|
Log-Analyse und Auswertung: conime.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.04.2009, 19:13 | #1 |
| conime.exe Hallo... Ich hoffe ihr könnt mir weiterhelfen. Seit ein paar Tagen lahmt mein PC, immer wieder hängt sich auch Firefox auf. Habe so eben auch schon einmal mein AntiVir durchlaufen lassen, aber dabei kam nichts raus. Ich bin normalerweise echt vorsichtig und keine auf alles was blinkt drückerin... überprüfe auch regelmäßig ob sich neue Prozesse im Taskmanager befinden, aber hatte bisher noch nie Probleme... und heute gugg ich wieder drin steht da eine conime.exe drin, habt ihre eine Ahnung was das ist? Habs schon mal in Google reingeworfen, und teilweise gehört es gehöre zu VISTA aber auch es könnte ein Keylogger oder ähnliches sein. Ich bin wirklich kein Held am Pc, also viell. könnt ihr mir helfen.... Vielen Dank schon mal! |
21.04.2009, 21:46 | #2 |
| conime.exe hm noch keiner eine idee? naja hab dawei mal wie bei "hilfesuchende" steht
__________________cc cleaner angewandt und Malwarebytes hier dazu mal das log oh man wie doof Malwarebytes' Anti-Malware 1.36 Datenbank Version: 2021 Windows 6.0.6001 Service Pack 1 21.04.2009 22:44:10 mbam-log-2009-04-21 (22-44-10).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 280003 Laufzeit: 2 hour(s), 1 minute(s), 51 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Program Files\ogg.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Program Files\vorbis.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Program Files\vorbisenc.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Program Files\vorbisfile.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. |
21.04.2009, 21:48 | #3 |
| conime.exe Poste mal bitte ein HijackThis Log.
__________________
__________________ |
22.04.2009, 08:16 | #4 |
| conime.exe Na klar, mach ich sofort wenn ich heute Abend wieder daheim bin.... Oh man hoffentlich ist das nichts schlimmes, danke schon mal... |
22.04.2009, 09:07 | #5 | |
| conime.exe [reinhüpft] Zitat:
Erstelle mit HijackThis eine Liste der installierten Programme Hijackthis starten --> klicke "Open the Misc Tool Section" --> klicke "Misc Tools" --> klicke "Open uninstall Manager" --> klicke "Save List" [/reinhüpft]
__________________ _____________________________________________ „Optimismus ist nur ein Mangel an Information.“ Heiner Müller Sicherheit?->Allgemeine Informationen Der Plural von Virus heisst "Vira"! virus(viri, n.) Substantiv O-Deklination Nom.pl/Akk.pl. |
22.04.2009, 16:00 | #6 |
| conime.exe Also hier mal das Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:59:42, on 22.04.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18226) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Winamp\winampa.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU) O13 - Gopher Prefix: O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldde-de.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196839374280 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.lokalisten.de/iup/ImageUploader4.cab O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1210015751 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.lokalisten.de/iup/ImageUploader4.cab O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 11233 bytes |
22.04.2009, 16:03 | #7 |
| conime.exe Lass zudem SUPERAntiSpyware laufen bitte. Ergebnis heir rein.
__________________ Avira Upgrade 10 ist auf dem Markt! Agressive Einstellung von Avira What goes around comes around! |
22.04.2009, 16:04 | #8 |
| conime.exe 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) Activation Assistant for the 2007 Microsoft Office suites Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Recommended Settings Adobe Color JA Extra Settings Adobe Color NA Extra Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Photoshop CS3 Adobe Reader 8.1.2 - Deutsch Adobe Setup Adobe Shockwave Player 11 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 ALDI Foto Manager Free Sued Apple Mobile Device Support Apple Software Update Ashampoo Photo Commander 5.41 Avira AntiVir Personal - Free Antivirus Bluetooth Stack for Windows by Toshiba CCleaner (remove only) Choice Guard Compatibility Pack für 2007 Office System CyberLink Power2Go CyberLink YouCam Das Neue Dr.Brain Gehirn Jogging ElsterFormular 2005/2006 Firebird SQL Server - MAGIX Edition Free YouTube to Mp3 Converter version 3.1 Genesys PC Camera Device GIMP 2.4.6 Google Earth Google Updater HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel(R) Matrix Storage Manager IrfanView (remove only) iTunes Java(TM) 6 Update 3 Letstrade MAGIX Xtreme Foto Designer 6 6.0.19.0 (D) MakeDisc Malwarebytes' Anti-Malware MediaShow MEDION Fotos auf CD Sued MEDIONbox Messenger Plus! Live Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB929729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft Office Excel MUI (German) 2007 Microsoft Office Home and Student 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable Microsoft Works Mozilla Firefox (3.0.8) MSVCRT MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) Müller Foto Nero 8 Essentials neroxml Norton Security Scan NVIDIA Drivers OpenOffice.org 2.4 PDF Settings PhotoNow! Picasa 3 PowerDirector PowerDVD PowerProducer QuickTime Ralink Wireless LAN Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Sceneo AbsolutTV Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB960003) Security Update for Microsoft Office Excel 2007 (KB959997) Security Update for Microsoft Office OneNote 2007 (KB950130) Security Update for Microsoft Office PowerPoint 2007 (KB951338) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office system 2007 (KB956828) Security Update for Microsoft Office Word 2007 (KB956358) Security Update for Visio 2007 (KB947590) Spybot - Search & Destroy Spyware Doctor 6.0 Synaptics Pointing Device Driver Systemsteuerung "MobileMe" TeamViewer 3 TVsweeper 3 Ulead PhotoImpact 12 Uninstall 1.0.0.1 Update for Microsoft Office Excel 2007 Help (KB957242) Update for Office 2007 (KB946691) VCRedistSetup Winamp Windows Live Anmelde-Assistent Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Essentials Windows Live Messenger Windows Live-Uploadtool Windows Media Player Firefox Plugin WinRAR X10 Hardware(TM) Xvid 1.1.3 final uninstall |
22.04.2009, 16:25 | #9 |
| conime.exe Dann nur noch den SUPERAntiSpyware log. Deinstaliere:
__________________ _____________________________________________ „Optimismus ist nur ein Mangel an Information.“ Heiner Müller Sicherheit?->Allgemeine Informationen Der Plural von Virus heisst "Vira"! virus(viri, n.) Substantiv O-Deklination Nom.pl/Akk.pl. |
22.04.2009, 16:52 | #10 |
| conime.exe Ok deinstalliere die beiden Programme schon mal, bei dem SUPERAntiSpyware hab ich ein bisschen Probleme Habs bereits 2 mal probiert, und er bleibt nach ner Zeit einfach hängen - dann geht erstmal nix mehr, weder task manager noch sowas, hilft nur noch strom weg -.- mach ich viell. was falsch? Versuchs jetzt noch mal Danke das ihr mir helft... |
22.04.2009, 17:21 | #11 |
| conime.exe Ehhh ja.... Wenn sich Superantidpyware aufhängt, würde ich es runter schmeißen. Dann einmal CCleaner laufen lassen, du hast es ja eh instaliert (denk an Updates) und dann SAS nochmal instalieren. Benutzt du Photoshop beruflich?
__________________ _____________________________________________ „Optimismus ist nur ein Mangel an Information.“ Heiner Müller Sicherheit?->Allgemeine Informationen Der Plural von Virus heisst "Vira"! virus(viri, n.) Substantiv O-Deklination Nom.pl/Akk.pl. |
22.04.2009, 18:50 | #12 | |
| conime.exe Also es hat sich wieder aufgehängt, komischerweise wieder an der gleichen Stelle, keine Ahnung, hatte auch schon was gefunden 8 TrackingCookies aber konnnte ja nix löschen ging gar nix mehr, als ich dann neue gestartet habe....wollte mein PC irgendwie eine Datenplattenprüfung keine Ahnung Oh man...und nun? hat noch jemand ne idee? bin echt ratlos Zitat:
|
22.04.2009, 18:54 | #13 |
| conime.exe Die Cookies sind nciht so wichtig. Ne Ahnung wo es sich genau aufhängt? Code:
ATTFilter O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU) Das heißt: HiJackThis scannt bestimmte Registry-Bereiche. Du kannst "bösartige"-Einträge dann in der Übersicht mit einem Haken versehen und "Fix checked" drücken, die Einträge sollten aus der registry gelöscht sein. GMER - Rootkit Detection
__________________ _____________________________________________ „Optimismus ist nur ein Mangel an Information.“ Heiner Müller Sicherheit?->Allgemeine Informationen Der Plural von Virus heisst "Vira"! virus(viri, n.) Substantiv O-Deklination Nom.pl/Akk.pl. Geändert von 4RobSen8 (22.04.2009 um 19:03 Uhr) |
22.04.2009, 19:43 | #15 |
| conime.exe Hier nun das LOG von GMER....oh man GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-04-22 20:42:05 Windows 6.0.6001 Service Pack 1 ---- System - GMER 1.0.14 ---- SSDT 8AA149FC ZwCreateThread SSDT 8AA149E8 ZwOpenProcess SSDT 8AA149ED ZwOpenThread SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x8D028DF0] SSDT 8AA149F2 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.14 ---- .text ntkrnlpa.exe!KeSetTimerEx + 454 822C8A18 4 Bytes [ FC, 49, A1, 8A ] .text ntkrnlpa.exe!KeSetTimerEx + 624 822C8BE8 4 Bytes CALL 11B72D36 .text ntkrnlpa.exe!KeSetTimerEx + 640 822C8C04 4 Bytes [ ED, 49, A1, 8A ] .text ntkrnlpa.exe!KeSetTimerEx + 854 822C8E18 4 Bytes [ F0, 8D, 02, 8D ] .text ntkrnlpa.exe!KeSetTimerEx + 8B4 822C8E78 4 Bytes [ F2, 49, A1, 8A ] ? C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys Das System kann die angegebene Datei nicht finden. ! ? C:\Program Files\SUPERAntiSpyware\SASENUM.SYS Das System kann die angegebene Datei nicht finden. ! ---- User code sections - GMER 1.0.14 ---- .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] kernel32.dll!FindResourceExA 775908DD 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] kernel32.dll!FindResourceA 775909A5 5 Bytes JMP 28001CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] kernel32.dll!CreateEventA 775A4AD8 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] kernel32.dll!LockResource 775A7F1F 5 Bytes JMP 28001F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] kernel32.dll!FindResourceExW 775A813B 1 Byte [ E9 ] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] kernel32.dll!FindResourceExW + 2 775A813D 5 Bytes [ 9B, A5, B0, CC, CC ] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] kernel32.dll!LoadResource 775A8213 7 Bytes JMP 28001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] kernel32.dll!FindResourceW 775A97C7 5 Bytes JMP 28001BE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] kernel32.dll!SizeofResource 775A97E5 7 Bytes JMP 28001EE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] ADVAPI32.dll!CryptDeriveKey 7616E6F6 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] ADVAPI32.dll!CryptDecrypt 7616E8D9 7 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] USER32.dll!SetWindowPlacement 772979BB 5 Bytes JMP 28005DC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] USER32.dll!SetWindowRgn 772995E2 7 Bytes JMP 28005F00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] USER32.dll!LoadImageW 7729D61D 5 Bytes JMP 28006690 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] USER32.dll!LoadIconW 7729EC94 5 Bytes JMP 28006880 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] USER32.dll!CreateWindowExW 772A3D67 5 Bytes JMP 28003CA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] USER32.dll!GetWindowLongW 772AF67F 7 Bytes JMP 28006A20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] USER32.dll!PeekMessageW 772AFD9F 5 Bytes JMP 280045E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] USER32.dll!TrackPopupMenuEx 772C0F4D 5 Bytes JMP 28004EC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] USER32.dll!CreateDialogParamW 772C1C58 5 Bytes JMP 28006040 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] USER32.dll!MessageBoxIndirectW 772ED56B 5 Bytes JMP 28006230 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] WS2_32.dll!closesocket 75F6330C 5 Bytes JMP 2800BC20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] WS2_32.dll!recv 75F6343A 5 Bytes JMP 2800B440 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] WS2_32.dll!WSASend 75F64496 5 Bytes JMP 2800B9E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] WS2_32.dll!send 75F6659B 5 Bytes JMP 2800B800 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] WS2_32.dll!WSARecv 75F68400 5 Bytes JMP 2800B5E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] SHELL32.dll!Shell_NotifyIconW 767DC808 5 Bytes JMP 28003400 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] ole32.dll!CoRegisterClassObject 760245AC 5 Bytes JMP 28002360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] ole32.dll!CoInitializeEx 7605B89A 5 Bytes JMP 28002260 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] ole32.dll!CoCreateInstance 7605E188 5 Bytes JMP 28002600 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] WININET.dll!HttpOpenRequestA 766306D6 5 Bytes JMP 2800A2C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] WININET.dll!InternetCloseHandle 7663607B 5 Bytes JMP 2800A600 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] WININET.dll!InternetReadFile 7663A067 5 Bytes JMP 2800A450 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2480] WININET.dll!HttpSendRequestA 766408C5 5 Bytes JMP 2800A530 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) ---- User IAT/EAT - GMER 1.0.14 ---- IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74687BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [746C98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7468D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7467F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74687599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7467E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [746BB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7468D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7468012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74680095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746771F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7470D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [746A75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7467DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7467668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746766BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74681E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.14 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d152bb Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d152bb Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@f!s!d!d!\22!`!y!m!\24!t!t!\24!{!`!s!\30! 19583823 ---- EOF - GMER 1.0.14 ---- |
Themen zu conime.exe |
ahnung, antivir, befinden, bli, blink, blinkt, conime.exe, firefox, geworfen, google, heute, hoffe, hängt, immer wieder, keylogger, lahm, lahmt, neue, nichts, prozesse, tagen, taskmanager, teilweise, vista, wirklich, ähnliches |