| |
| |||||||
Log-Analyse und Auswertung: Problem mit svchost.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.04.2009, 13:50
| #16 |
 |  Problem mit svchost.exe Silentrunners: http://www.speedshare.org/download.php?id=CDA10B3212 TCPView: Code:
ATTFilter [System Process]:0 TCP pcgary:1110 localhost:1670 TIME_WAIT
[System Process]:0 TCP pcgary:1052 localhost:1198 TIME_WAIT
[System Process]:0 TCP pcgary:1735 localhost:1110 TIME_WAIT
[System Process]:0 TCP pcgary:1734 207.46.198.249:http TIME_WAIT
[System Process]:0 TCP pcgary:1732 localhost:1110 TIME_WAIT
[System Process]:0 TCP pcgary:1110 localhost:1617 TIME_WAIT
[System Process]:0 TCP pcgary:1110 localhost:1739 TIME_WAIT
alg.exe:3480 TCP pcgary:1032 pcgary:0 LISTENING
avp.exe:144 TCP pcgary:1110 localhost:1748 ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1476 ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1459 ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1474 ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1473 ESTABLISHED
avp.exe:144 TCP pcgary:1479 a83-243-11-105.deploy.akamaitechnologies.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1463 ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1495 ESTABLISHED
avp.exe:144 TCP pcgary:1480 a83-243-11-105.deploy.akamaitechnologies.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1481 a83-243-11-105.deploy.akamaitechnologies.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1465 a83-243-11-105.deploy.akamaitechnologies.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1497 a83-243-11-105.deploy.akamaitechnologies.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1513 ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1593 ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1482 ESTABLISHED
avp.exe:144 TCP pcgary:1487 a83-243-11-104.deploy.akamaitechnologies.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1515 a83-243-11-105.deploy.akamaitechnologies.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1503 65.55.21.250:http ESTABLISHED
avp.exe:144 TCP pcgary:1484 a83-243-11-105.deploy.akamaitechnologies.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1485 ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1501 ESTABLISHED
avp.exe:144 TCP pcgary:1595 65.55.11.240:http ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1489 ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1744 ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1728 ESTABLISHED
avp.exe:144 TCP pcgary:1491 a83-243-11-105.deploy.akamaitechnologies.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1751 ESTABLISHED
avp.exe:144 TCP pcgary:1461 a83-243-11-105.deploy.akamaitechnologies.com:http ESTABLISHED
avp.exe:144 TCP pcgary:19780 pcgary:0 LISTENING
avp.exe:144 TCP pcgary:1110 pcgary:0 LISTENING
avp.exe:144 TCP pcgary:1730 wy-in-f100.google.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1753 ww-in-f154.google.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1746 ww-in-f154.google.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1750 ww-in-f154.google.com:http ESTABLISHED
firefox.exe:3384 TCP pcgary:1495 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1463 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1513 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1593 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1482 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1485 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1501 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1057 localhost:1058 ESTABLISHED
firefox.exe:3384 TCP pcgary:1058 localhost:1057 ESTABLISHED
firefox.exe:3384 TCP pcgary:1473 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1489 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1474 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1093 localhost:1092 ESTABLISHED
firefox.exe:3384 TCP pcgary:1459 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1092 localhost:1093 ESTABLISHED
firefox.exe:3384 TCP pcgary:1476 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1728 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1751 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1744 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1748 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1788 localhost:7005 SYN_SENT
firefox.exe:3384 TCP pcgary:1789 localhost:7005 SYN_SENT
firefox.exe:3384 TCP pcgary:1790 localhost:7005 SYN_SENT
jqs.exe:272 TCP pcgary:5152 localhost:1071 CLOSE_WAIT
jqs.exe:272 TCP pcgary:5152 pcgary:0 LISTENING
LogitechDesktopMessenger.exe:1844 UDP pcgary:9370 *:*
lsass.exe:1188 UDP pcgary:isakmp *:*
lsass.exe:1188 UDP pcgary:4500 *:*
MessengerDiscovery Live.exe:2760 TCP pcgary:1031 localhost:1030 CLOSE_WAIT
MessengerDiscovery Live.exe:2760 TCP pcgary:1045 localhost:1051 ESTABLISHED
MessengerDiscovery Live.exe:2760 TCP pcgary:1053 by2msg3020308.phx.gbl:1863 ESTABLISHED
MessengerDiscovery Live.exe:2760 TCP pcgary:1030 pcgary:0 LISTENING
MessengerDiscovery Live.exe:2760 TCP pcgary:1199 pcgary:0 LISTENING
msnmsgr.exe:2188 TCP pcgary:1051 localhost:1045 ESTABLISHED
msnmsgr.exe:2188 UDP pcgary:13184 *:*
msnmsgr.exe:2188 UDP pcgary:1043 *:*
msnmsgr.exe:2188 UDP pcgary:discard *:*
msnmsgr.exe:2188 UDP pcgary:1034 *:*
msnmsgr.exe:2188 UDP pcgary:24666 *:*
svchost.exe:1524 TCP pcgary:epmap pcgary:0 LISTENING
svchost.exe:1568 UDP pcgary:ntp *:*
svchost.exe:1568 UDP pcgary:ntp *:*
svchost.exe:1780 UDP pcgary:1900 *:*
svchost.exe:1780 UDP pcgary:1900 *:*
System:4 TCP pcgary:microsoft-ds pcgary:0 LISTENING
System:4 TCP pcgary:netbios-ssn pcgary:0 LISTENING
System:4 UDP pcgary:netbios-dgm *:*
System:4 UDP pcgary:netbios-ns *:*
System:4 UDP pcgary:microsoft-ds *:*
|
|
25.04.2009, 14:47
| #17 |
| /// Helfer-Team    | Problem mit svchost.exe So, und nun noch das gelöschte Verzeichnis wiederherstellen, am besten bevor irgendeine Software darüber ins Stolpern kommt, dass das Verzeichnis für temporäre Dateien im Benutzerprofil plötzlich fehlt
__________________ |
|
25.04.2009, 15:59
| #18 |
| | Problem mit svchost.exe Soll ich den Temp Ordner jetzt wieder herstellen?
__________________Und warum sollte ich ihn dann löschen...? |
|
25.04.2009, 20:40
| #19 |
 | Problem mit svchost.exe Hi, @KarlKarl: Hmm, wenn Apps wichtige Daten in Temp-Verzeichnissen ablegen die zum Arbeiten wichtig sind, dann gehört der Entwickler... Aber vielleicht sehe ich das ja falsch... Kurz und gut ich denke nicht das es zu Beeinträchtigungen kommt! Aber Du hast natürlich recht, wir sollten das Verzeichnis leer wieder anlegen lassen (Also Core bitte im Verzeichnis "C:\DOCUME~1\Gary_\LOCALS~1" einen leeren Ordner "Temp" anlegen, wenn nicht schon eines automatisch von 'Windows angelegt wurde...) Silentrunner zeigt etwas an, was mir nicht gefällt (und von der Sig einem Wurm entspricht, nur der Ort wäre "falsch"): C:\Program Files\Samsung\Samsung PC Studio 3\Share_autoplay.exe, bitte online prüfen (kennst Du ja jetzt schon) und Ergebnis posten... Wann hast Du denn den Styler installiert (StylerTB.dll)...? Den Verbindung kann ich nichts ungewöhnliches entnehmen (TCPView)... Hat Prevx was gefunden...? Irgendwie ist nichts zu finden, aber vielleicht hat ja Karl noch eine Idee... Lade dir Lop S&D herunter. Führe Lop S&D.exe (http://eric.71.mespages.googlepages.com/LopSD.exe) per Doppelklick aus. Wähle die Sprache deiner Wahl und anschließend die Option 1 (Suche) Warte bis der Scanbericht erstellt wird (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen) (Sollte dein Desktop verschwinden, drücke bitte Ctrl + Alt + Suppr um den Taskmanager zu starten. Wähle unter Datei, neuen Task aus und gib dort explorer.exe ein) chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) Geändert von Chris4You (25.04.2009 um 21:13 Uhr) |
|
25.04.2009, 21:29
| #20 | |||||
| | Problem mit svchost.exeZitat:
Zitat:
Zitat:
 Weiß nichtmal wozu die gut sein soll. (Vielleicht Vista Style?)Zitat:
Zitat:
|
|
25.04.2009, 21:35
| #21 |
| | Problem mit svchost.exe LopR: Code:
ATTFilter --------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz )
BIOS : BIOS Date: 07/03/07 20:14:02 Ver: 08.00.12
USER : Gary_ ( Administrator )
BOOT : Normal boot
Antivirus : NOD32 antivirus system 2.51 2.51 (Activated)
Firewall : Kaspersky Security Suite CBE 7.0.1.325 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:465 Go (Free:218 Go)
D:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)
G:\ (USB) - FAT - Total:955 Mo (Free:0 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 25.04.2009|22:23 )
--------------------\\ Ordner Verzeichnis unter APPLIC~1
[01.12.2007|19:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[0|Datei(en)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bytes
[3|Verzeichnis(se),] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bytes frei
[04.03.2009|00:16] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe
[27.02.2009|15:03] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe Systems
[10.08.2008|23:35] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Age of Empires 3
[28.12.2007|14:40] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Ahead
[21.04.2009|22:07] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\AVS4YOU
[27.02.2009|15:51] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Azureus
[05.02.2009|15:21] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\DAEMON Tools Lite
[28.02.2009|14:10] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\DAEMON Tools Pro
[10.05.2008|15:12] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Firefly Studios
[04.03.2009|00:18] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FLEXnet
[29.11.2008|22:05] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FreeDownloadManager.ORG
[13.06.2008|19:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Installations
[17.02.2008|13:34] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\InstallShield
[25.04.2009|14:36] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab
[31.03.2008|21:56] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
[22.08.2008|15:56] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Logishrd
[01.09.2008|23:07] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Logitech
[21.04.2009|17:29] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Malwarebytes
[03.04.2008|13:49] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Messenger Plus!
[20.04.2009|22:48] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft
[15.03.2009|13:51] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Games
[22.04.2009|22:17] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Help
[18.01.2008|22:32] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nokia
[06.12.2007|16:06] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PC Suite
[25.04.2009|13:26] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PrevxCSI
[02.12.2007|22:31] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Skype
[28.02.2009|14:32] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sony
[21.04.2009|15:20] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
[25.04.2009|22:06] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SwiftKit
[20.06.2008|19:30] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Tages
[03.04.2009|12:45] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
[19.04.2009|20:00] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
[26.01.2008|17:44] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WinZip
[21.12.2008|00:25] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WLInstaller
[0|Datei(en)] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Bytes
[36|Verzeichnis(se),] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Bytes frei
[01.12.2007|18:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|Datei(en)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Bytes
[3|Verzeichnis(se),] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Bytes frei
[01.12.2007|21:10] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Microsoft
[0|Datei(en)] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Bytes
[3|Verzeichnis(se),] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Bytes frei
[04.03.2009|00:30] C:\DOCUME~1\Gary_\APPLIC~1\Adobe
[22.04.2009|22:29] C:\DOCUME~1\Gary_\APPLIC~1\Audacity
[21.04.2009|22:07] C:\DOCUME~1\Gary_\APPLIC~1\AVS4YOU
[27.02.2009|15:52] C:\DOCUME~1\Gary_\APPLIC~1\Azureus
[01.04.2009|13:53] C:\DOCUME~1\Gary_\APPLIC~1\BitTorrent
[31.07.2008|18:20] C:\DOCUME~1\Gary_\APPLIC~1\Codemasters
[05.02.2009|15:22] C:\DOCUME~1\Gary_\APPLIC~1\DAEMON Tools
[05.02.2009|15:17] C:\DOCUME~1\Gary_\APPLIC~1\DAEMON Tools Lite
[28.02.2009|14:10] C:\DOCUME~1\Gary_\APPLIC~1\DAEMON Tools Pro
[17.03.2009|01:11] C:\DOCUME~1\Gary_\APPLIC~1\DivX
[09.02.2009|16:28] C:\DOCUME~1\Gary_\APPLIC~1\DNA
[03.08.2008|23:14] C:\DOCUME~1\Gary_\APPLIC~1\EasyMangosHandler
[08.04.2009|14:18] C:\DOCUME~1\Gary_\APPLIC~1\FOG Downloader
[04.12.2008|23:38] C:\DOCUME~1\Gary_\APPLIC~1\Free Download Manager
[03.08.2008|02:25] C:\DOCUME~1\Gary_\APPLIC~1\GrabPro
[28.02.2009|14:05] C:\DOCUME~1\Gary_\APPLIC~1\Hamachi
[04.03.2009|22:53] C:\DOCUME~1\Gary_\APPLIC~1\HiYo
[27.10.2008|17:27] C:\DOCUME~1\Gary_\APPLIC~1\ICQ
[31.07.2008|01:32] C:\DOCUME~1\Gary_\APPLIC~1\Identities
[01.09.2008|23:05] C:\DOCUME~1\Gary_\APPLIC~1\InstallShield
[05.03.2009|14:06] C:\DOCUME~1\Gary_\APPLIC~1\InstallShield Installation Information
[22.08.2008|16:00] C:\DOCUME~1\Gary_\APPLIC~1\Leadertech
[16.04.2009|13:59] C:\DOCUME~1\Gary_\APPLIC~1\LimeWire
[01.09.2008|23:07] C:\DOCUME~1\Gary_\APPLIC~1\Logitech
[15.10.2008|18:05] C:\DOCUME~1\Gary_\APPLIC~1\Macromedia
[21.04.2009|17:29] C:\DOCUME~1\Gary_\APPLIC~1\Malwarebytes
[21.04.2009|14:38] C:\DOCUME~1\Gary_\APPLIC~1\Microsoft
[15.03.2009|13:50] C:\DOCUME~1\Gary_\APPLIC~1\Microsoft Game Studios
[09.01.2009|21:22] C:\DOCUME~1\Gary_\APPLIC~1\Mozilla
[31.07.2008|02:31] C:\DOCUME~1\Gary_\APPLIC~1\MSNInstaller
[31.07.2008|02:31] C:\DOCUME~1\Gary_\APPLIC~1\Nokia
[31.07.2008|02:31] C:\DOCUME~1\Gary_\APPLIC~1\Nokia Multimedia Player
[31.07.2008|02:31] C:\DOCUME~1\Gary_\APPLIC~1\Opera
[04.08.2008|17:17] C:\DOCUME~1\Gary_\APPLIC~1\Orbit
[31.07.2008|02:31] C:\DOCUME~1\Gary_\APPLIC~1\PC Suite
[28.02.2009|14:36] C:\DOCUME~1\Gary_\APPLIC~1\Publish Providers
[18.02.2009|21:27] C:\DOCUME~1\Gary_\APPLIC~1\Red Alert 3
[17.01.2009|21:09] C:\DOCUME~1\Gary_\APPLIC~1\Reloop
[31.07.2008|02:31] C:\DOCUME~1\Gary_\APPLIC~1\SecuROM
[13.02.2009|17:59] C:\DOCUME~1\Gary_\APPLIC~1\Sierra Entertainment
[29.12.2008|12:47] C:\DOCUME~1\Gary_\APPLIC~1\Skype
[29.12.2008|07:24] C:\DOCUME~1\Gary_\APPLIC~1\skypePM
[28.02.2009|14:41] C:\DOCUME~1\Gary_\APPLIC~1\Sony
[19.10.2008|12:25] C:\DOCUME~1\Gary_\APPLIC~1\SPORE
[31.07.2008|01:52] C:\DOCUME~1\Gary_\APPLIC~1\Styler
[31.07.2008|02:30] C:\DOCUME~1\Gary_\APPLIC~1\Sun
[31.07.2008|02:30] C:\DOCUME~1\Gary_\APPLIC~1\SystemRequirementsLab
[19.04.2009|20:09] C:\DOCUME~1\Gary_\APPLIC~1\teamspeak2
[20.12.2008|23:37] C:\DOCUME~1\Gary_\APPLIC~1\TeamViewer
[31.07.2008|02:29] C:\DOCUME~1\Gary_\APPLIC~1\Ubisoft
[16.03.2009|14:55] C:\DOCUME~1\Gary_\APPLIC~1\uTorrent
[31.07.2008|01:53] C:\DOCUME~1\Gary_\APPLIC~1\ViStart
[27.03.2009|18:33] C:\DOCUME~1\Gary_\APPLIC~1\Winamp
[31.07.2008|02:12] C:\DOCUME~1\Gary_\APPLIC~1\WinRAR
[11.02.2009|23:16] C:\DOCUME~1\Gary_\APPLIC~1\Xfire
[28.02.2009|03:10] C:\DOCUME~1\Gary_\APPLIC~1\YuLeech
[0|Datei(en)] C:\DOCUME~1\Gary_\APPLIC~1\Bytes
[58|Verzeichnis(se),] C:\DOCUME~1\Gary_\APPLIC~1\Bytes frei
[01.12.2007|18:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|Datei(en)] C:\DOCUME~1\LOCALS~1\APPLIC~1\Bytes
[3|Verzeichnis(se),] C:\DOCUME~1\LOCALS~1\APPLIC~1\Bytes frei
[01.12.2007|21:10] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Microsoft
[26.01.2008|12:32] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\TeamViewer
[0|Datei(en)] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Bytes
[4|Verzeichnis(se),] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Bytes frei
[01.12.2007|18:20] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|Datei(en)] C:\DOCUME~1\NETWOR~1\APPLIC~1\Bytes
[3|Verzeichnis(se),] C:\DOCUME~1\NETWOR~1\APPLIC~1\Bytes frei
[01.12.2007|21:10] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\Microsoft
[30.11.2008|13:41] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\Xfire
[0|Datei(en)] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\Bytes
[4|Verzeichnis(se),] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\Bytes frei
--------------------\\ Geplante Aufgaben unter C:\WINDOWS\Tasks
[25.04.2009 14:34][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04.08.2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Ordner Verzeichnis unter C:\Program Files
[21.04.2009|14:57] C:\Program Files\Acoustica Beatcraft
[17.03.2009|23:49] C:\Program Files\Acoustica Shared Effects
[04.03.2009|00:15] C:\Program Files\Adobe
[04.03.2009|00:12] C:\Program Files\Adobe Media Player
[15.03.2009|21:04] C:\Program Files\AGEIA Technologies
[08.03.2009|18:58] C:\Program Files\alaplaya
[08.02.2009|21:48] C:\Program Files\Anno 1701
[14.02.2009|16:18] C:\Program Files\ASUS
[01.12.2007|18:44] C:\Program Files\Attansic
[27.06.2008|19:13] C:\Program Files\Audacity 1.3 Beta (Unicode)
[13.03.2009|18:29] C:\Program Files\AviSynth 2.5
[21.04.2009|22:10] C:\Program Files\AVS4YOU
[12.02.2009|15:37] C:\Program Files\Bethesda Softworks
[07.02.2009|12:51] C:\Program Files\BitTorrent
[13.12.2008|16:22] C:\Program Files\Cabal Online
[17.02.2008|15:27] C:\Program Files\CAPCOM
[21.04.2009|15:15] C:\Program Files\CCleaner
[25.04.2009|14:35] C:\Program Files\cFosSpeed
[21.04.2009|22:07] C:\Program Files\Common Files
[28.02.2009|14:13] C:\Program Files\DAEMON Tools Pro
[24.01.2008|20:41] C:\Program Files\Debugging Tools for Windows
[06.12.2007|16:05] C:\Program Files\DIFX
[01.07.2008|17:22] C:\Program Files\DirectX
[13.03.2009|18:42] C:\Program Files\DivX
[08.02.2009|23:16] C:\Program Files\DNA
[08.09.2008|22:33] C:\Program Files\DsNET Corp
[05.03.2009|14:06] C:\Program Files\EA GAMES
[18.02.2009|18:54] C:\Program Files\Electronic Arts
[08.02.2008|01:34] C:\Program Files\eMule
[13.03.2009|18:27] C:\Program Files\eRightSoft
[20.04.2009|23:09] C:\Program Files\ESET
[10.05.2008|15:06] C:\Program Files\Firefly Studios
[29.11.2008|22:05] C:\Program Files\Free Download Manager
[07.07.2008|18:34] C:\Program Files\Game Cam V2
[18.12.2008|12:30] C:\Program Files\Gameforge4D
[24.12.2008|02:43] C:\Program Files\Garry's Mod 10 Dedicated Server
[22.02.2009|18:16] C:\Program Files\Hamachi
[01.03.2008|00:58] C:\Program Files\HyCam2
[16.03.2009|18:05] C:\Program Files\ICQ6
[06.04.2009|17:45] C:\Program Files\Image-Line
[06.04.2009|17:47] C:\Program Files\InstallShield Installation Information
[01.12.2007|18:32] C:\Program Files\Intel
[17.04.2009|19:03] C:\Program Files\Internet Explorer
[22.05.2008|19:17] C:\Program Files\Jasc Software Inc
[27.10.2008|22:15] C:\Program Files\Java
[20.04.2009|22:56] C:\Program Files\Kaspersky Lab
[31.03.2008|21:55] C:\Program Files\Lavasoft
[31.07.2008|16:51] C:\Program Files\LClock
[01.04.2009|15:11] C:\Program Files\LimeWire
[01.09.2008|23:05] C:\Program Files\Logitech
[21.04.2009|17:29] C:\Program Files\Malwarebytes' Anti-Malware
[17.08.2008|02:42] C:\Program Files\Messenger
[26.03.2009|14:32] C:\Program Files\Messenger Plus! Live
[12.04.2009|02:54] C:\Program Files\MessengerDiscovery
[22.04.2009|20:58] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[01.12.2007|18:20] C:\Program Files\microsoft frontpage
[15.03.2009|15:10] C:\Program Files\Microsoft Games
[10.02.2009|16:22] C:\Program Files\Microsoft Games for Windows - LIVE
[20.04.2009|22:49] C:\Program Files\Microsoft Office
[27.02.2009|14:53] C:\Program Files\Microsoft Silverlight
[18.03.2009|20:05] C:\Program Files\Microsoft SQL Server
[20.04.2009|22:49] C:\Program Files\Microsoft Visual Studio
[20.04.2009|22:46] C:\Program Files\Microsoft Visual Studio 8
[20.04.2009|22:49] C:\Program Files\Microsoft Works
[10.12.2008|19:55] C:\Program Files\Microsoft Xbox 360 Accessories
[20.04.2009|22:48] C:\Program Files\Microsoft.NET
[23.10.2008|20:35] C:\Program Files\Movie Maker
[25.04.2009|19:41] C:\Program Files\Mozilla Firefox
[20.04.2009|22:49] C:\Program Files\MSBuild
[15.02.2009|21:09] C:\Program Files\MSECache
[20.07.2008|17:26] C:\Program Files\MSN
[01.12.2007|18:17] C:\Program Files\MSN Gaming Zone
[13.11.2008|20:00] C:\Program Files\MSXML 4.0
[13.11.2008|20:01] C:\Program Files\MSXML 6.0
[21.08.2008|14:27] C:\Program Files\NetMeeting
[13.06.2008|19:28] C:\Program Files\Nokia
[01.12.2007|18:17] C:\Program Files\Online Services
[29.04.2008|23:01] C:\Program Files\Opera
[04.08.2008|17:17] C:\Program Files\Orbitdownloader
[31.07.2008|16:19] C:\Program Files\Outlook Express
[17.03.2009|15:10] C:\Program Files\Outsim
[29.08.2008|01:40] C:\Program Files\Paint.NET
[02.01.2008|15:17] C:\Program Files\PC Connectivity Solution
[27.02.2009|16:06] C:\Program Files\PowerISO
[22.04.2009|23:01] C:\Program Files\Prevx
[01.12.2007|21:23] C:\Program Files\Realtek
[08.11.2008|19:58] C:\Program Files\Reference Assemblies
[17.01.2009|21:08] C:\Program Files\Reloop Attack
[20.04.2009|17:29] C:\Program Files\Runes Of Magic
[06.11.2008|20:05] C:\Program Files\Samsung
[13.02.2009|17:51] C:\Program Files\Sierra Entertainment
[05.07.2008|18:22] C:\Program Files\Silkroad
[02.12.2007|22:31] C:\Program Files\Skype
[22.05.2008|15:14] C:\Program Files\Software Informer
[28.02.2009|14:32] C:\Program Files\Sony
[28.02.2009|14:32] C:\Program Files\Sony Setup
[05.10.2008|13:59] C:\Program Files\Spore
[23.02.2009|21:17] C:\Program Files\Spybot - Search & Destroy
[19.03.2008|11:59] C:\Program Files\Spyware Terminator
[25.04.2009|14:35] C:\Program Files\Steam
[31.07.2008|16:51] C:\Program Files\Styler
[27.10.2008|22:16] C:\Program Files\Sun
[25.04.2009|22:06] C:\Program Files\SwiftKit
[09.09.2008|00:39] C:\Program Files\SwiftSwitch
[02.09.2008|00:26] C:\Program Files\SystemRequirementsLab
[02.12.2007|00:24] C:\Program Files\Teamspeak2_RC2
[20.12.2008|23:37] C:\Program Files\TeamViewer
[24.02.2009|15:17] C:\Program Files\The Witcher
[07.02.2009|01:53] C:\Program Files\Thoosje Vista Sidebar
[22.01.2008|21:14] C:\Program Files\Trend Micro
[31.07.2008|16:51] C:\Program Files\TrueTransparency
[19.06.2008|19:43] C:\Program Files\TubeTilla
[27.06.2008|18:51] C:\Program Files\Ubisoft
[01.12.2007|18:24] C:\Program Files\Uninstall Information
[07.02.2008|19:01] C:\Program Files\Unreal Tournament 3 (LG)
[31.07.2008|16:51] C:\Program Files\ViOrb
[18.04.2009|17:00] C:\Program Files\VirtualDJ
[21.08.2008|13:46] C:\Program Files\Vista Sidebar
[31.08.2008|01:13] C:\Program Files\ViStart
[31.07.2008|16:51] C:\Program Files\VisualTooltip
[17.03.2009|16:19] C:\Program Files\VstPlugins
[03.08.2008|23:46] C:\Program Files\WarRock
[10.04.2009|14:25] C:\Program Files\Winamp
[07.02.2009|15:46] C:\Program Files\Windows Journal Viewer
[20.12.2008|22:45] C:\Program Files\Windows Live
[01.12.2007|23:56] C:\Program Files\Windows Live Favorites
[20.12.2008|22:21] C:\Program Files\Windows Live SkyDrive
[20.12.2008|22:23] C:\Program Files\Windows Live Toolbar
[13.03.2009|18:47] C:\Program Files\Windows Media Connect 2
[13.03.2009|18:47] C:\Program Files\Windows Media Player
[28.07.2008|00:02] C:\Program Files\Windows NT
[01.12.2007|18:19] C:\Program Files\WindowsUpdate
[31.07.2008|16:51] C:\Program Files\WinFlip
[26.01.2008|17:44] C:\Program Files\WinRAR
[22.03.2008|00:40] C:\Program Files\WowCartographe
[01.12.2007|18:20] C:\Program Files\xerox
[14.02.2009|14:08] C:\Program Files\Xfire
[10.04.2009|01:11] C:\Program Files\Xvid
[03.01.2008|14:01] C:\Program Files\Yusho Frogster Games
[0|Datei(en)] C:\Program Files\Bytes
[141|Verzeichnis(se),] C:\Program Files\Bytes frei
--------------------\\ Ordner Verzeichnis unter C:\Program Files\Common Files
[04.03.2009|00:22] C:\Program Files\Common Files\Adobe
[04.03.2009|00:10] C:\Program Files\Common Files\Adobe AIR
[27.02.2009|15:01] C:\Program Files\Common Files\Adobe Systems Shared
[21.04.2009|22:10] C:\Program Files\Common Files\AVSMedia
[15.09.2008|01:46] C:\Program Files\Common Files\Blizzard Entertainment
[20.04.2009|22:49] C:\Program Files\Common Files\DESIGNER
[13.03.2009|18:40] C:\Program Files\Common Files\DivX Shared
[24.08.2008|18:59] C:\Program Files\Common Files\Download Manager
[10.04.2009|00:49] C:\Program Files\Common Files\G DATA
[09.08.2008|03:31] C:\Program Files\Common Files\INCA Shared
[22.05.2008|19:11] C:\Program Files\Common Files\InstallShield
[02.12.2007|00:26] C:\Program Files\Common Files\Java
[04.01.2009|19:49] C:\Program Files\Common Files\LogiShared
[27.10.2008|21:50] C:\Program Files\Common Files\logishrd
[30.01.2009|19:37] C:\Program Files\Common Files\Logitech
[04.03.2009|00:07] C:\Program Files\Common Files\Macrovision Shared
[20.04.2009|22:53] C:\Program Files\Common Files\Microsoft Shared
[01.12.2007|18:18] C:\Program Files\Common Files\MSSoap
[28.12.2007|14:41] C:\Program Files\Common Files\Nero
[13.06.2008|19:28] C:\Program Files\Common Files\Nokia
[26.03.2009|15:08] C:\Program Files\Common Files\NSV
[01.12.2007|19:03] C:\Program Files\Common Files\ODBC
[02.01.2008|15:17] C:\Program Files\Common Files\PCSuite
[01.12.2007|18:18] C:\Program Files\Common Files\Services
[02.12.2007|22:31] C:\Program Files\Common Files\Skype
[01.12.2007|19:03] C:\Program Files\Common Files\SpeechEngines
[24.07.2008|22:59] C:\Program Files\Common Files\Symantec Shared
[20.04.2009|22:46] C:\Program Files\Common Files\System
[03.03.2008|22:41] C:\Program Files\Common Files\Thraex Software
[20.12.2008|22:12] C:\Program Files\Common Files\Windows Live
[01.12.2007|23:55] C:\Program Files\Common Files\WindowsLiveInstaller
[15.03.2009|21:04] C:\Program Files\Common Files\Wise Installation Wizard
[0|Datei(en)] C:\Program Files\Common Files\Bytes
[34|Verzeichnis(se),] C:\Program Files\Common Files\Bytes frei
--------------------\\ Process
( 38 Processes )
... OK !
--------------------\\ Ueberpruefung mit S_Lop
Kein Lop Ordner gefunden !
--------------------\\ Suche nach Lop Dateien - Ordnern
C:\Program Files\Orbitdownloader
C:\Program Files\Orbitdownloader\addons
--------------------\\ Suche innerhalb der Registry
..... OK !
--------------------\\ Ueberpruefung der Hosts Datei
Hosts Datei VERAENDERT
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD
-> 10455 [ 70 ## added by CiD ]
/!\ 3 Not 127.0.0.1 !!
--------------------\\ Suche nach verborgenen Dateien mit Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 22:29:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 26
--------------------\\ Suche nach anderen Infektionen
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Gary_\Eigene Dateien\Verlauf\Dezember 2008\crackhead1992@sms.at.html
C:\DOCUME~1\Gary_\Eigene Dateien\Verlauf\September 2008\crackhead1992@sms.at.html
C:\DOCUME~1\Gary_\My Documents\Meine empfangenen Dateien\jakdax54180455327\Verlauf\crackhead19922847965529.xml
[F:35][D:5]-> C:\DOCUME~1\Gary_\LOCALS~1\Temp
[F:4][D:0]-> C:\DOCUME~1\Gary_\Cookies
[F:9][D:6]-> C:\DOCUME~1\Gary_\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 25.04.2009|22:33 - Option : [1]
--------------------\\ Scan beendet um 22:33:53
|
|
26.04.2009, 14:19
| #22 |
| /// Helfer-Team | Problem mit svchost.exe Wichtige Dateien im Temp-Ordner sind schon ok, solange die Wichtigkeit ihre Grenze im nächsten Neustart hat. Ich kenne da einen Virenscanner, dessen Programmierer die Dateien für das Update auf die neue Version im Temp-Ordner einen Neustart lang aufbewahren wollen, das ist wirklich dumm. Es gibt ja auch Systeme, auf denen diese Ordner mit jedem Neustart automatisch geleert werden. Hier aber ist eine Software (Daemon Tools), die allerlei Geheimniskrämerei betreibt, damit z.B. ein Kopierschutz nicht mitbekommt, dass anstelle der Original-CD nur irgendein (ev. vom Esel gefallenes) Image benutzt wird. Also legt sie ihren Treiber nicht im Treiber-Verzeichnis ab, sondern schreibt ihn beim Start in den Temp-Ordner, lädt ihn von dort in den Speicher und löscht die nicht mehr benötigte und verräterische Datei sofort wieder. Für solche Zwecke ist ein Temp-Ordner gedacht. Immerhin haben die Windows-Entwickler mit solchen Foren gerechnet und ein sehr stabiles selbstreparierendes System erstellt. Den Inhalt des temp-Ordners löschen ok, aber nicht gleich den Ordner selber. |
|
27.04.2009, 15:12
| #23 |
| | Problem mit svchost.exe Hi, starte LopSD noch mal und wähle Option 2 aus... Eventuell musst Du dann noch mal WOW-spezifische Einträge vornehmen... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
27.04.2009, 16:28
| #24 |
| | Problem mit svchost.exe Nochmal LopR^^ Code:
ATTFilter --------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz )
BIOS : BIOS Date: 07/03/07 20:14:02 Ver: 08.00.12
USER : Gary_ ( Administrator )
BOOT : Normal boot
Antivirus : NOD32 antivirus system 2.51 2.51 (Activated)
Firewall : Kaspersky Security Suite CBE 7.0.1.325 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:465 Go (Free:218 Go)
D:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)
G:\ (USB) - FAT - Total:955 Mo (Free:0 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 27.04.2009|16:51 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX
Geloescht ! - C:\Program Files\Orbitdownloader\addons
Geloescht ! - C:\Program Files\Orbitdownloader
-
[ Hosts Datei ] .. Wiederhergestellt
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Ordner Verzeichnis unter APPLIC~1
[01.12.2007|19:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[0|Datei(en)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bytes
[3|Verzeichnis(se),] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bytes frei
[04.03.2009|00:16] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe
[27.02.2009|15:03] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe Systems
[10.08.2008|23:35] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Age of Empires 3
[28.12.2007|14:40] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Ahead
[21.04.2009|22:07] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\AVS4YOU
[27.02.2009|15:51] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Azureus
[05.02.2009|15:21] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\DAEMON Tools Lite
[28.02.2009|14:10] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\DAEMON Tools Pro
[10.05.2008|15:12] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Firefly Studios
[04.03.2009|00:18] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FLEXnet
[29.11.2008|22:05] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FreeDownloadManager.ORG
[13.06.2008|19:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Installations
[17.02.2008|13:34] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\InstallShield
[27.04.2009|16:30] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab
[31.03.2008|21:56] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
[22.08.2008|15:56] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Logishrd
[01.09.2008|23:07] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Logitech
[21.04.2009|17:29] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Malwarebytes
[03.04.2008|13:49] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Messenger Plus!
[20.04.2009|22:48] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft
[15.03.2009|13:51] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Games
[22.04.2009|22:17] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Help
[18.01.2008|22:32] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nokia
[06.12.2007|16:06] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PC Suite
[25.04.2009|13:26] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PrevxCSI
[02.12.2007|22:31] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Skype
[28.02.2009|14:32] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sony
[21.04.2009|15:20] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
[20.06.2008|19:30] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Tages
[03.04.2009|12:45] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
[19.04.2009|20:00] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
[26.01.2008|17:44] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WinZip
[21.12.2008|00:25] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WLInstaller
[0|Datei(en)] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Bytes
[35|Verzeichnis(se),] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Bytes frei
[01.12.2007|18:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|Datei(en)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Bytes
[3|Verzeichnis(se),] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Bytes frei
[01.12.2007|21:10] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Microsoft
[0|Datei(en)] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Bytes
[3|Verzeichnis(se),] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Bytes frei
[04.03.2009|00:30] C:\DOCUME~1\Gary_\APPLIC~1\Adobe
[22.04.2009|22:29] C:\DOCUME~1\Gary_\APPLIC~1\Audacity
[21.04.2009|22:07] C:\DOCUME~1\Gary_\APPLIC~1\AVS4YOU
[27.02.2009|15:52] C:\DOCUME~1\Gary_\APPLIC~1\Azureus
[01.04.2009|13:53] C:\DOCUME~1\Gary_\APPLIC~1\BitTorrent
[31.07.2008|18:20] C:\DOCUME~1\Gary_\APPLIC~1\Codemasters
[05.02.2009|15:22] C:\DOCUME~1\Gary_\APPLIC~1\DAEMON Tools
[05.02.2009|15:17] C:\DOCUME~1\Gary_\APPLIC~1\DAEMON Tools Lite
[28.02.2009|14:10] C:\DOCUME~1\Gary_\APPLIC~1\DAEMON Tools Pro
[17.03.2009|01:11] C:\DOCUME~1\Gary_\APPLIC~1\DivX
[09.02.2009|16:28] C:\DOCUME~1\Gary_\APPLIC~1\DNA
[03.08.2008|23:14] C:\DOCUME~1\Gary_\APPLIC~1\EasyMangosHandler
[08.04.2009|14:18] C:\DOCUME~1\Gary_\APPLIC~1\FOG Downloader
[04.12.2008|23:38] C:\DOCUME~1\Gary_\APPLIC~1\Free Download Manager
[03.08.2008|02:25] C:\DOCUME~1\Gary_\APPLIC~1\GrabPro
[28.02.2009|14:05] C:\DOCUME~1\Gary_\APPLIC~1\Hamachi
[04.03.2009|22:53] C:\DOCUME~1\Gary_\APPLIC~1\HiYo
[27.10.2008|17:27] C:\DOCUME~1\Gary_\APPLIC~1\ICQ
[31.07.2008|01:32] C:\DOCUME~1\Gary_\APPLIC~1\Identities
[01.09.2008|23:05] C:\DOCUME~1\Gary_\APPLIC~1\InstallShield
[05.03.2009|14:06] C:\DOCUME~1\Gary_\APPLIC~1\InstallShield Installation Information
[22.08.2008|16:00] C:\DOCUME~1\Gary_\APPLIC~1\Leadertech
[16.04.2009|13:59] C:\DOCUME~1\Gary_\APPLIC~1\LimeWire
[01.09.2008|23:07] C:\DOCUME~1\Gary_\APPLIC~1\Logitech
[15.10.2008|18:05] C:\DOCUME~1\Gary_\APPLIC~1\Macromedia
[21.04.2009|17:29] C:\DOCUME~1\Gary_\APPLIC~1\Malwarebytes
[21.04.2009|14:38] C:\DOCUME~1\Gary_\APPLIC~1\Microsoft
[15.03.2009|13:50] C:\DOCUME~1\Gary_\APPLIC~1\Microsoft Game Studios
[09.01.2009|21:22] C:\DOCUME~1\Gary_\APPLIC~1\Mozilla
[31.07.2008|02:31] C:\DOCUME~1\Gary_\APPLIC~1\MSNInstaller
[31.07.2008|02:31] C:\DOCUME~1\Gary_\APPLIC~1\Nokia
[31.07.2008|02:31] C:\DOCUME~1\Gary_\APPLIC~1\Nokia Multimedia Player
[31.07.2008|02:31] C:\DOCUME~1\Gary_\APPLIC~1\Opera
[04.08.2008|17:17] C:\DOCUME~1\Gary_\APPLIC~1\Orbit
[31.07.2008|02:31] C:\DOCUME~1\Gary_\APPLIC~1\PC Suite
[28.02.2009|14:36] C:\DOCUME~1\Gary_\APPLIC~1\Publish Providers
[18.02.2009|21:27] C:\DOCUME~1\Gary_\APPLIC~1\Red Alert 3
[17.01.2009|21:09] C:\DOCUME~1\Gary_\APPLIC~1\Reloop
[31.07.2008|02:31] C:\DOCUME~1\Gary_\APPLIC~1\SecuROM
[13.02.2009|17:59] C:\DOCUME~1\Gary_\APPLIC~1\Sierra Entertainment
[25.04.2009|23:26] C:\DOCUME~1\Gary_\APPLIC~1\Skype
[25.04.2009|23:13] C:\DOCUME~1\Gary_\APPLIC~1\skypePM
[28.02.2009|14:41] C:\DOCUME~1\Gary_\APPLIC~1\Sony
[19.10.2008|12:25] C:\DOCUME~1\Gary_\APPLIC~1\SPORE
[31.07.2008|01:52] C:\DOCUME~1\Gary_\APPLIC~1\Styler
[31.07.2008|02:30] C:\DOCUME~1\Gary_\APPLIC~1\Sun
[31.07.2008|02:30] C:\DOCUME~1\Gary_\APPLIC~1\SystemRequirementsLab
[25.04.2009|23:19] C:\DOCUME~1\Gary_\APPLIC~1\teamspeak2
[20.12.2008|23:37] C:\DOCUME~1\Gary_\APPLIC~1\TeamViewer
[31.07.2008|02:29] C:\DOCUME~1\Gary_\APPLIC~1\Ubisoft
[16.03.2009|14:55] C:\DOCUME~1\Gary_\APPLIC~1\uTorrent
[31.07.2008|01:53] C:\DOCUME~1\Gary_\APPLIC~1\ViStart
[27.03.2009|18:33] C:\DOCUME~1\Gary_\APPLIC~1\Winamp
[31.07.2008|02:12] C:\DOCUME~1\Gary_\APPLIC~1\WinRAR
[11.02.2009|23:16] C:\DOCUME~1\Gary_\APPLIC~1\Xfire
[28.02.2009|03:10] C:\DOCUME~1\Gary_\APPLIC~1\YuLeech
[0|Datei(en)] C:\DOCUME~1\Gary_\APPLIC~1\Bytes
[58|Verzeichnis(se),] C:\DOCUME~1\Gary_\APPLIC~1\Bytes frei
[01.12.2007|18:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|Datei(en)] C:\DOCUME~1\LOCALS~1\APPLIC~1\Bytes
[3|Verzeichnis(se),] C:\DOCUME~1\LOCALS~1\APPLIC~1\Bytes frei
[01.12.2007|21:10] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Microsoft
[26.01.2008|12:32] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\TeamViewer
[0|Datei(en)] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Bytes
[4|Verzeichnis(se),] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Bytes frei
[01.12.2007|18:20] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|Datei(en)] C:\DOCUME~1\NETWOR~1\APPLIC~1\Bytes
[3|Verzeichnis(se),] C:\DOCUME~1\NETWOR~1\APPLIC~1\Bytes frei
[01.12.2007|21:10] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\Microsoft
[30.11.2008|13:41] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\Xfire
[0|Datei(en)] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\Bytes
[4|Verzeichnis(se),] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\Bytes frei
--------------------\\ Geplante Aufgaben unter C:\WINDOWS\Tasks
[27.04.2009 16:29][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04.08.2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Ordner Verzeichnis unter C:\Program Files
[21.04.2009|14:57] C:\Program Files\Acoustica Beatcraft
[17.03.2009|23:49] C:\Program Files\Acoustica Shared Effects
[04.03.2009|00:15] C:\Program Files\Adobe
[04.03.2009|00:12] C:\Program Files\Adobe Media Player
[15.03.2009|21:04] C:\Program Files\AGEIA Technologies
[08.03.2009|18:58] C:\Program Files\alaplaya
[08.02.2009|21:48] C:\Program Files\Anno 1701
[14.02.2009|16:18] C:\Program Files\ASUS
[01.12.2007|18:44] C:\Program Files\Attansic
[27.06.2008|19:13] C:\Program Files\Audacity 1.3 Beta (Unicode)
[13.03.2009|18:29] C:\Program Files\AviSynth 2.5
[21.04.2009|22:10] C:\Program Files\AVS4YOU
[12.02.2009|15:37] C:\Program Files\Bethesda Softworks
[07.02.2009|12:51] C:\Program Files\BitTorrent
[13.12.2008|16:22] C:\Program Files\Cabal Online
[17.02.2008|15:27] C:\Program Files\CAPCOM
[21.04.2009|15:15] C:\Program Files\CCleaner
[27.04.2009|16:30] C:\Program Files\cFosSpeed
[21.04.2009|22:07] C:\Program Files\Common Files
[28.02.2009|14:13] C:\Program Files\DAEMON Tools Pro
[24.01.2008|20:41] C:\Program Files\Debugging Tools for Windows
[06.12.2007|16:05] C:\Program Files\DIFX
[01.07.2008|17:22] C:\Program Files\DirectX
[13.03.2009|18:42] C:\Program Files\DivX
[08.02.2009|23:16] C:\Program Files\DNA
[08.09.2008|22:33] C:\Program Files\DsNET Corp
[05.03.2009|14:06] C:\Program Files\EA GAMES
[18.02.2009|18:54] C:\Program Files\Electronic Arts
[08.02.2008|01:34] C:\Program Files\eMule
[13.03.2009|18:27] C:\Program Files\eRightSoft
[20.04.2009|23:09] C:\Program Files\ESET
[10.05.2008|15:06] C:\Program Files\Firefly Studios
[29.11.2008|22:05] C:\Program Files\Free Download Manager
[07.07.2008|18:34] C:\Program Files\Game Cam V2
[18.12.2008|12:30] C:\Program Files\Gameforge4D
[24.12.2008|02:43] C:\Program Files\Garry's Mod 10 Dedicated Server
[22.02.2009|18:16] C:\Program Files\Hamachi
[01.03.2008|00:58] C:\Program Files\HyCam2
[16.03.2009|18:05] C:\Program Files\ICQ6
[06.04.2009|17:45] C:\Program Files\Image-Line
[06.04.2009|17:47] C:\Program Files\InstallShield Installation Information
[01.12.2007|18:32] C:\Program Files\Intel
[17.04.2009|19:03] C:\Program Files\Internet Explorer
[22.05.2008|19:17] C:\Program Files\Jasc Software Inc
[27.10.2008|22:15] C:\Program Files\Java
[20.04.2009|22:56] C:\Program Files\Kaspersky Lab
[31.03.2008|21:55] C:\Program Files\Lavasoft
[31.07.2008|16:51] C:\Program Files\LClock
[01.04.2009|15:11] C:\Program Files\LimeWire
[01.09.2008|23:05] C:\Program Files\Logitech
[21.04.2009|17:29] C:\Program Files\Malwarebytes' Anti-Malware
[17.08.2008|02:42] C:\Program Files\Messenger
[26.03.2009|14:32] C:\Program Files\Messenger Plus! Live
[12.04.2009|02:54] C:\Program Files\MessengerDiscovery
[22.04.2009|20:58] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[01.12.2007|18:20] C:\Program Files\microsoft frontpage
[15.03.2009|15:10] C:\Program Files\Microsoft Games
[10.02.2009|16:22] C:\Program Files\Microsoft Games for Windows - LIVE
[20.04.2009|22:49] C:\Program Files\Microsoft Office
[27.02.2009|14:53] C:\Program Files\Microsoft Silverlight
[18.03.2009|20:05] C:\Program Files\Microsoft SQL Server
[20.04.2009|22:49] C:\Program Files\Microsoft Visual Studio
[20.04.2009|22:46] C:\Program Files\Microsoft Visual Studio 8
[20.04.2009|22:49] C:\Program Files\Microsoft Works
[10.12.2008|19:55] C:\Program Files\Microsoft Xbox 360 Accessories
[20.04.2009|22:48] C:\Program Files\Microsoft.NET
[23.10.2008|20:35] C:\Program Files\Movie Maker
[27.04.2009|16:35] C:\Program Files\Mozilla Firefox
[20.04.2009|22:49] C:\Program Files\MSBuild
[15.02.2009|21:09] C:\Program Files\MSECache
[20.07.2008|17:26] C:\Program Files\MSN
[01.12.2007|18:17] C:\Program Files\MSN Gaming Zone
[13.11.2008|20:00] C:\Program Files\MSXML 4.0
[13.11.2008|20:01] C:\Program Files\MSXML 6.0
[21.08.2008|14:27] C:\Program Files\NetMeeting
[13.06.2008|19:28] C:\Program Files\Nokia
[01.12.2007|18:17] C:\Program Files\Online Services
[29.04.2008|23:01] C:\Program Files\Opera
[31.07.2008|16:19] C:\Program Files\Outlook Express
[17.03.2009|15:10] C:\Program Files\Outsim
[29.08.2008|01:40] C:\Program Files\Paint.NET
[02.01.2008|15:17] C:\Program Files\PC Connectivity Solution
[27.02.2009|16:06] C:\Program Files\PowerISO
[22.04.2009|23:01] C:\Program Files\Prevx
[01.12.2007|21:23] C:\Program Files\Realtek
[08.11.2008|19:58] C:\Program Files\Reference Assemblies
[17.01.2009|21:08] C:\Program Files\Reloop Attack
[20.04.2009|17:29] C:\Program Files\Runes Of Magic
[06.11.2008|20:05] C:\Program Files\Samsung
[13.02.2009|17:51] C:\Program Files\Sierra Entertainment
[05.07.2008|18:22] C:\Program Files\Silkroad
[02.12.2007|22:31] C:\Program Files\Skype
[22.05.2008|15:14] C:\Program Files\Software Informer
[28.02.2009|14:32] C:\Program Files\Sony
[28.02.2009|14:32] C:\Program Files\Sony Setup
[05.10.2008|13:59] C:\Program Files\Spore
[23.02.2009|21:17] C:\Program Files\Spybot - Search & Destroy
[19.03.2008|11:59] C:\Program Files\Spyware Terminator
[27.04.2009|16:30] C:\Program Files\Steam
[31.07.2008|16:51] C:\Program Files\Styler
[27.10.2008|22:16] C:\Program Files\Sun
[26.04.2009|12:34] C:\Program Files\SwiftKit
[09.09.2008|00:39] C:\Program Files\SwiftSwitch
[02.09.2008|00:26] C:\Program Files\SystemRequirementsLab
[02.12.2007|00:24] C:\Program Files\Teamspeak2_RC2
[20.12.2008|23:37] C:\Program Files\TeamViewer
[24.02.2009|15:17] C:\Program Files\The Witcher
[07.02.2009|01:53] C:\Program Files\Thoosje Vista Sidebar
[22.01.2008|21:14] C:\Program Files\Trend Micro
[31.07.2008|16:51] C:\Program Files\TrueTransparency
[19.06.2008|19:43] C:\Program Files\TubeTilla
[27.06.2008|18:51] C:\Program Files\Ubisoft
[01.12.2007|18:24] C:\Program Files\Uninstall Information
[07.02.2008|19:01] C:\Program Files\Unreal Tournament 3 (LG)
[31.07.2008|16:51] C:\Program Files\ViOrb
[18.04.2009|17:00] C:\Program Files\VirtualDJ
[21.08.2008|13:46] C:\Program Files\Vista Sidebar
[31.08.2008|01:13] C:\Program Files\ViStart
[31.07.2008|16:51] C:\Program Files\VisualTooltip
[17.03.2009|16:19] C:\Program Files\VstPlugins
[03.08.2008|23:46] C:\Program Files\WarRock
[10.04.2009|14:25] C:\Program Files\Winamp
[07.02.2009|15:46] C:\Program Files\Windows Journal Viewer
[20.12.2008|22:45] C:\Program Files\Windows Live
[01.12.2007|23:56] C:\Program Files\Windows Live Favorites
[20.12.2008|22:21] C:\Program Files\Windows Live SkyDrive
[20.12.2008|22:23] C:\Program Files\Windows Live Toolbar
[13.03.2009|18:47] C:\Program Files\Windows Media Connect 2
[13.03.2009|18:47] C:\Program Files\Windows Media Player
[28.07.2008|00:02] C:\Program Files\Windows NT
[01.12.2007|18:19] C:\Program Files\WindowsUpdate
[31.07.2008|16:51] C:\Program Files\WinFlip
[26.01.2008|17:44] C:\Program Files\WinRAR
[22.03.2008|00:40] C:\Program Files\WowCartographe
[01.12.2007|18:20] C:\Program Files\xerox
[14.02.2009|14:08] C:\Program Files\Xfire
[10.04.2009|01:11] C:\Program Files\Xvid
[03.01.2008|14:01] C:\Program Files\Yusho Frogster Games
[0|Datei(en)] C:\Program Files\Bytes
[140|Verzeichnis(se),] C:\Program Files\Bytes frei
--------------------\\ Ordner Verzeichnis unter C:\Program Files\Common Files
[04.03.2009|00:22] C:\Program Files\Common Files\Adobe
[04.03.2009|00:10] C:\Program Files\Common Files\Adobe AIR
[27.02.2009|15:01] C:\Program Files\Common Files\Adobe Systems Shared
[21.04.2009|22:10] C:\Program Files\Common Files\AVSMedia
[15.09.2008|01:46] C:\Program Files\Common Files\Blizzard Entertainment
[20.04.2009|22:49] C:\Program Files\Common Files\DESIGNER
[13.03.2009|18:40] C:\Program Files\Common Files\DivX Shared
[24.08.2008|18:59] C:\Program Files\Common Files\Download Manager
[10.04.2009|00:49] C:\Program Files\Common Files\G DATA
[09.08.2008|03:31] C:\Program Files\Common Files\INCA Shared
[22.05.2008|19:11] C:\Program Files\Common Files\InstallShield
[02.12.2007|00:26] C:\Program Files\Common Files\Java
[04.01.2009|19:49] C:\Program Files\Common Files\LogiShared
[27.10.2008|21:50] C:\Program Files\Common Files\logishrd
[30.01.2009|19:37] C:\Program Files\Common Files\Logitech
[04.03.2009|00:07] C:\Program Files\Common Files\Macrovision Shared
[20.04.2009|22:53] C:\Program Files\Common Files\Microsoft Shared
[01.12.2007|18:18] C:\Program Files\Common Files\MSSoap
[28.12.2007|14:41] C:\Program Files\Common Files\Nero
[13.06.2008|19:28] C:\Program Files\Common Files\Nokia
[26.03.2009|15:08] C:\Program Files\Common Files\NSV
[01.12.2007|19:03] C:\Program Files\Common Files\ODBC
[02.01.2008|15:17] C:\Program Files\Common Files\PCSuite
[01.12.2007|18:18] C:\Program Files\Common Files\Services
[02.12.2007|22:31] C:\Program Files\Common Files\Skype
[01.12.2007|19:03] C:\Program Files\Common Files\SpeechEngines
[24.07.2008|22:59] C:\Program Files\Common Files\Symantec Shared
[20.04.2009|22:46] C:\Program Files\Common Files\System
[03.03.2008|22:41] C:\Program Files\Common Files\Thraex Software
[20.12.2008|22:12] C:\Program Files\Common Files\Windows Live
[01.12.2007|23:55] C:\Program Files\Common Files\WindowsLiveInstaller
[15.03.2009|21:04] C:\Program Files\Common Files\Wise Installation Wizard
[0|Datei(en)] C:\Program Files\Common Files\Bytes
[34|Verzeichnis(se),] C:\Program Files\Common Files\Bytes frei
--------------------\\ Process
( 38 Processes )
... OK !
--------------------\\ Ueberpruefung mit S_Lop
Kein Lop Ordner gefunden !
--------------------\\ Suche nach Lop Dateien - Ordnern
Kein Lop Ordner gefunden !
--------------------\\ Suche innerhalb der Registry
..... OK !
--------------------\\ Ueberpruefung der Hosts Datei
Hosts Datei SAUBER
--------------------\\ Suche nach verborgenen Dateien mit Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 16:55:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 26
--------------------\\ Suche nach anderen Infektionen
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Gary_\Eigene Dateien\Verlauf\Dezember 2008\crackhead1992@sms.at.html
C:\DOCUME~1\Gary_\Eigene Dateien\Verlauf\September 2008\crackhead1992@sms.at.html
C:\DOCUME~1\Gary_\My Documents\Meine empfangenen Dateien\jakdax54180455327\Verlauf\crackhead19922847965529.xml
[F:70][D:3]-> C:\DOCUME~1\Gary_\LOCALS~1\Temp
[F:24][D:0]-> C:\DOCUME~1\Gary_\Cookies
[F:516][D:5]-> C:\DOCUME~1\Gary_\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 25.04.2009|22:33 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 27.04.2009|16:59 - Option : [2]
--------------------\\ Scan beendet um 16:59:44
|
|
28.04.2009, 06:26
| #25 |
| | Problem mit svchost.exe Hi, gut, mehr war nicht zu machen.... Was treibt der Rechner so? chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
02.05.2009, 13:05
| #26 |
| | Problem mit svchost.exe Tut mir Leid, hatte keine Zeit Bescheid zu sagen, dass ich für 3 Tage wegfahre... Wie dem auch sei, bin jetzt wieder da. Hm.. Was der Rechner so treibt. Er verbraucht momentan über 700MB Ram, obwohl ich nur das übliche am Laufen habe und die svchost.exe braucht mittlerweile nur noch ~40.000K. (Wenn ich das System starte jedoch über 90.000K, aber das ist doch normal oder?) Firefox verbraucht nach einiger Zeit ungewöhnliche ~137.000K und die explorer.exe verbraucht auch über 50.000K, früher jedoch nur rund 20.000-30.000K. Genauer gesagt, verbrauchen viele Programme in letzter Zeit fast das doppelte an RAM wie sonst immer. MSN z.B. jetzt auch über 60.000K, was ziemlich viel ist. liebe Grüße. |
|
03.05.2009, 21:24
| #27 |
| | Problem mit svchost.exe So, jetzt hab ich ein Problem. Entweder ist mir bei denen vielen Scans RAM kaputt gegangen oder ich weiß auch nicht was da passiert sein könnte. Mein PC ist jetzt sicher 3x so langsam wie immer. Booten und in's Konto einloggen geht zwar normal, aber dann um die ersten Programme (Msn, Steam, Kaspersky und halt Office bedingte Prozesse usw.) fängt der PC schon an zu laggen. Nach 3-5 Minuten möchte ich dann Mozilla öffnen, dies dauert auch schon fast 30 Sekunden. So, jetzt brauch ich auch noch seehr lange um irgendwelche Seiten zu laden. Ich in den Task-Manager: firefox.exe : 132.000K CPU Auslastung: 40-60% Zugesicherter Speicher: 700-800M Netzwerkauslastung: 0-1%. Hm, dann warte ich halt noch ein bisschen. Nach wenigem surfen geh ich nochmal in den Task-Manager: Auslastung: 70-80% Speicher: 1100M+. Task-Manager nochmal aus und schwupp, mein PC frierte ein. Und trotzdem liefen nur rund 36/40 Prozesse die schon seit Jahren immer laufen und sonst nur höchstens 450M brauchten. Hier nochmal ein HJThis Logfile, denn das stört mich aber jetzt. Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:24:24, on 03.05.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe C:\Program Files\cFosSpeed\spd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\cFosSpeed\cFosSpeed.exe C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\program files\steam\steam.exe C:\Program Files\ViOrb\ViOrb.exe C:\Program Files\LClock\lclock.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196537939125 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7D5FB560-D27D-4AE6-A755-498A71548401}: NameServer = 194.154.192.101,194.154.192.102 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:\WINDOWS\ATKKBService.exe (file missing) O23 - Service: Kaspersky Security Suite CBE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: G Data Tuner Service - Unknown owner - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9872 bytes Geändert von Core70 (03.05.2009 um 21:41 Uhr) |
|
04.05.2009, 06:32
| #28 |
| | Problem mit svchost.exe Hi, das HJ-Log ist sauber, daher sollten wir noch mal auf Rootkits prüfen.... Avira-Antirootkit Downloade Avira Antirootkit und Scanne dein system, poste das logfile. http://dl.antivir.de/down/windows/antivir_rootkit.zip Cureit http://www.trojaner-board.de/59299-anleitung-drweb-cureit.html Das Dir Dein "WoW" mitspielt, kannst Du ausschließen? chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
04.05.2009, 18:18
| #29 |
| | Problem mit svchost.exe Hm... WoW zock ich eigentlich selten/gar nicht. Und die Addons zu WoW kommen alle aus einer Datenbank von unserem Server die von unseren Admins und User die schon mind. 1 Jahr dort spielen hochgeladen werden. Ich zock es aber vielleicht mal 10 Minuten alle 3 Wochen... Und nach Rootkits suchen kann ich auch mit meinem Kaspersky, hab den auch schon mehrmals laufen gelassen, findet aber nie was. Soll ich trotzdem nochmal mit Avira scannen? Statement zu CureIT kommt bald. Edit: Für CureIT hab ich grad keine Zeit (Abgesicher Modus, stundenlanger Scan, das mache ich alles über Nacht.) Statement kommt also morgen^^ |
|
05.05.2009, 06:35
| #30 |
| | Problem mit svchost.exe Hi, lasse trotzdem mal Avira scannen, jedes Tool hat so seine Stärken und Schwächen... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu Problem mit svchost.exe |
| bho, browser, central, components, desktop, flash player, free download, g data, helper, hijack, hijackthis, hijackthis logfile, hkus\s-1-5-18, internet, internet explorer, kaspersky, logfile, object, plug-in, problem, security, security suite, senden, service pack 1, software, studio, svchost, svchost.exe, system, usb, vista, windows, windows internet, windows internet explorer, windows xp |
Linear-Darstellung
