|
Log-Analyse und Auswertung: Bitte Prüfen, Cpu Auslastung Steigt und SinktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.07.2007, 19:05 | #1 |
| Bitte Prüfen, Cpu Auslastung Steigt und Sinkt Bitte Einmal Beide Logs Anschauen, Ist Irgendetwas Auffäliges Zu sehen ? Folgendes Problem, Wenn ich in msn tippe.. und den task manager auf mache sehe ich das die auslastung extrem ansteigt, und das geschriebene ruckelt dann erst mal hinter her, an was kann das liegen ? ich hoffe ihr versteht was ich meine StartupList report, 29.07.2007, 20:00:37 StartupList version: 1.52.2 Started from : C:\Programme\Hijackthis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programme\cFosSpeed\spd.exe C:\Programme\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\oodag.exe C:\Programme\Spyware Doctor\sdhelp.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\cFosSpeed\cFosSpeed.exe C:\Alles\Darkfix.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Rainlendar\Rainlendar.exe C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE C:\Programme\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Winamp\Winamp.exe C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Programme\Hijackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Dokumente und Einstellungen\Schmidt T\Startmenü\Programme\Autostart] Rainlendar.lnk = C:\Programme\Rainlendar\Rainlendar.exe Shell folders Common Startup: [C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart] Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ATIPTA = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" cFosSpeed = C:\Programme\cFosSpeed\cFosSpeed.exe Gamma = "C:\Alles\Darkfix.exe" -silent avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = "C:\Programme\MSN Messenger\msnmsgr.exe" /background -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce ICQ Lite = C:\Programme\ICQLite\ICQLite.exe -trayboot -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=wbsys.dll -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} (no name) - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -------------------------------------------------- Enumerating Task Scheduler jobs: 1-Click Maintenance.job -------------------------------------------------- Enumerating Download Program Files: [Nexon Package Manager Control] InProcServer32 = C:\WINDOWS\nxpm.ocx CODEBASE = http://file.nx.com/activex/public_new/nxpm.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: 0aMCPClient: *Registry key not found* PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll UPnPMonitor: C:\WINDOWS\system32\upnpui.dll -------------------------------------------------- End of report, 6.932 bytes Report generated in 0,016 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only _______________________________________ Logfile of HijackThis v1.99.1 Scan saved at 20:00:11, on 29.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programme\cFosSpeed\spd.exe C:\Programme\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\oodag.exe C:\Programme\Spyware Doctor\sdhelp.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\cFosSpeed\cFosSpeed.exe C:\Alles\Darkfix.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Rainlendar\Rainlendar.exe C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE C:\Programme\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Winamp\Winamp.exe C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Programme\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cFosSpeed.exe O4 - HKLM\..\Run: [Gamma] "C:\Alles\Darkfix.exe" -silent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: Rainlendar.lnk = C:\Programme\Rainlendar\Rainlendar.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Programme\cFosSpeed\spd.exe" -service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe |
24.08.2007, 13:31 | #2 |
| Bitte Prüfen, Cpu Auslastung Steigt und Sinkt C:\Programme\Rainlendar\Rainlendar.exe
__________________C:\WINDOWS\system32\wdfmgr.exe <---- denke W32/Agobot-TB lass die mal bei virustotal scannen .... |
24.08.2007, 14:20 | #3 | |
/// AVZ-Toolkit Guru | Bitte Prüfen, Cpu Auslastung Steigt und Sinkt Hallo.
__________________Zitat:
Du hast jede Menge Müll auf dem Rechner. SpywarDoctor ist übrigens RougeAntiSpyware als ebenfalls schädlich. Ich würde den Rechner auf jeden Fall neuaufsetzten und hinterher absichern! Anleitung ist in meiner Signatur verlinkt. mfg Undoreal
__________________ |
Themen zu Bitte Prüfen, Cpu Auslastung Steigt und Sinkt |
acroiehelper.dll, ad-aware, adobe, antivirus, appinit_dlls, auslastung, avast, bho, browser, cpu, einstellungen, explorer, helper, hijack, hijackthis, internet, internet explorer, pc tools spyware doctor, problem, programme, prüfen, registry, registry key, registry value, saver, screensaver, shockwave, software, spyware, system, ups, userinit.exe, windows, windows xp |