	d-----w-	c:\program files (x86)\RegistryFix8
2011-05-10 13:54 . 2011-05-10 13:54	--------	d-----w-	c:\users\***\AppData\Roaming\Avira
2011-05-10 13:24 . 2010-08-12 09:46	758272	----a-w-	c:\windows\system32\cohelper.dll
2011-05-10 13:24 . 2010-08-09 20:33	11164	----a-w-	c:\windows\system32\drivers\nvphy.bin
2011-05-10 12:26 . 2011-04-11 08:21	8802128	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D17EB876-89C2-4AF7-9C88-0D7FCBCE8BA7}\mpengine.dll
2011-05-08 15:08 . 2011-05-08 15:08	--------	d-----w-	c:\users\***\AppData\Local\{503C87F5-EE69-4CBA-BADE-D1DB31802093}
2011-05-07 09:18 . 2011-05-07 09:18	151552	----a-w-	c:\windows\SysWow64\nvRegDev.dll
2011-05-07 09:18 . 2003-11-10 16:14	729088	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-05-07 09:18 . 2003-11-10 16:13	69715	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-05-07 09:18 . 2003-11-10 16:12	266240	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-05-07 09:18 . 2003-11-10 16:12	192512	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-05-07 09:18 . 2003-11-10 16:11	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-05-07 09:18 . 2011-05-07 09:18	311428	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-05-07 09:18 . 2011-05-07 09:18	188548	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-05-07 09:06 . 2011-05-07 09:06	--------	d-----w-	c:\users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-05-07 09:06 . 2011-05-07 09:06	--------	d-----w-	c:\program files (x86)\Adobe Download Assistant
2011-05-07 09:06 . 2011-05-07 09:06	--------	d-----w-	c:\program files (x86)\Common Files\Adobe AIR
2011-05-07 09:05 . 2011-05-07 09:05	--------	d-----w-	c:\users\***\AppData\Local\{C982C60A-EA1C-4F1E-B691-CFD2A4BB9986}
2011-05-06 18:27 . 2011-05-06 18:27	--------	d-----w-	c:\users\***\AppData\Local\{F6D99480-AE37-42B1-BF99-DDF95D6792CB}
2011-05-06 14:03 . 2011-05-12 18:48	--------	d-----w-	c:\users\***\AppData\Local\ESL Wire Game Client
2011-05-06 14:02 . 2011-04-14 10:43	179616	----a-w-	c:\windows\system32\drivers\ESLWireACD.sys
2011-05-06 14:01 . 2011-04-18 10:11	25528	----a-w-	c:\windows\system32\drivers\ESLvnic.sys
2011-05-06 14:01 . 2011-05-10 13:06	--------	d-----w-	c:\program files\EslWire
2011-05-06 14:01 . 2011-05-06 14:01	--------	d-----w-	c:\programdata\ESL Wire
2011-05-04 16:37 . 2011-05-04 17:44	--------	d-----w-	c:\users\***\AppData\Roaming\TeamViewer
2011-05-03 18:06 . 2011-05-03 18:14	--------	d-----w-	c:\programdata\PopCap Games
2011-05-03 18:06 . 2011-05-03 18:06	--------	d-----w-	c:\programdata\Steam
2011-04-28 20:41 . 2011-04-28 20:41	--------	d-----w-	c:\users\***\AppData\Roaming\dvdcss
2011-04-27 11:14 . 2011-05-10 17:09	--------	d-----w-	c:\users\UpdatusUser
2011-04-27 10:58 . 2011-04-27 10:58	--------	d-----w-	c:\users\***\AppData\Roaming\SystemRequirementsLab
2011-04-26 20:01 . 2011-04-26 20:01	--------	d-----w-	c:\users\***\AppData\Local\PunkBuster
2011-04-21 10:46 . 2011-04-21 10:46	--------	d-----w-	c:\users\***\AppData\Local\kaneandlynch
2011-04-21 09:45 . 2011-04-21 09:45	--------	d-----w-	c:\users\***\AppData\Roaming\Beat Hazard
2011-04-18 21:43 . 2011-04-18 21:43	--------	d-----w-	c:\users\***\AppData\Local\Fallout3
2011-04-18 21:19 . 2011-04-18 21:19	331908	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-04-18 21:19 . 2011-04-18 21:19	200836	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-04-18 21:19 . 2005-04-03 21:02	753664	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-04-18 21:19 . 2005-04-03 21:02	69714	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-04-18 21:19 . 2005-04-03 21:01	274432	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-04-18 21:19 . 2005-04-03 21:00	184320	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-04-18 21:19 . 2005-04-03 21:00	63488	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-04-18 21:19 . 2005-04-03 20:59	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-04-17 12:20 . 2011-04-17 12:20	--------	d-----w-	c:\programdata\TrackMania
2011-04-16 12:36 . 2011-04-28 20:41	--------	d-----w-	c:\users\***\AppData\Roaming\vlc
2011-04-16 12:35 . 2011-04-16 12:35	--------	d-----w-	c:\program files (x86)\VideoLAN
2011-04-16 11:11 . 2011-04-16 11:11	--------	d-----w-	c:\program files (x86)\devolo
2011-04-13 17:41 . 2011-04-13 17:41	--------	d-----w-	c:\program files (x86)\Sony
2011-04-13 16:53 . 2011-03-11 06:34	1359872	----a-w-	c:\windows\system32\mfc42u.dll
2011-04-13 16:53 . 2011-03-11 06:34	1395712	----a-w-	c:\windows\system32\mfc42.dll
2011-04-13 16:53 . 2011-03-11 05:33	1164288	----a-w-	c:\windows\SysWow64\mfc42u.dll
2011-04-13 16:53 . 2011-03-11 05:33	1137664	----a-w-	c:\windows\SysWow64\mfc42.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-12 11:01 . 2011-04-12 11:01	52632	----a-w-	c:\windows\system32\drivers\dc3d.sys
2011-04-12 11:01 . 2011-04-12 11:01	1721576	----a-w-	c:\windows\system32\WdfCoInstaller01009.dll
2011-04-09 16:55 . 2011-04-09 16:55	15453336	----a-w-	c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55	13642904	----a-w-	c:\windows\SysWow64\xlivefnt.dll
2011-04-08 21:00 . 2011-04-08 21:00	465920	----a-w-	c:\windows\system32\itpcoin815.dll
2011-04-08 21:00 . 2011-04-08 21:00	464896	----a-w-	c:\windows\system32\ipcoin815.dll
2011-04-08 05:14 . 2011-03-10 12:18	6299752	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2011-04-08 05:14 . 2011-03-10 12:18	12934248	----a-w-	c:\windows\system32\nvd3dumx.dll
2011-04-08 05:14 . 2010-07-20 06:27	8411752	----a-w-	c:\windows\system32\nvwgf2umx.dll
2011-04-08 05:14 . 2010-07-20 06:27	2273896	----a-w-	c:\windows\system32\nvapi64.dll
2011-04-08 05:14 . 2010-07-20 06:27	2034280	----a-w-	c:\windows\SysWow64\nvapi.dll
2011-04-08 05:14 . 2010-07-20 06:27	10071656	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2011-04-07 21:19 . 2011-04-07 21:19	2582120	----a-w-	c:\windows\system32\nvsvcr.dll
2011-04-07 21:19 . 2011-04-07 21:19	117864	----a-w-	c:\windows\system32\nvmctray.dll
2011-04-07 21:19 . 2011-04-07 21:19	1012328	----a-w-	c:\windows\system32\nvvsvc.exe
2011-04-07 21:19 . 2011-04-07 21:19	797288	----a-w-	c:\windows\system32\easyUpdatusAPIU64.dll
2011-04-07 21:19 . 2011-04-07 21:19	6338152	----a-w-	c:\windows\system32\nvcpl.dll
2011-04-07 21:18 . 2011-04-07 21:18	3041384	----a-w-	c:\windows\system32\nvsvc64.dll
2011-04-07 15:32 . 2011-04-02 20:22	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2011-04-07 15:32 . 2011-04-02 20:22	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2011-04-07 15:32 . 2011-04-02 20:22	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2011-04-07 15:32 . 2011-04-02 20:22	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2011-03-22 15:51 . 2011-03-22 15:51	189248	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2011-03-22 15:51 . 2011-03-22 15:51	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2011-03-21 19:26 . 2011-03-21 19:26	254528	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-21 09:06 . 2011-03-21 09:06	737280	----a-w-	c:\windows\iun6002.exe
2011-03-19 17:34 . 2011-03-19 17:34	9	----a-w-	c:\users\***\AppData\Roaming\sjh4fgl24_Z4[j5-1]vk-w.tmp
2011-03-11 08:23 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-03-11 08:23 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-03-11 08:03 . 2009-08-18 10:24	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-10 11:00 . 2011-03-10 11:00	368640	----a-w-	c:\windows\SysWow64\ReWire.dll
2011-03-10 11:00 . 2011-03-10 11:00	233472	----a-w-	c:\windows\SysWow64\REX Shared Library.dll
2011-03-09 10:32 . 2011-03-09 10:32	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2011-02-24 17:21 . 2011-03-09 14:05	2753512	----a-w-	c:\windows\system32\drivers\RTKVHD64.sys
2011-02-22 14:52 . 2011-03-09 14:04	2075712	----a-w-	c:\windows\system32\FMAPO64.dll
2011-02-22 10:16 . 2011-03-09 14:05	2369128	----a-w-	c:\windows\system32\RtPgEx64.dll
2011-02-18 09:49 . 2011-03-08 21:05	2839656	----a-w-	c:\windows\system32\RtkAPO64.dll
2011-02-17 13:03 . 2011-03-09 14:04	648296	----a-w-	c:\windows\system32\RtkApi64.dll
2011-02-16 12:11 . 2011-03-09 14:04	84072	----a-w-	c:\windows\system32\RCoInst64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2010-07-15 2158592]
"ESL Wire"="c:\program files\EslWire\wire.exe" [2011-05-09 4020224]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"TrayServer"="c:\program files (x86)\MAGIX\Video_deluxe_17_Download-Version\TrayServer.exe" [2008-08-07 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [x]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2008-11-28 34048]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-12-14 2019648]
S3 ALSysIO;ALSysIO;c:\users\Josh\AppData\Local\Temp\ALSysIO64.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3005876921-2081498579-3243624207-1001Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-21 06:43]
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3005876921-2081498579-3243624207-1001UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-21 06:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 2314120]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/sk27211/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Josh\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\rv3mevtg.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - google.de|facebook.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=sk27211&tb_ver=1.1.9&q=
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3005876921-2081498579-3243624207-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3005876921-2081498579-3243624207-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*H*a*l*f*ZÝÄv\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3005876921-2081498579-3243624207-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3005876921-2081498579-3243624207-1001\Software\SecuROM\License information*]
"datasecu"=hex:74,63,f4,2e,10,48,33,82,a3,62,fe,15,cd,1f,56,29,a3,ca,82,8c,fa,
   a2,2e,b2,a1,6e,b2,94,48,3d,71,59,1a,00,a9,98,22,4e,42,41,a2,fb,c3,8e,4b,3b,\
"rkeysecu"=hex:c5,c8,0e,fe,d5,87,3e,63,08,0d,93,ed,0d,59,e1,b4
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-12  20:56:34
ComboFix-quarantined-files.txt  2011-05-12 18:56
.
Vor Suchlauf: 13.308.899.328 bytes free
Nach Suchlauf: 12.945.108.992 bytes free
.
- - End Of File - - FA8BBCF2D22D0A2EF6964AF2D5C5A494

--- --- ---

cosinus · 13.05.2011, 15:42

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

File::
c:\windows\system32\drivers\rdvgkmd.sys

Driver::
VGPU

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

dr.hardcore · 13.05.2011, 16:09

Ok

hier der Log :
Combofix Logfile:

Code:

ATTFilter

ComboFix 11-05-12.03 - Josh 13.05.2011  16:51:31.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1033.18.4095.2585 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Josh\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\system32\drivers\rdvgkmd.sys"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_VGPU
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-13 bis 2011-05-13  ))))))))))))))))))))))))))))))
.
.
2011-05-13 14:55 . 2011-05-13 14:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-13 14:55 . 2011-05-13 14:55	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2011-05-13 12:06 . 2011-04-11 08:21	8802128	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9621BF18-EDAA-40B4-BBE9-2EC38C0239DB}\mpengine.dll
2011-05-12 15:15 . 2011-05-12 15:15	--------	d-----w-	C:\_OTL
2011-05-11 18:28 . 2011-05-11 18:28	--------	d-----w-	c:\programdata\Skype Extras
2011-05-11 18:27 . 2011-05-11 18:27	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2011-05-11 17:57 . 2011-05-11 17:57	--------	d-----w-	c:\users\***\AppData\Local\{00E62752-7122-4ED3-B138-BD6D86DA661C}
2011-05-11 17:14 . 2011-04-09 07:02	5562240	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-05-11 17:14 . 2011-04-09 06:02	3967872	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 17:14 . 2011-04-09 06:02	3912576	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 12:52 . 2011-05-11 12:53	--------	d-----w-	c:\program files (x86)\ERUNT
2011-05-10 19:22 . 2011-05-10 19:22	--------	d-----w-	c:\program files (x86)\PHYWE
2011-05-10 14:31 . 2011-05-10 14:31	--------	d-----w-	c:\program files (x86)\RegistryFix8
2011-05-10 13:54 . 2011-05-10 13:54	--------	d-----w-	c:\users\***\AppData\Roaming\Avira
2011-05-10 13:24 . 2010-08-12 09:46	758272	----a-w-	c:\windows\system32\cohelper.dll
2011-05-10 13:24 . 2010-08-09 20:33	11164	----a-w-	c:\windows\system32\drivers\nvphy.bin
2011-05-08 15:08 . 2011-05-08 15:08	--------	d-----w-	c:\users\***\AppData\Local\{503C87F5-EE69-4CBA-BADE-D1DB31802093}
2011-05-07 09:18 . 2011-05-07 09:18	151552	----a-w-	c:\windows\SysWow64\nvRegDev.dll
2011-05-07 09:18 . 2003-11-10 16:14	729088	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-05-07 09:18 . 2003-11-10 16:13	69715	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-05-07 09:18 . 2003-11-10 16:12	266240	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-05-07 09:18 . 2003-11-10 16:12	192512	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-05-07 09:18 . 2003-11-10 16:11	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-05-07 09:18 . 2011-05-07 09:18	311428	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-05-07 09:18 . 2011-05-07 09:18	188548	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-05-07 09:06 . 2011-05-07 09:06	--------	d-----w-	c:\users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-05-07 09:06 . 2011-05-07 09:06	--------	d-----w-	c:\program files (x86)\Adobe Download Assistant
2011-05-07 09:06 . 2011-05-07 09:06	--------	d-----w-	c:\program files (x86)\Common Files\Adobe AIR
2011-05-07 09:05 . 2011-05-07 09:05	--------	d-----w-	c:\users\***\AppData\Local\{C982C60A-EA1C-4F1E-B691-CFD2A4BB9986}
2011-05-06 18:27 . 2011-05-06 18:27	--------	d-----w-	c:\users\***\AppData\Local\{F6D99480-AE37-42B1-BF99-DDF95D6792CB}
2011-05-06 14:03 . 2011-05-13 14:47	--------	d-----w-	c:\users\***\AppData\Local\ESL Wire Game Client
2011-05-06 14:02 . 2011-04-14 10:43	179616	----a-w-	c:\windows\system32\drivers\ESLWireACD.sys
2011-05-06 14:01 . 2011-04-18 10:11	25528	----a-w-	c:\windows\system32\drivers\ESLvnic.sys
2011-05-06 14:01 . 2011-05-10 13:06	--------	d-----w-	c:\program files\EslWire
2011-05-06 14:01 . 2011-05-06 14:01	--------	d-----w-	c:\programdata\ESL Wire
2011-05-04 16:37 . 2011-05-04 17:44	--------	d-----w-	c:\users\***\AppData\Roaming\TeamViewer
2011-05-03 18:06 . 2011-05-03 18:14	--------	d-----w-	c:\programdata\PopCap Games
2011-05-03 18:06 . 2011-05-03 18:06	--------	d-----w-	c:\programdata\Steam
2011-04-28 20:41 . 2011-04-28 20:41	--------	d-----w-	c:\users\***\AppData\Roaming\dvdcss
2011-04-27 11:14 . 2011-05-10 17:09	--------	d-----w-	c:\users\UpdatusUser
2011-04-27 10:58 . 2011-04-27 10:58	--------	d-----w-	c:\users\***\AppData\Roaming\SystemRequirementsLab
2011-04-26 20:01 . 2011-04-26 20:01	--------	d-----w-	c:\users\***\AppData\Local\PunkBuster
2011-04-21 10:46 . 2011-04-21 10:46	--------	d-----w-	c:\users\***\AppData\Local\kaneandlynch
2011-04-21 09:45 . 2011-04-21 09:45	--------	d-----w-	c:\users\***\AppData\Roaming\Beat Hazard
2011-04-18 21:43 . 2011-04-18 21:43	--------	d-----w-	c:\users\***\AppData\Local\Fallout3
2011-04-18 21:19 . 2011-04-18 21:19	331908	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-04-18 21:19 . 2011-04-18 21:19	200836	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-04-18 21:19 . 2005-04-03 21:02	753664	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-04-18 21:19 . 2005-04-03 21:02	69714	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-04-18 21:19 . 2005-04-03 21:01	274432	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-04-18 21:19 . 2005-04-03 21:00	184320	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-04-18 21:19 . 2005-04-03 21:00	63488	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-04-18 21:19 . 2005-04-03 20:59	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-04-17 12:20 . 2011-04-17 12:20	--------	d-----w-	c:\programdata\TrackMania
2011-04-16 12:36 . 2011-04-28 20:41	--------	d-----w-	c:\users\***\AppData\Roaming\vlc
2011-04-16 12:35 . 2011-04-16 12:35	--------	d-----w-	c:\program files (x86)\VideoLAN
2011-04-16 11:11 . 2011-04-16 11:11	--------	d-----w-	c:\program files (x86)\devolo
2011-04-13 17:41 . 2011-04-13 17:41	--------	d-----w-	c:\program files (x86)\Sony
2011-04-13 16:53 . 2011-03-11 06:34	1359872	----a-w-	c:\windows\system32\mfc42u.dll
2011-04-13 16:53 . 2011-03-11 06:34	1395712	----a-w-	c:\windows\system32\mfc42.dll
2011-04-13 16:53 . 2011-03-11 05:33	1164288	----a-w-	c:\windows\SysWow64\mfc42u.dll
2011-04-13 16:53 . 2011-03-11 05:33	1137664	----a-w-	c:\windows\SysWow64\mfc42.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-12 11:01 . 2011-04-12 11:01	52632	----a-w-	c:\windows\system32\drivers\dc3d.sys
2011-04-12 11:01 . 2011-04-12 11:01	1721576	----a-w-	c:\windows\system32\WdfCoInstaller01009.dll
2011-04-09 16:55 . 2011-04-09 16:55	15453336	----a-w-	c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55	13642904	----a-w-	c:\windows\SysWow64\xlivefnt.dll
2011-04-08 21:00 . 2011-04-08 21:00	465920	----a-w-	c:\windows\system32\itpcoin815.dll
2011-04-08 21:00 . 2011-04-08 21:00	464896	----a-w-	c:\windows\system32\ipcoin815.dll
2011-04-08 05:14 . 2011-03-10 12:18	6299752	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2011-04-08 05:14 . 2011-03-10 12:18	12934248	----a-w-	c:\windows\system32\nvd3dumx.dll
2011-04-08 05:14 . 2010-07-20 06:27	8411752	----a-w-	c:\windows\system32\nvwgf2umx.dll
2011-04-08 05:14 . 2010-07-20 06:27	2273896	----a-w-	c:\windows\system32\nvapi64.dll
2011-04-08 05:14 . 2010-07-20 06:27	2034280	----a-w-	c:\windows\SysWow64\nvapi.dll
2011-04-08 05:14 . 2010-07-20 06:27	10071656	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2011-04-07 21:19 . 2011-04-07 21:19	2582120	----a-w-	c:\windows\system32\nvsvcr.dll
2011-04-07 21:19 . 2011-04-07 21:19	117864	----a-w-	c:\windows\system32\nvmctray.dll
2011-04-07 21:19 . 2011-04-07 21:19	1012328	----a-w-	c:\windows\system32\nvvsvc.exe
2011-04-07 21:19 . 2011-04-07 21:19	797288	----a-w-	c:\windows\system32\easyUpdatusAPIU64.dll
2011-04-07 21:19 . 2011-04-07 21:19	6338152	----a-w-	c:\windows\system32\nvcpl.dll
2011-04-07 21:18 . 2011-04-07 21:18	3041384	----a-w-	c:\windows\system32\nvsvc64.dll
2011-04-07 15:32 . 2011-04-02 20:22	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2011-04-07 15:32 . 2011-04-02 20:22	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2011-04-07 15:32 . 2011-04-02 20:22	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2011-04-07 15:32 . 2011-04-02 20:22	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2011-03-22 15:51 . 2011-03-22 15:51	189248	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2011-03-22 15:51 . 2011-03-22 15:51	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2011-03-21 19:26 . 2011-03-21 19:26	254528	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-21 09:06 . 2011-03-21 09:06	737280	----a-w-	c:\windows\iun6002.exe
2011-03-19 17:34 . 2011-03-19 17:34	9	----a-w-	c:\users\***\AppData\Roaming\sjh4fgl24_Z4[j5-1]vk-w.tmp
2011-03-11 08:23 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-03-11 08:23 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-03-11 08:03 . 2009-08-18 10:24	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-10 11:00 . 2011-03-10 11:00	368640	----a-w-	c:\windows\SysWow64\ReWire.dll
2011-03-10 11:00 . 2011-03-10 11:00	233472	----a-w-	c:\windows\SysWow64\REX Shared Library.dll
2011-03-09 10:32 . 2011-03-09 10:32	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2011-02-24 17:21 . 2011-03-09 14:05	2753512	----a-w-	c:\windows\system32\drivers\RTKVHD64.sys
2011-02-22 14:52 . 2011-03-09 14:04	2075712	----a-w-	c:\windows\system32\FMAPO64.dll
2011-02-22 10:16 . 2011-03-09 14:05	2369128	----a-w-	c:\windows\system32\RtPgEx64.dll
2011-02-18 09:49 . 2011-03-08 21:05	2839656	----a-w-	c:\windows\system32\RtkAPO64.dll
2011-02-17 13:03 . 2011-03-09 14:04	648296	----a-w-	c:\windows\system32\RtkApi64.dll
2011-02-16 12:11 . 2011-03-09 14:04	84072	----a-w-	c:\windows\system32\RCoInst64.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-05-12_18.55.02   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-08 18:41 . 2011-05-13 14:45	56766              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-05-12 18:06	30494              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-13 14:45	30494              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-08 18:30 . 2011-05-13 14:45	13734              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3005876921-2081498579-3243624207-1001_UserData.bin
- 2011-03-08 18:30 . 2011-05-12 18:05	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-08 18:30 . 2011-05-13 14:43	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-08 18:30 . 2011-05-13 14:43	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-08 18:30 . 2011-05-12 18:05	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-08 18:30 . 2011-05-12 18:05	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-08 18:30 . 2011-05-13 14:43	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-08 18:30 . 2011-05-12 18:05	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-08 18:30 . 2011-05-13 14:43	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-08 18:30 . 2011-05-12 18:05	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-08 18:30 . 2011-05-13 14:43	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-12 18:04 . 2011-05-12 18:04	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-13 14:56 . 2011-05-13 14:56	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-12 18:04 . 2011-05-12 18:04	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-13 14:56 . 2011-05-13 14:56	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-05-12 18:03	369360              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-05-13 14:56	369360              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-08 21:40 . 2011-05-13 14:56	5031596              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3005876921-2081498579-3243624207-1001-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2010-07-15 2158592]
"ESL Wire"="c:\program files\EslWire\wire.exe" [2011-05-09 4020224]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"TrayServer"="c:\program files (x86)\MAGIX\Video_deluxe_17_Download-Version\TrayServer.exe" [2008-08-07 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R4 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [x]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2008-11-28 34048]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-12-14 2019648]
S3 ALSysIO;ALSysIO;c:\users\Josh\AppData\Local\Temp\ALSysIO64.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3005876921-2081498579-3243624207-1001Core.job
- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-21 06:43]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3005876921-2081498579-3243624207-1001UA.job
- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-21 06:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\cofi\CF27722.cfxxe" [X]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 2314120]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/sk27211/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Josh\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\rv3mevtg.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - google.de|facebook.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=sk27211&tb_ver=1.1.9&q=
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3005876921-2081498579-3243624207-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3005876921-2081498579-3243624207-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*H*a*l*f*ZÝÄv\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3005876921-2081498579-3243624207-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3005876921-2081498579-3243624207-1001\Software\SecuROM\License information*]
"datasecu"=hex:74,63,f4,2e,10,48,33,82,a3,62,fe,15,cd,1f,56,29,a3,ca,82,8c,fa,
   a2,2e,b2,a1,6e,b2,94,48,3d,71,59,1a,00,a9,98,22,4e,42,41,a2,fb,c3,8e,4b,3b,\
"rkeysecu"=hex:c5,c8,0e,fe,d5,87,3e,63,08,0d,93,ed,0d,59,e1,b4
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\NVIDIA Corporation\Installer2\NVIDIA.Update.1\ComUpdatus.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-13  17:00:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-13 15:00
ComboFix2.txt  2011-05-12 18:56
.
Vor Suchlauf: 13.372.284.928 bytes free
Nach Suchlauf: 13.167.546.368 bytes free
.
- - End Of File - - 357A04E0A6608A0F3E2F2B319AFEB0BB

--- --- ---

dr.hardcore · 13.05.2011, 17:16

immer noch keine verbesserung

cosinus · 13.05.2011, 18:20

Besserung - was? Wir sind auch noch nicht durch, hab ich nicht gesagt, dass es nach CF getan wäre

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

dr.hardcore · 13.05.2011, 22:19

Hier der Log von MBRCheck :

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: BIOSTAR Group
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: BIOSTAR Group
System Product Name: GF8200C M2+
Logical Drives Mask: 0x000001bd

Kernel Drivers (total 200):
0x0340F000 \SystemRoot\system32\ntoskrnl.exe
0x039F8000 \SystemRoot\system32\hal.dll
0x00BB6000 \SystemRoot\system32\kdcom.dll
0x00CB1000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CBE000 \SystemRoot\system32\PSHED.dll
0x00CD2000 \SystemRoot\system32\CLFS.SYS
0x00D30000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DF0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E50000 \SystemRoot\system32\drivers\ACPI.sys
0x00EA7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00EB0000 \SystemRoot\system32\drivers\msisadrv.sys
0x00EBA000 \SystemRoot\system32\drivers\pci.sys
0x00EED000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00EFA000 \SystemRoot\System32\drivers\partmgr.sys
0x00F0F000 \SystemRoot\system32\drivers\volmgr.sys
0x00F24000 \SystemRoot\System32\drivers\volmgrx.sys
0x00F80000 \SystemRoot\system32\drivers\pciide.sys
0x00F87000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00F97000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FB1000 \SystemRoot\system32\drivers\vmbus.sys
0x00E00000 \SystemRoot\system32\drivers\winhv.sys
0x00E14000 \SystemRoot\system32\drivers\atapi.sys
0x00E1D000 \SystemRoot\system32\drivers\ataport.SYS
0x00FED000 \SystemRoot\system32\drivers\amdxata.sys
0x010F6000 \SystemRoot\system32\drivers\fltmgr.sys
0x01142000 \SystemRoot\system32\drivers\fileinfo.sys
0x01202000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01156000 \SystemRoot\System32\Drivers\msrpc.sys
0x013A5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x013C0000 \SystemRoot\System32\drivers\pcw.sys
0x013D1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01436000 \SystemRoot\system32\drivers\ndis.sys
0x01529000 \SystemRoot\system32\drivers\NETIO.SYS
0x01589000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0160C000 \SystemRoot\System32\drivers\tcpip.sys
0x01810000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0185A000 \SystemRoot\system32\drivers\vmstorfl.sys
0x0186A000 \SystemRoot\system32\drivers\volsnap.sys
0x018B6000 \SystemRoot\System32\Drivers\spldr.sys
0x018BE000 \SystemRoot\SysWOW64\speedfan.sys
0x018C5000 \SystemRoot\System32\drivers\rdyboost.sys
0x018FF000 \SystemRoot\System32\Drivers\mup.sys
0x01911000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0191A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01954000 \SystemRoot\system32\DRIVERS\disk.sys
0x0196A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x019D0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01600000 \SystemRoot\System32\Drivers\Null.SYS
0x015B4000 \SystemRoot\System32\Drivers\Beep.SYS
0x015BB000 \SystemRoot\System32\drivers\vga.sys
0x015C9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x015EE000 \SystemRoot\System32\drivers\watchdog.sys
0x01400000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01409000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01412000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0141B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x013DB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01072000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01426000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03E59000 \SystemRoot\system32\drivers\afd.sys
0x03EE2000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03F27000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03F30000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03F56000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03F6C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03F7B000 \SystemRoot\system32\DRIVERS\serial.sys
0x03F98000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x03FDB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03E00000 \SystemRoot\system32\drivers\termdd.sys
0x01094000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03E14000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03E20000 \SystemRoot\system32\drivers\mssmbios.sys
0x03E2B000 \SystemRoot\System32\drivers\discache.sys
0x0402E000 \SystemRoot\system32\drivers\csc.sys
0x040B1000 \SystemRoot\System32\Drivers\dfsc.sys
0x040CF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x040E0000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x04102000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04128000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x0413D000 \SystemRoot\system32\DRIVERS\serenum.sys
0x04149000 \SystemRoot\system32\DRIVERS\fdc.sys
0x04156000 \SystemRoot\system32\DRIVERS\parport.sys
0x04173000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0417E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x041D4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04000000 \SystemRoot\system32\drivers\HDAudBus.sys
0x06AD5000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x0F02E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FCD3000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x0FCD5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x06B2A000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0FDC9000 \SystemRoot\system32\drivers\wmiacpi.sys
0x0FDD2000 \SystemRoot\system32\drivers\CompositeBus.sys
0x0FDE2000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0F000000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x06B70000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x06B7C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x06BAB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x06BC6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x06A00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0F024000 \SystemRoot\system32\DRIVERS\ESLvnic.sys
0x06A1A000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x06A25000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x06A34000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0FDF8000 \SystemRoot\system32\drivers\swenum.sys
0x06A43000 \SystemRoot\system32\drivers\ks.sys
0x06A86000 \SystemRoot\system32\drivers\umbus.sys
0x06A98000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x06EC8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x06F22000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0780D000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x07AAC000 \SystemRoot\system32\drivers\portcls.sys
0x07AE9000 \SystemRoot\system32\drivers\drmk.sys
0x07B0B000 \SystemRoot\system32\drivers\ksthunk.sys
0x07B11000 \SystemRoot\system32\drivers\nvhda64v.sys
0x07B3E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x07B5B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x07B69000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x07B75000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x07B7E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x07B91000 \SystemRoot\System32\drivers\Dxapi.sys
0x07B9D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07BBA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x07BBC000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x07BCE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07BD7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x07BE5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06F37000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x07800000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06F45000 \SystemRoot\system32\DRIVERS\point64k.sys
0x06F53000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00490000 \SystemRoot\System32\TSDDD.dll
0x00770000 \SystemRoot\System32\cdd.dll
0x06F61000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x00940000 \SystemRoot\System32\ATMFD.DLL
0x06F72000 \SystemRoot\system32\drivers\luafv.sys
0x06F95000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x06FB2000 \SystemRoot\system32\drivers\WudfPf.sys
0x06FD3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06E00000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06E53000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x06E66000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03838000 \SystemRoot\system32\drivers\HTTP.sys
0x03901000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0391F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03937000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03964000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x039B1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0546C000 \??\C:\Windows\system32\drivers\ESLWireACD.sys
0x05521000 \SystemRoot\sysWOW64\drivers\npf_devolo.sys
0x0552D000 \SystemRoot\system32\drivers\peauth.sys
0x055D3000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0629E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x062CF000 \SystemRoot\System32\drivers\tcpipreg.sys
0x062E1000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0634B000 \SystemRoot\System32\DRIVERS\srv.sys
0x063E3000 \??\C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
0x063EB000 \??\C:\Users\Josh\AppData\Local\Temp\ALSysIO64.sys
0x77C50000 \Windows\System32\ntdll.dll
0x47CF0000 \Windows\System32\smss.exe
0xFFF70000 \Windows\System32\apisetschema.dll
0xFFED0000 \Windows\System32\autochk.exe
0xFFE80000 \Windows\System32\advapi32.dll
0xFFE50000 \Windows\System32\imm32.dll
0xFFD40000 \Windows\System32\msctf.dll
0x77B30000 \Windows\System32\kernel32.dll
0xFFC10000 \Windows\System32\wininet.dll
0xFFB70000 \Windows\System32\comdlg32.dll
0xFFB50000 \Windows\System32\sechost.dll
0xFF970000 \Windows\System32\setupapi.dll
0xFF710000 \Windows\System32\iertutil.dll
0xFF6C0000 \Windows\System32\ws2_32.dll
0xFF590000 \Windows\System32\rpcrt4.dll
0xFF510000 \Windows\System32\shlwapi.dll
0xFF500000 \Windows\System32\nsi.dll
0xFF460000 \Windows\System32\msvcrt.dll
0x77E20000 \Windows\System32\psapi.dll
0xFE6D0000 \Windows\System32\shell32.dll
0xFE650000 \Windows\System32\difxapi.dll
0xFE570000 \Windows\System32\oleaut32.dll
0x77A30000 \Windows\System32\user32.dll
0xFE510000 \Windows\System32\Wldap32.dll
0xFE390000 \Windows\System32\urlmon.dll
0xFE2C0000 \Windows\System32\usp10.dll
0xFE250000 \Windows\System32\gdi32.dll
0xFE230000 \Windows\System32\imagehlp.dll
0x77E10000 \Windows\System32\normaliz.dll
0xFE220000 \Windows\System32\lpk.dll
0xFE010000 \Windows\System32\ole32.dll
0xFDF70000 \Windows\System32\clbcatq.dll
0xFDED0000 \Windows\System32\comctl32.dll
0xFDEB0000 \Windows\System32\devobj.dll
0xFDE70000 \Windows\System32\cfgmgr32.dll
0xFDD00000 \Windows\System32\crypt32.dll
0xFDC90000 \Windows\System32\KernelBase.dll
0xFDC50000 \Windows\System32\wintrust.dll
0xFDC40000 \Windows\System32\msasn1.dll

Processes (total 73):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
440 csrss.exe
500 C:\Windows\System32\wininit.exe
532 csrss.exe
556 C:\Windows\System32\services.exe
572 C:\Windows\System32\lsass.exe
580 C:\Windows\System32\lsm.exe
644 C:\Windows\System32\winlogon.exe
728 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\nvvsvc.exe
868 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
252 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1396 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1408 C:\Windows\System32\nvvsvc.exe
1504 C:\Windows\System32\spoolsv.exe
1552 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1660 C:\Windows\System32\svchost.exe
1788 C:\Windows\SysWOW64\svchost.exe
1808 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1856 C:\Windows\System32\svchost.exe
1916 C:\Windows\SysWOW64\PnkBstrA.exe
1124 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1080 C:\Windows\System32\conhost.exe
1188 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1696 C:\Windows\System32\svchost.exe
2056 C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
2112 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2276 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2668 C:\Windows\System32\taskhost.exe
2728 C:\Windows\System32\taskeng.exe
2740 C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
2760 C:\Windows\System32\dwm.exe
2808 C:\Windows\explorer.exe
2864 C:\Program Files\Core Temp\Core Temp.exe
3024 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3032 C:\Program Files\Microsoft IntelliType Pro\itype.exe
3040 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2240 C:\Program Files\Windows Sidebar\sidebar.exe
1572 C:\Program Files (x86)\Vtune\TBPANEL.exe
2680 C:\Program Files\EslWire\wire.exe
3312 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
3392 C:\Windows\System32\svchost.exe
3756 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3988 WmiPrvSE.exe
4004 WmiPrvSE.exe
1332 C:\Program Files\EslWire\inGame32.exe
1888 C:\Windows\System32\SearchIndexer.exe
2632 C:\Program Files\EslWire\dbus-daemon.exe
2616 C:\Windows\System32\conhost.exe
3784 C:\Program Files\Windows Media Player\wmpnetwk.exe
4948 C:\Windows\System32\svchost.exe
4320 WmiPrvSE.exe
1116 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5376 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
5456 dllhost.exe
5208 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
5308 C:\Windows\System32\svchost.exe
2008 C:\Program Files (x86)\Skype\Phone\Skype.exe
4784 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
5672 C:\Windows\System32\audiodg.exe
424 C:\Windows\System32\taskeng.exe
3688 C:\Windows\System32\SearchProtocolHost.exe
3368 C:\Windows\System32\SearchFilterHost.exe
5568 C:\Windows\System32\notepad.exe
2788 C:\Users\Josh\Downloads\MBRCheck.exe
4344 C:\Windows\System32\conhost.exe
4288 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000e`a6094200 (NTFS)

PhysicalDrive0 Model Number: WDCWD6401AALS-00J7B1, Rev: 05.00K05
PhysicalDrive1 Model Number: STM3500418AS, Rev: CC38

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
465 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Hier der von Osam:
OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 23:16:36 on 13.05.2011

OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 4.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-3005876921-2081498579-3243624207-1001Core.job" - "Google Inc." - C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3005876921-2081498579-3243624207-1001UA.job" - "Google Inc." - C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys  (File not found)
"ALSysIO" (ALSysIO) - ? - C:\Users\***\AppData\Local\Temp\ALSysIO64.sys  (File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"ESLWireAC" (ESLWireAC) - "<Turtle Entertainment>" - C:\Windows\system32\drivers\ESLWireACD.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"NetGroup Packet Filter Driver (devolo)" (NPF_devolo) - "CACE Technologies" - C:\Windows\sysWOW64\drivers\npf_devolo.sys
"speedfan" (speedfan) - "Windows (R) Server 2003 DDK provider" - C:\Windows\SysWOW64\speedfan.sys
"Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys  (File not found)
"TBPanel" (TBPanel) - ? - C:\Windows\system32\drivers\TBPanel.sys  (File not found)
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\ONFILTER.DLL
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2011\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2011\SDShelEx-win32.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
"ICQ7.4" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.4\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"ESL Wire" - "Turtle Entertainment GmbH" - "C:\Program Files\EslWire\wire.exe" --tray
"Skype" - "Skype Technologies S.A." - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"TBPanel" - ? - C:\Program Files (x86)\Vtune\TBPanel.exe /A
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"TrayServer" - "MAGIX AG" - C:\Program Files (x86)\MAGIX\Video_deluxe_17_Download-Version\TrayServer.exe                                                                                                                                                                                             

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"Akamai NetSession Interface" (Akamai) - ? - c:\program files (x86)\common files\akamai\netsession_win_3f211bc.dll  (File found, but it contains no detailed information)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File not found)
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
"Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

Hier der von gmer:
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-13 23:13:14
Windows 6.1.7601 Service Pack 1 
Running: zs7629yv.exe


---- Registry - GMER 1.0.15 ----

Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f8121                      
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f8121@0025e5307177         0x18 0x75 0xA0 0xF5 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f8121@00234555a322         0x3F 0x44 0xD6 0x97 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f8121@2021a53c74ae         0xB8 0xE3 0xA3 0x53 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f8121@f49f545733c5         0x01 0x2A 0xFC 0xB1 ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f8121 (not active ControlSet)  
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f8121@0025e5307177             0x18 0x75 0xA0 0xF5 ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f8121@00234555a322             0x3F 0x44 0xD6 0x97 ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f8121@2021a53c74ae             0xB8 0xE3 0xA3 0x53 ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f8121@f49f545733c5             0x01 0x2A 0xFC 0xB1 ...

---- Files - GMER 1.0.15 ----

File  C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb                                           0 bytes

---- EOF - GMER 1.0.15 ----

--- --- ---

cosinus · 13.05.2011, 22:31

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

dr.hardcore · 14.05.2011, 16:24

Hier SUPERAntiMalware:

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 05/14/2011 at 05:24 PM

Application Version : 4.52.1000

Core Rules Database Version : 7056
Trace Rules Database Version: 4868

Scan type : Complete Scan
Total Scan Time : 01:18:47

Memory items scanned : 711
Memory threats detected : 0
Registry items scanned : 14373
Registry threats detected : 0
File items scanned : 180259
File threats detected : 1

Adware.Tracking Cookie
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[2].txt

dr.hardcore · 14.05.2011, 16:45

Hier MAlwarebytes

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6555

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

14.05.2011 17:45:37
mbam-log-2011-05-14 (17-45-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 181706
Laufzeit: 19 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 14.05.2011, 17:43

Zitat:

Datenbank Version: 6555

Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

dr.hardcore · 14.05.2011, 20:50

Ok heri der neue Log:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6579

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

14.05.2011 20:32:55
mbam-log-2011-05-14 (20-32-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 181706
Laufzeit: 20 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 15.05.2011, 11:29

Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

dr.hardcore · 15.05.2011, 14:28

Ne läuft wieder Danke werde bei problemen auf jeden fall wieder hier fragen ^^

cosinus · 15.05.2011, 14:41

Dann wären wir durch!

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

13.05.2011, 22:31	#23
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Anwendungen beenden sich von selbst Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

15.05.2011, 11:29	#28
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Anwendungen beenden sich von selbst Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit? __________________ Logfiles bitte immer in CODE-Tags posten

Anwendungen beenden sich von selbst

Log-Analyse und Auswertung: Anwendungen beenden sich von selbst