Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Auslastung

Auslastung


Log-Analyse und Auswertung: Auslastung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 02.06.2008, 16:37   #1
ChrissiVolli
 
Auslastung - Standard

Auslastung


Hi
seit einer Woche spinnt mein rechner irgendwie.
Ram-Auslastung liegt bei 40-60% (vorher 35%) und der Prozessor schnellt einfach mal auf 100% hoch (beide Kerne!).
Was ist da los?

Benutze windows Vista Ultimate 32 Bit

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:56, on 02.06.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\****\QIP\infium.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.rls-clan.com/burnout/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ****'s Web
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Übersetzen mit &dict.leo.org - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tutrans.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - h**p://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - h**p://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: MySql - Unknown owner - C:/xampp/mysql/bin/mysqld.exe (file missing)
O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Stealth Service Helper (StealthInjectorService) - Softwareentwicklung Remus - C:\Program Files\ArchiCrypt Stealth 4\IJStealth4Svc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TwonkyVision MediaServer (TwonkyVision_Media_Server) - PacketVideo - C:\Program Files\TwonkyMedia\TwonkyMedia.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe (file missing)

--
End of file - 10946 bytes

Alt 03.06.2008, 06:37   #2
markusg
/// Malware-holic
 
Auslastung - Standard

Auslastung


lad bitte combofix führe es nach anleitung aus
Combofix
poste das log.
__________________
Alt 03.06.2008, 10:37   #3
ChrissiVolli
 
Auslastung - Standard

Auslastung


ComboFix 08-06-01.6 - NAME 2008-06-03 11:16:43.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1031.18.1228 [GMT 2:00]
ausgeführt von:: C:\Users\NAME\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\101.gif
C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\102.gif
C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\103.gif
C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\104.gif
C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\105.gif
C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\106.gif
C:\Windows\system32\h@tkeysh@@k.dll
C:\Windows\system32\MSINET.oca
C:\Windows\system32\mspformat.exe
C:\Windows\windows_svr.exe
D:\Autorun.inf

.
((((((((((((((((((((((( Dateien erstellt von 2008-05-03 bis 2008-06-03 ))))))))))))))))))))))))))))))
.

Keine neuen Dateien erstellt in diesem Zeitraum

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2099-07-03 12:44 --------- d-----w C:\Users\NAME\AppData\Roaming\ATI
2099-07-03 12:30 --------- d-----w C:\Program Files\ATI
2099-07-03 12:08 --------- d-sh--w C:\ProgramData\Vorlagen
2099-07-03 12:08 --------- d-sh--w C:\ProgramData\Startmenü
2099-07-03 12:08 --------- d-sh--w C:\ProgramData\Favoriten
2099-07-03 12:08 --------- d-sh--w C:\ProgramData\Dokumente
2099-07-03 12:08 --------- d-sh--w C:\ProgramData\Anwendungsdaten
2008-06-03 09:00 --------- d-----w C:\Users\NAME\AppData\Roaming\TwonkyMedia
2008-06-03 08:59 --------- d-----w C:\ProgramData\VMware
2008-06-01 14:46 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-30 08:26 --------- d-----w C:\Users\NAME\AppData\Roaming\PC Tools
2008-05-30 08:20 --------- d-----w C:\ProgramData\SecTaskMan
2008-05-30 08:14 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-30 08:10 --------- d-----w C:\Program Files\Security Task Manager
2008-05-30 07:48 --------- d-----w C:\Program Files\Trend Micro
2008-05-29 19:24 --------- d-----w C:\Users\NAME\AppData\Roaming\FileZilla
2008-05-29 13:05 --------- d-----w C:\Users\NAME\AppData\Roaming\TeamViewer
2008-05-29 07:11 --------- d-----w C:\Users\NAME\AppData\Roaming\Atari
2008-05-29 07:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 06:57 --------- d-----w C:\Users\NAME\AppData\Roaming\Leadertech
2008-05-29 06:57 --------- d-----w C:\Program Files\Common Files\PocketSoft
2008-05-29 06:50 --------- d-----w C:\Program Files\Atari
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-04-29 17:08 --------- d-----w C:\Program Files\QuickTime
2008-04-29 17:02 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-29 17:00 --------- d-----w C:\Program Files\Apple Software Update
2008-04-29 12:42 --------- d-----w C:\Program Files\Windows Shutdown
2008-04-27 18:15 --------- d-----w C:\Program Files\ICQ6
2008-04-21 08:55 --------- d-----w C:\Program Files\Google
2008-04-20 18:58 --------- d-----w C:\Program Files\Game Graphic Studio
2008-04-17 17:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-15 16:25 --------- d-----w C:\Program Files\IncrediMail
2008-04-15 15:54 --------- d-----w C:\ProgramData\IM
2008-04-15 15:50 --------- d-----w C:\ProgramData\IncrediMail
2008-04-15 14:31 --------- d-----w C:\Program Files\Empire Interactive
2008-04-14 20:26 --------- d-----w C:\Users\NAME\AppData\Roaming\LimeWire
2008-04-14 19:32 --------- d-----w C:\Program Files\LimeWire
2008-04-14 19:13 --------- d-----w C:\Users\NAME\AppData\Roaming\Skype
2008-04-14 16:53 --------- d-----w C:\Users\NAME\AppData\Roaming\skypePM
2008-04-12 22:15 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-12 21:40 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-04-12 21:40 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-04-12 21:39 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-04-12 21:39 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-04-12 21:38 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-04-12 21:38 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-12 21:38 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-12 21:38 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-04-12 21:38 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-04-12 21:38 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-04-12 21:38 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-04-12 21:38 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-04-12 21:37 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-04-12 21:37 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-04-12 21:37 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-04-12 21:37 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-04-12 21:37 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-04-12 21:37 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-04-12 21:37 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-12 21:36 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-04-12 21:36 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-04-12 21:36 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-04-12 21:34 99,840 ----a-w C:\Windows\System32\poqexec.exe
2008-04-12 21:34 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-04-12 21:34 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-04-12 21:31 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-04-12 18:28 --------- d-----w C:\Program Files\RobotKarol
2008-04-12 15:53 --------- d-----w C:\Program Files\VB RezQ
2008-04-12 15:49 --------- d-----w C:\Program Files\EA SPORTS
2008-04-12 15:43 --------- d-----w C:\ProgramData\MAGIX
2008-04-12 15:42 --------- d-----w C:\Program Files\WS_FTP
2008-04-12 15:39 --------- d-----w C:\Program Files\Reallusion
2008-04-12 15:31 --------- d-----w C:\Program Files\Active WebCam
2008-04-12 15:10 --------- d-----w C:\Users\Besucher\AppData\Roaming\Ipswitch
2008-04-07 09:39 --------- d-----w C:\Program Files\DynDNS Updater
2008-04-06 18:07 --------- d-----w C:\Users\NAME\AppData\Roaming\VMware
2008-03-10 16:59 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-10 16:59 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-10 16:59 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-10 16:59 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-03-10 16:59 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-10 16:59 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-10 16:59 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-01-08 16:27 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-08 16:27 32 ----a-w C:\ProgramData\ezsid.dat
2007-12-10 16:58 69 ----a-w C:\Users\NAME\AppData\Roaming\win.bat
2007-12-10 16:58 34,816 ----a-w C:\Users\NAME\AppData\Roaming\fwbmz.dll
2007-12-10 16:57 97,098 ----a-w C:\Users\NAME\AppData\Roaming\test.exe
2007-10-11 05:34 174 --sha-w C:\Program Files\desktop.ini
2007-09-01 16:26 713 ----a-w C:\Program Files\MSN Messenger.lnk
2006-05-24 15:38 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-18 16:00 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 13:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-05-18 15:59 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 11:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 17:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 10:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 10:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 10:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 10:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2008-01-23 11:21 61 --sh--w C:\Windows\cnerolf.bin
2007-11-16 18:31 176,128 --sha-w C:\Windows\moo2.exe
2007-11-17 20:01 184,320 --sh--w C:\Windows\winsrvs.exe
2007-12-11 13:33 237,568 --sh--w C:\Windows\win_service.exe
.

------- Sigcheck -------

.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-12 23:36 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:34 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:33 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-01-03 16:22 598016 C:\Windows\SOUNDMAN.EXE]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"ATIModeChange"="Ati2mdxx.exe" [2007-03-15 02:50 26112 C:\Windows\System32\Ati2mdxx.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoAddPrinter"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VIS2"= vis2.dll
"msacm.l3codec"= l3codecp.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ODBC Setup (Delete Once Installed).lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ODBC Setup (Delete Once Installed).lnk
backup=C:\Windows\pss\ODBC Setup (Delete Once Installed).lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-04-01 19:02 40960 C:\Users\NAME\Documents\Visual Studio 2005\Projects\keylogger\keylogger\bin\Debug\keylogger.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Users\NAME\Program Files\BitTorrent_DNA\dna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2007-10-23 02:47 360448 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
--a------ 2007-05-01 23:52 68400 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WIN32]
C:\Windows\system32\WIN32.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"DynDNS Updater"="C:\Program Files\DynDNS Updater\DynDNS.exe"
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"AtiPTA"=atiptaxx.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
"Profiler"=C:\Program Files\Saitek\Software\Profiler.exe
"WebcamMaxMoniter"="C:\Program Files\WebcamMax\wcmmon.exe" /a
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"TrayServer"=C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe"
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
__________________
Alt 03.06.2008, 10:38   #4
ChrissiVolli
 
Auslastung - Standard

Auslastung


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{232799DD-30B6-4F29-B90C-7F999D3EF590}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DCF33868-32B3-41BB-BF40-B3C66E56C2C4}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BB689FAC-4E39-4640-A7E8-251CE077BEFF}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F6CF90FF-1877-4C3C-8C10-E9A65D002AC2}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BF333E9A-16C9-4F97-8D8A-93E9EF0580B0}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{2CB365EE-9730-4A31-8052-07C6A4984C72}C:\\program files\\qip\\qip.exe"= UDP:C:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{667FCC85-19CC-4091-A28C-CC6736DF1472}C:\\program files\\qip\\qip.exe"= TCP:C:\program files\qip\qip.exe:Quiet Internet Pager
"{D0BE2227-7472-4AF2-9FF1-C1E4E51EB1AE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{CD3C84D8-B2B3-41A1-8620-00BEA62786A7}D:\\programme\\rockstar games\\grand theft auto san andreas\\samp\\samp-server.exe"= UDP:\programme\rockstar games\grand theft auto san andreas\samp\samp-server.exe:samp-server
"UDP Query User{9006CDA1-A84F-4793-8C53-119F480657D2}D:\\programme\\rockstar games\\grand theft auto san andreas\\samp\\samp-server.exe"= TCP:\programme\rockstar games\grand theft auto san andreas\samp\samp-server.exe:samp-server
"{FF3DBBC8-345B-42DF-B780-DC55AFF5FCAB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BB02A0B8-C185-4C08-A69C-89F44591DE5C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{0BB7CFFB-49B3-472A-8504-64803E238481}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows-Sidebar
"UDP Query User{9AC2EDCA-A796-4A08-A86B-05C9F2025076}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows-Sidebar
"TCP Query User{E4C7C2C4-B172-4A22-B131-3FDD560E0877}C:\\program files\\ipswitch\\ws_ftp professional\\wsftpgui.exe"= UDP:C:\program files\ipswitch\ws_ftp professional\wsftpgui.exe:WS_FTP Pro Application
"UDP Query User{58CF1B34-40A3-495A-B263-E75401ECA7A4}C:\\program files\\ipswitch\\ws_ftp professional\\wsftpgui.exe"= TCP:C:\program files\ipswitch\ws_ftp professional\wsftpgui.exe:WS_FTP Pro Application
"TCP Query User{D3F4F0D0-6AB2-42C6-A5C3-8677E6AE5412}C:\\users\\NAME\\qip\\infium.exe"= UDP:C:\users\NAME\qip\infium.exe:infium.exe
"UDP Query User{42D39736-5174-4F67-8322-10071E85DD97}C:\\users\\NAME\\qip\\infium.exe"= TCP:C:\users\NAME\qip\infium.exe:infium.exe
"TCP Query User{19A1B849-06ED-40FD-8680-816D61E261D9}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{05EE4F41-9130-40D1-BC7C-42B002B31DA7}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{FC9AB9B7-AC4A-4135-A50D-9277A30DE251}C:\\users\\NAME\\documents\\visual studio 2005\\projects\\acwwclanclient\\acwwclanclient\\bin\\debug\\acwwclan.com client alpha ii.vshost.exe"= UDP:C:\users\NAME\documents\visual studio 2005\projects\acwwclanclient\acwwclanclient\bin\debug\acwwclan.com client alpha ii.vshost.exe:acwwclan.com client alpha ii.vshost.exe
"UDP Query User{236D25AA-759A-4688-9DA1-CEBB272CF0D9}C:\\users\\NAME\\documents\\visual studio 2005\\projects\\acwwclanclient\\acwwclanclient\\bin\\debug\\acwwclan.com client alpha ii.vshost.exe"= TCP:C:\users\NAME\documents\visual studio 2005\projects\acwwclanclient\acwwclanclient\bin\debug\acwwclan.com client alpha ii.vshost.exe:acwwclan.com client alpha ii.vshost.exe
"TCP Query User{F3FE7F31-7967-4379-A33A-37F012AAB6A9}C:\\program files\\vidsoft\\vidconference\\vidconference.exe"= UDP:C:\program files\vidsoft\vidconference\vidconference.exe:VidConference
"UDP Query User{711D53A7-1A87-4C2E-82F7-EB52CC6DDD8A}C:\\program files\\vidsoft\\vidconference\\vidconference.exe"= TCP:C:\program files\vidsoft\vidconference\vidconference.exe:VidConference
"{20079557-CC87-421F-AB9C-DA726F0799A7}"= UDP:3306:mysql
"{AC03698E-5E68-4365-9851-A749D26C5210}"= UDP:C:\Users\NAME\DesktopßOtaku\Server.exe:Server.exe
"{B359127A-02FE-4353-B72D-AC738958970B}"= TCP:C:\Users\NAME\DesktopßOtaku\Server.exe:Server.exe
"{F84C6D77-CF87-4F81-8C2F-5C52388892E7}"= UDP:1232:1232
"TCP Query User{4E2A543B-47C4-483B-B58B-050FA2916CD8}C:\\program files\\konami\\pro evolution soccer 6\\online pes6.exe"= UDP:C:\program files\konami\pro evolution soccer 6\online pes6.exees6.exe
"UDP Query User{BD90589D-315E-4A65-8724-1C5E37A84CA0}C:\\program files\\konami\\pro evolution soccer 6\\online pes6.exe"= TCP:C:\program files\konami\pro evolution soccer 6\online pes6.exees6.exe
"TCP Query User{9CD001FE-D48B-4363-9D17-6D547EA1E5DC}C:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:C:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"UDP Query User{06BC741F-C597-4539-8E55-F904E64E1599}C:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:C:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"{948D4C42-2783-4A95-8F7E-D682BB8837A5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{989B6C3D-313B-4FDF-9D90-0B0241CDF8E0}C:\\users\\NAME\\temp\\dyngate\\dyngate.exe"= UDP:C:\users\NAME\temp\dyngate\dyngate.exe:dyngate.exe
"UDP Query User{383F5C1F-DC5A-4C17-9FC0-ADFDF3B73AB5}C:\\users\\NAME\\temp\\dyngate\\dyngate.exe"= TCP:C:\users\NAME\temp\dyngate\dyngate.exe:dyngate.exe
"TCP Query User{8B2E3F81-6079-49C4-B27F-9D69EC1C785F}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{68094ABE-55AA-43B4-A876-6A50BF164DD5}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{DEE53B0C-D559-488F-A0C3-23603D9AE8D8}"= Disabled:UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:PES2008
"{A066BD44-9FAB-407C-A932-DBB726740816}"= Disabled:TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:PES2008
"TCP Query User{240D1F6A-85E3-4835-A3EE-5C34EC70C8BD}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"UDP Query User{30BCA4CD-F9D8-438B-A58D-996D0D36DC71}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"{CE18BE59-DEC3-478D-A2E8-23DA98FB5B60}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{70440DC2-819E-4F8E-AD18-1636300D0DB7}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{57B9207D-F5B2-4085-853A-1414C5939AD5}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{BA24E192-5D00-46A3-B198-09CE02088ED9}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{2F8442ED-D642-4687-BC1A-1B0640D7E9CB}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{7F11001A-D0B3-4DD9-B55E-38EC620D5AE8}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{6462DCAA-CB0E-4303-B37D-A5752DAC4521}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{6FBBC92F-BC8E-4FED-A9EA-44219FB2FF4A}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{3979BD0B-3453-4EE1-B159-7ED824D361D0}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{595E015C-9CE2-44BA-A2C4-1CF50CAADCE9}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{58F4B091-BAB6-42A4-B43D-132402E4C767}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{33D29A1A-2F12-4CB6-A857-70F58AFD8C7D}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{9493FBD0-68C3-4B16-9C50-CEA2C6D87854}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{13D54DB1-C6D7-49DD-8D52-7A90DD076B2B}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{CAD51173-0F07-49A8-8041-6B030906BFC6}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{F577CDEC-AEE2-44CF-8848-CF3582800019}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{7C57C6AB-655F-4322-B5E4-0151B0E13A06}C:\\program files\\microsoft games\\microsoft flight simulator x\\fsx.exe"= UDP:C:\program files\microsoft games\microsoft flight simulator x\fsx.exe:Microsoft Flight Simulator®
"UDP Query User{BF5A8354-6864-403D-AF16-E9C67491D128}C:\\program files\\microsoft games\\microsoft flight simulator x\\fsx.exe"= TCP:C:\program files\microsoft games\microsoft flight simulator x\fsx.exe:Microsoft Flight Simulator®
"TCP Query User{083DEA0F-5A85-46BF-9F27-65D513325C96}C:\\users\\NAME\\appdata\\local\\temp\\rar$ex00.938\\holograph log prog.exe"= UDP:C:\users\NAME\appdata\local\temp\rar$ex00.938\holograph log prog.exe:holograph log prog.exe
"UDP Query User{354F0886-CA80-4006-B90D-22144FA1ED65}C:\\users\\NAME\\appdata\\local\\temp\\rar$ex00.938\\holograph log prog.exe"= TCP:C:\users\NAME\appdata\local\temp\rar$ex00.938\holograph log prog.exe:holograph log prog.exe
"TCP Query User{E22C0B05-76E4-4A41-A2DC-E3DCA27E3B3F}C:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:C:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"UDP Query User{049CF341-24D5-4B4F-A748-2067652FBC33}C:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:C:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"TCP Query User{DC6E8BC7-9760-4DA0-B689-AC2CCB531F5F}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{375263E0-DE5B-48FD-B04F-C4B86804E284}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{5E32511C-38A0-4877-8AAA-A9B5E3834C6F}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{65FE683B-2077-4E98-BF1D-E0D3AD470B5D}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{DC02C8B0-DB39-47FC-A06F-71E273D90379}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8CDD51BF-DF2D-4ACD-92AA-D1F478964E0E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8961434F-BE5B-46E2-A733-068DC54D2330}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C9B0A012-A4D4-4CE4-842E-28E1D099854F}"= UDP:C:\Program Files\TwonkyMedia\TwonkyMedia.exe:TwonkyMedia
"{CFF11A38-BDB1-47B8-9137-B2C58E54A6B2}"= UDP:C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe:TwonkyMediaServer
"{3D100F48-B0B5-47CA-9DD6-81B61AD710ED}"= TCP:C:\Program Files\TwonkyMedia\TwonkyMedia.exe:TwonkyMedia
"{8C2D17EB-ECF0-4A52-B77E-0DE91266AFF3}"= TCP:C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe:TwonkyMediaServer
"TCP Query User{EAEA3780-353A-4316-B630-F6143E7C0DE6}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{93D67BAF-22B8-45DC-B04A-9E525264588A}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{AC0626A8-5B9E-4F1E-A45D-D9218FB69F45}C:\\users\\NAME\\qip\\infium.exe"= UDP:C:\users\NAME\qip\infium.exe:infium.exe
"UDP Query User{0C1A4DC7-6946-4B50-AE6B-AAD528F6F830}C:\\users\\NAME\\qip\\infium.exe"= TCP:C:\users\NAME\qip\infium.exe:infium.exe
"TCP Query User{032AADB3-D37B-4097-86A3-BB0C1A856792}C:\\program files\\reallusion\\crazytalk for skype\\ct4skype.exe"= UDP:C:\program files\reallusion\crazytalk for skype\ct4skype.exe:CrazyTalk
"UDP Query User{1AC9C1B9-FE3E-40BB-87F9-A95305740344}C:\\program files\\reallusion\\crazytalk for skype\\ct4skype.exe"= TCP:C:\program files\reallusion\crazytalk for skype\ct4skype.exe:CrazyTalk
"TCP Query User{B1603557-49AD-4644-A74C-CDD8D31746EF}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows-Sidebar
"UDP Query User{832CDADC-3CC6-4297-A540-82DD9BE1C302}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows-Sidebar
"TCP Query User{5555E479-DE96-40C2-B27F-E96BB290A06B}C:\\program files\\active webcam\\webcam.exe"= UDP:C:\program files\active webcam\webcam.exe:Active WebCam
"UDP Query User{5AEC01FA-E72E-4BA8-B659-45E00C095510}C:\\program files\\active webcam\\webcam.exe"= TCP:C:\program files\active webcam\webcam.exe:Active WebCam
"{0E6B3376-7D09-46EA-B243-3F65CCB0BE08}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{35C052A8-84F0-49A9-AB53-B1412CE81A28}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{29768C26-DDB9-4856-8C33-915AB022F20C}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{41264CEA-72E9-4D9F-95C4-CA22DB3792AF}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{19DE4C53-B6E6-457C-8A69-8B0A46803F31}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{A574FC20-ABBB-4411-808B-0277AF0DD54A}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|


R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 ACEDRV09;ACEDRV09;C:\Windows\system32\drivers\ACEDRV09.sys [2007-12-24 22:13]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 CamthWDM;WebcamMax, WDM Video Capture;C:\Windows\system32\DRIVERS\CamthWDM.sys [2007-01-11 07:39]
R2 MySQL51;MySQL51;"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.0\my.ini" MySQL51 []
R2 StealthInjectorService;Stealth Service Helper;C:\Program Files\ArchiCrypt Stealth 4\IJStealth4Svc.exe [2006-08-01 17:42]
R2 TimerStop;TimerStop;C:\Windows\system32\TimerStop.sys [2006-12-22 23:44]
R2 TwonkyVision_Media_Server;TwonkyVision MediaServer;C:\Program Files\TwonkyMedia\TwonkyMedia.exe [2007-08-15 15:47]
R2 UxTuneUp;TuneUp Designerweiterung;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-26 07:53]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\Windows\system32\drivers\libusb0.sys [2005-03-09 21:50]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe []
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-06-29 02:01]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-26 07:53]
S3 SaiClass;SaiClass;C:\Windows\system32\drivers\SaiNtBus.sys [2002-10-11 10:36]
S3 SaiHFF0C;SaiHFF0C;C:\Windows\system32\DRIVERS\SaiHFF0C.sys [2007-01-30 12:47]
S3 SaiUFF0C;SaiUFF0C;C:\Windows\system32\DRIVERS\SaiUFF0C.sys [2007-01-30 12:47]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\Windows\System32\TuneUpDefragService.exe [2008-03-01 15:15]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 18:00]
S3 XPADFL02;XPAD Filter Service 02;C:\Windows\system32\DRIVERS\xpadfl02.sys [2006-12-24 05:15]
S4 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0e1e468-2ac6-11dc-a872-0015582552d9}]
\shell\AutoRun\command - F:\setup.exe

*Newly Created Service* - CATCHME
.
Inhalt des "geplante Tasks" Ordners
"2008-06-03 09:00:03 C:\Windows\Tasks\1-Klick-Wartung.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-06-02 16:52:13 C:\Windows\Tasks\User_Feed_Synchronization-{578DB1F9-9581-45ED-85FA-164BF13C1847}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-06-03 09:25:00 C:\Windows\Tasks\User_Feed_Synchronization-{CE837273-B865-43EE-9672-8C79A2848543}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h**p://www.gmer.net
Rootkit scan 2008-06-03 11:22:44
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-06-03 11:28:14
ComboFix-quarantined-files.txt 2008-06-03 09:27:52

Das System hat keinen Meldungstext für die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden.
Das System hat keinen Meldungstext für die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden.

365 --- E O F --- 2008-04-12 21:41:48

Alt 03.06.2008, 14:46   #5
markusg
/// Malware-holic
 
Auslastung - Standard

Auslastung


hiermit gehts weiter:
* Lade Malwarebytes' Anti-Malware auf deinen Desktop herunter.
Malwarebytes.org
- 10k -
* Mache einen Doppel-Klick auf die mbam-setup.exe und folge den Hinweisen, um das Programm zu installieren.
* Vergewissere dich nun, dass folgende Optionen angehakt sind:

o Malwarebytes' Anti-Malware updaten
o Malwarebytes' Anti-Malware starten

* Klicke nun auf Fertigstellen.
* Wenn ein Update gefunden wird, wird es heruntergeladen und die neueste Version installieren.
* Wenn das Programm fertig geladen ist, wähle kompletScan durchführen, klicke auf Scan.
* Wenn der Scan beendet ist, klicke auf OK, dann auf Ergebnisse anzeigen.
* Vergewissere dich, dass neben allen Malware-Einträgen ein Häkchen sitzt.
* Klicke dann auf 'Ausgewähltes entfernen' und auf OK.


Antwort

Themen zu Auslastung
100%, adobe, antivirus, auslastung, avast, avast!, bho, bonjour, browser, computer, explorer, hijack, hijackthis, internet, internet explorer, magix, object, pdf, programdata, prozessor, rundll, senden, software, spyware, symantec, system, tuneup.defrag, vista, windows, windows sidebar


« Browser kehrt immer auf Google-Startseite zurück...Hilfe | Automatische Windows Updates können nicht aktiviert werden! »


Ähnliche Themen: Auslastung


  1. CPU-Auslastung 100%
    Alles rund um Windows - 16.07.2014 (15)
  2. CPU Auslastung 95-100%
    Plagegeister aller Art und deren Bekämpfung - 28.05.2013 (22)
  3. Xp Cpu Auslastung 100%
    Log-Analyse und Auswertung - 28.10.2011 (2)
  4. CPU auslastung 100%
    Plagegeister aller Art und deren Bekämpfung - 01.08.2009 (12)
  5. CPU auf 100% Auslastung
    Log-Analyse und Auswertung - 27.05.2009 (3)
  6. CPU - Auslastung 100%
    Log-Analyse und Auswertung - 17.05.2009 (0)
  7. 100% CPU Auslastung ...
    Alles rund um Windows - 03.06.2008 (7)
  8. 100% auslastung ...
    Log-Analyse und Auswertung - 17.05.2008 (0)
  9. CPU-Auslastung 100%
    Mülltonne - 10.05.2008 (0)
  10. CPU-Auslastung
    Log-Analyse und Auswertung - 06.05.2008 (11)
  11. CPU-Auslastung 100% ???
    Log-Analyse und Auswertung - 21.04.2008 (1)
  12. CPU Auslastung auf 100%
    Log-Analyse und Auswertung - 09.01.2008 (6)
  13. 100% cpu-auslastung
    Log-Analyse und Auswertung - 15.12.2007 (6)
  14. 100% CPU-Auslastung
    Plagegeister aller Art und deren Bekämpfung - 13.08.2007 (9)
  15. 100 % CPU-Auslastung
    Plagegeister aller Art und deren Bekämpfung - 03.09.2005 (3)
  16. CPU Auslastung 100%
    Log-Analyse und Auswertung - 29.05.2005 (6)
  17. 100% CPU auslastung
    Log-Analyse und Auswertung - 27.05.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Auslastung - Hi seit einer Woche spinnt mein rechner irgendwie. Ram-Auslastung liegt bei 40-60% (vorher 35%) und der Prozessor schnellt einfach mal auf 100% hoch (beide Kerne!). Was ist da los? Benutze - Auslastung...
Archiv
Du betrachtest: Auslastung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131