| |
| |||||||
Log-Analyse und Auswertung: svchost fehlerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
03.03.2009, 15:49
| #1 |
 |  svchost fehler Liebe Leut, mich hat wohl ein Trojaner erwischt. Die Symptome sind wie folgt: 1. Update von AVG geht nicht mehr 2. Sound geht nicht mehr 3. dauernde Fehlermeldungen von svchost.exe in speicher 0x00000008 4. Arbeitsplatz öffnet sich noch, aber der klick auf c: geht nicht mehr 5. windows updates gehen nicht mehr 6. nach der suche mit google geht erst eine neue, leere seite auf (firefox). da passiert aber nix, weil noscript läuft Der Speicher ist ok, da 2 riegel und 2 Bänke und untereinander getauscht. Diverse Virenscanner finden nichts (AVG, Kapersky online, F-secure) Hijack file wie folgt: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:16:51, on 03.03.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Programme\Google\Update\GoogleUpdate.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\BRMFRSMG.EXE C:\Programme\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Programme\Winamp\Winampa.exe C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe C:\Programme\Scansoft\PaperPort\pptd40nt.exe C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\CameraFixer.exe C:\WINDOWS\vsnpstd.exe C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\DAEMON Tools Lite\daemon.exe C:\Programme\GMX\GMX Upload-Manager\DAVSRV.EXE C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Programme\FinePixViewer\QuickDCF2.exe C:\Programme\Scansoft\PaperPort\SmartUI\SmartUI.exe C:\Programme\PC Connectivity Solution\ServiceLayer.exe C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\svchost.exe C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Asz.Citavi.IEPicker.IEPickerButton - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\WINDOWS\system32\mscoree.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Programme\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [GMX_GMX Upload-Manager] "C:\Programme\GMX\GMX Upload-Manager\DAVSRV.EXE" /hide O4 - HKCU\..\Run: [Google Update] "C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Exif Launcher 2.lnk = ? O4 - Global Startup: SmartUI.lnk = ? O8 - Extra context menu item: &Citavi Picker... - file://C:\Programme\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - C:\WINDOWS\system32\mscoree.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://***.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226004938779 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://***.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226358321562 O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{18764760-601F-4BDE-A773-78A0C5D65D84}: NameServer = 85.255.0.0,85.255.0.0 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.0.0,85.255.0.0 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.0.0,85.255.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.0.0,85.255.0.0 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL acaptuser32.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c98573e5bf52cf) (gupdate1c98573e5bf52cf) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- End of file - 12314 bytes malware logfile folgt. schon mal vielen Danke für die hilfe |
|
04.03.2009, 00:45
| #2 |
| | svchost fehler so. die meisten probleme sind wohl beseitigt. jetzt brauch ich nochmal jemanden der sich das neue log file anguckt.
__________________Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:41:02, on 04.03.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\a-squared Free\a2service.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Programme\Google\Update\GoogleUpdate.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\BRMFRSMG.EXE C:\Programme\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Programme\Winamp\Winampa.exe C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe C:\Programme\Scansoft\PaperPort\pptd40nt.exe C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\CameraFixer.exe C:\WINDOWS\vsnpstd.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\DAEMON Tools Lite\daemon.exe C:\Programme\GMX\GMX Upload-Manager\DAVSRV.EXE C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Programme\FinePixViewer\QuickDCF2.exe C:\Programme\Scansoft\PaperPort\SmartUI\SmartUI.exe C:\Programme\PC Connectivity Solution\ServiceLayer.exe C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ***://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ***://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ***://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ***://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Asz.Citavi.IEPicker.IEPickerButton - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\WINDOWS\system32\mscoree.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Programme\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [GMX_GMX Upload-Manager] "C:\Programme\GMX\GMX Upload-Manager\DAVSRV.EXE" /hide O4 - HKCU\..\Run: [Google Update] "C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Exif Launcher 2.lnk = ? O4 - Global Startup: SmartUI.lnk = ? O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - C:\WINDOWS\system32\mscoree.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL acaptuser32.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programme\a-squared Free\a2service.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c98573e5bf52cf) (gupdate1c98573e5bf52cf) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- End of file - 10124 bytes |
|
04.03.2009, 09:50
| #3 |
  | svchost fehler Du hattest eine Umleitung zu einem polnischen Server drin ( Eintrag 017 geht an AlphaNet Spolka z o.o.
__________________) was mich auf einen DNS Changer Trojan schließen lässt. Ich wunder mich hierbei, ich kenne solche Umleitungen nur zu ukrainischen Servern. Ich nehme an du hast das gefixt. Die Files werden aber noch da sein. Oder hast du die Verbindung eingerichtet ? Lad dir mal Gmer und installiere es. Hiernach postest du das Logfile.... Wichtig: Wenn du etwas fixt sollten auch deine Wiederherstellungspunkte deaktiviert sein und in Ordneroptionen versteckte und Systemdateien ausblenden aktiviert sein. Man muss alle files mit ihren entsprechenden Endungen sehen können. Fall du das nicht gemacht hast wird die Bedrohung mit an Sicherheit grenzender Wahrscheinlichkeit wiederkommen. Also hole dies als erstes nach. Lade bitte auch folgende Dateien bei Virustotal hoch und poste die Ergebnisse hier: Code:
ATTFilter C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\GMX\GMX Upload-Manager\DAVSRV.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
Geändert von Redwulf (04.03.2009 um 10:44 Uhr) |
|
04.03.2009, 11:09
| #4 |
| | svchost fehler hier schon mal das logfile: SSDT spoz.sys ZwCreateKey [0xBA6A80E0] SSDT spoz.sys ZwEnumerateKey [0xBA6C6CA2] SSDT spoz.sys ZwEnumerateValueKey [0xBA6C7030] SSDT spoz.sys ZwOpenKey [0xBA6A80C0] SSDT spoz.sys ZwQueryKey [0xBA6C7108] SSDT spoz.sys ZwQueryValueKey [0xBA6C6F88] SSDT spoz.sys ZwSetValueKey [0xBA6C719A] INT 0x62 ? 89CEFBF8 INT 0x63 ? 89B9CBF8 INT 0x83 ? 89CEFBF8 INT 0x83 ? 89CEFBF8 INT 0x83 ? 89B9CBF8 INT 0x83 ? 89CEFBF8 INT 0x94 ? 89B9CBF8 ---- Kernel code sections - GMER 1.0.14 ---- ? spoz.sys Das System kann die angegebene Datei nicht finden. ! .text USBPORT.SYS!DllUnload BA4808AC 5 Bytes JMP 89B9C1D8 .text as1a625c.SYS B9DE2386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ] .text as1a625c.SYS B9DE23AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text as1a625c.SYS B9DE23C4 3 Bytes [ 00, 70, 02 ] .text as1a625c.SYS B9DE23C9 1 Byte [ 2E ] .text as1a625c.SYS B9DE23CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ] .text ... ---- User code sections - GMER 1.0.14 ---- .text C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe[3124] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 05052422 C:\Programme\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google) .text C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe[3124] USER32.dll!MessageBoxA 7E3A07EA 5 Bytes JMP 050523CC C:\Programme\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google) .text C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe[3124] USER32.dll!MessageBoxW 7E3B6534 5 Bytes JMP 050523F7 C:\Programme\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google) ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spoz.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spoz.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spoz.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spoz.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spoz.sys IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B9048] spoz.sys IAT \SystemRoot\System32\Drivers\as1a625c.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC IAT \SystemRoot\System32\Drivers\as1a625c.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74 IAT \SystemRoot\System32\Drivers\as1a625c.SYS[HAL.dll!KeGetCurrentIrql] 57B80974 IAT \SystemRoot\System32\Drivers\as1a625c.SYS[HAL.dll!KfRaiseIrql] 8B000000 IAT \SystemRoot\System32\Drivers\as1a625c.SYS[HAL.dll!KfLowerIrql] 56C35DE5 IAT \SystemRoot\System32\Drivers\as1a625c.SYS[HAL.dll!HalGetInterruptVector] 8D08758B IAT \SystemRoot\System32\Drivers\as1a625c.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D IAT \SystemRoot\System32\Drivers\as1a625c.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55 IAT \SystemRoot\System32\Drivers\as1a625c.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D IAT \SystemRoot\System32\Drivers\as1a625c.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55 IAT \SystemRoot\System32\Drivers\as1a625c.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D IAT \SystemRoot\System32\Drivers\as1a625c.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455 IAT \SystemRoot\System32\Drivers\as1a625c.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856 IAT \SystemRoot\System32\Drivers\as1a625c.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520 IAT \SystemRoot\System32\Drivers\as1a625c.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185 ---- User IAT/EAT - GMER 1.0.14 ---- IAT C:\Programme\Skype\Phone\Skype.exe[2212] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\GMX\GMX Upload-Manager\ExplorerHook.dll (GMX Upload-Manager/GMX GmbH) IAT C:\WINDOWS\Explorer.EXE[2668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\GMX\GMX Upload-Manager\ExplorerHook.dll (GMX Upload-Manager/GMX GmbH) IAT C:\Programme\Winamp\Winampa.exe[2880] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\GMX\GMX Upload-Manager\ExplorerHook.dll (GMX Upload-Manager/GMX GmbH) IAT C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe[2888] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\GMX\GMX Upload-Manager\ExplorerHook.dll (GMX Upload-Manager/GMX GmbH) IAT C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe[2916] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\GMX\GMX Upload-Manager\ExplorerHook.dll (GMX Upload-Manager/GMX GmbH) IAT C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe[2988] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\GMX\GMX Upload-Manager\ExplorerHook.dll (GMX Upload-Manager/GMX GmbH) IAT C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3008] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\GMX\GMX Upload-Manager\ExplorerHook.dll (GMX Upload-Manager/GMX GmbH) IAT C:\WINDOWS\system32\RUNDLL32.EXE[3032] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\GMX\GMX Upload-Manager\ExplorerHook.dll (GMX Upload-Manager/GMX GmbH) IAT C:\PROGRA~1\AVG\AVG8\avgtray.exe[3104] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\GMX\GMX Upload-Manager\ExplorerHook.dll (GMX Upload-Manager/GMX GmbH) IAT C:\WINDOWS\system32\ctfmon.exe[3156] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\GMX\GMX Upload-Manager\ExplorerHook.dll (GMX Upload-Manager/GMX GmbH) IAT C:\Programme\Spybot - Search & Destroy\TeaTimer.exe[3188] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\GMX\GMX Upload-Manager\ExplorerHook.dll (GMX Upload-Manager/GMX GmbH) IAT C:\Programme\DAEMON Tools Lite\daemon.exe[3244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\GMX\GMX Upload-Manager\ExplorerHook.dll (GMX Upload-Manager/GMX GmbH) IAT C:\Programme\GMX\GMX Upload-Manager\DAVSRV.EXE[3396] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\GMX\GMX Upload-Manager\ExplorerHook.dll (GMX Upload-Manager/GMX GmbH) IAT C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe[3408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\GMX\GMX Upload-Manager\ExplorerHook.dll (GMX Upload-Manager/GMX GmbH) IAT C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe[3432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\GMX\GMX Upload-Manager\ExplorerHook.dll (GMX Upload-Manager/GMX GmbH) IAT C:\Programme\FinePixViewer\QuickDCF2.exe[3600] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\GMX\GMX Upload-Manager\ExplorerHook.dll (GMX Upload-Manager/GMX GmbH) IAT C:\Programme\Scansoft\PaperPort\SmartUI\SmartUI.exe[3700] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] [120013B0] C:\Programme\GMX\GMX Upload-Manager\ExplorerHook.dll (GMX Upload-Manager/GMX GmbH) ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 89CEE1F8 Device \FileSystem\Fastfat \FatCdrom 89596500 AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) Device \Driver\sptd \Device\3941986194 spoz.sys Device \Driver\usbohci \Device\USBPDO-0 89C391F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C7F1F8 Device \Driver\dmio \Device\DmControl\DmConfig 89C7F1F8 Device \Driver\dmio \Device\DmControl\DmPnP 89C7F1F8 Device \Driver\dmio \Device\DmControl\DmInfo 89C7F1F8 Device \Driver\usbehci \Device\USBPDO-1 89B9B1F8 Device \Driver\usbohci \Device\USBPDO-2 89C391F8 Device \Driver\PCI_PNP1194 \Device\00000046 spoz.sys Device \Driver\usbehci \Device\USBPDO-3 89B9B1F8 AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) Device \Driver\Ftdisk \Device\HarddiskVolume1 89CF01F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 89CF01F8 Device \Driver\Cdrom \Device\CdRom0 89BFD1F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 89CF01F8 Device \Driver\Cdrom \Device\CdRom1 89BFD1F8 Device \Driver\Cdrom \Device\CdRom2 89BFD1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8968E1F8 Device \Driver\NetBT \Device\NetbiosSmb 8968E1F8 |
|
04.03.2009, 11:10
| #5 |
| | svchost fehler teil2... AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) Device \Driver\NetBT \Device\NetBT_Tcpip_{18764760-601F-4BDE-A773-78A0C5D65D84} 8968E1F8 Device \Driver\usbohci \Device\USBFDO-0 89C391F8 Device \Driver\usbehci \Device\USBFDO-1 89B9B1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 896871F8 Device \Driver\usbohci \Device\USBFDO-2 89C391F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 896871F8 Device \Driver\usbehci \Device\USBFDO-3 89B9B1F8 Device \Driver\Ftdisk \Device\FtControl 89CF01F8 Device \Driver\as1a625c \Device\Scsi\as1a625c1 89BAC338 Device \Driver\as1a625c \Device\Scsi\as1a625c1Port4Path0Target0Lun0 89BAC338 Device \FileSystem\Fastfat \Fat 89596500 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 89577500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCE 0xA7 0xFA 0x50 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0xFC 0x42 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x56 0x00 0xA5 0x01 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB1 0x00 0x5E 0xD6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x66 0x4C 0xD0 0x90 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x0E 0x08 0x1E 0xCF ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCE 0xA7 0xFA 0x50 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0xFC 0x42 0x55 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x56 0x00 0xA5 0x01 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB1 0x00 0x5E 0xD6 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x66 0x4C 0xD0 0x90 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x0E 0x08 0x1E 0xCF ... |
|
04.03.2009, 11:21
| #6 |
| | svchost fehler die systemherstellung hab ich mit als erstes deaktiviert. das avg file ist weg, weil ich den virenscanner runtergeschmissen hab und einen anderen (zwischedurch) mal draufhatte. die anderen 3 files sind sauber. |
|
| Themen zu svchost fehler |
| avg free, bho, desktop, e-mail, excel, f-secure, fehler, firefox, google, google update, gupdate, hijackthis, hkus\s-1-5-18, home, hängen, internet, internet explorer, konvertieren, mozilla, object, pdf-datei, plug-in, scan, scanner finden nichts, software, solution, svchost, svchost.exe, system, trojaner, updates, windows, windows updates, windows xp |
Hybrid-Darstellung
