Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Hohe CPU-Auslastung und voller RAM! Verdacht auf Trojaner

Hohe CPU-Auslastung und voller RAM! Verdacht auf Trojaner


Log-Analyse und Auswertung: Hohe CPU-Auslastung und voller RAM! Verdacht auf Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 17.07.2009, 10:21   #1
Rukazi
 
Hohe CPU-Auslastung und voller RAM! Verdacht auf Trojaner - Standard

Hohe CPU-Auslastung und voller RAM! Verdacht auf Trojaner


Hey, ich bin ganz neu hier im Forum und weil ich seit kurzem Probleme mit meinem Computer hab (ständig hohe CPU-Auslastung und komplett voller RAM) hat ein Kumpel von mir einen Trojaner oder ähnliches vermutet und hat mich zu euch gelenkt^^.
Also mein PC is ein:
AMD Turion X2 64 RM-72 2,1 GHz
4096 MB DDR2-RAM
ATI Mobility Radeon HD 3450
Windows Vista SP2

Hier sind die Logs die ich machen sollte:
HiJackThis:
Logfile of random's system information tool 1.06 (written by random/random)
Run by **** at 2009-07-17 11:09:19
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 23 GB (8%) free of 296 GB
Total RAM: 3069 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:25, on 17.07.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Users\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "c:\spiele\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 11131 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Klick-Wartung.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID-Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-04 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-05-20 429816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-05-14 468264]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-14 202032]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-11-01 554288]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-11-20 488752]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"BtTray"=C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2009-05-17 258134]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-06-27 442467]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-07-13 414992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-02-26 2289664]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Steam"=c:\spiele\steam\steam.exe [2009-07-13 1217784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamSpace]
C:\Program Files\CamSpace\CamSpaceAgent.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0333ce7e-5598-11de-9433-00238b47d9cc}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a80dd85-45f7-11de-928a-00238b47d9cc}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9416a77e-5038-11de-8811-00238b47d9cc}]
shell\Auto\command - boot.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9416a809-5038-11de-8811-00238b47d9cc}]
shell\Auto\command - activexdebugger32.exe f
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
shell\explore\command - activexdebugger32.exe f
shell\open\command - activexdebugger32.exe f

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de1819ab-50ef-11de-b624-00238b47d9cc}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-07-17 11:09:20 ----D---- C:\Program Files\trend micro
2009-07-17 11:09:19 ----D---- C:\rsit
2009-07-17 08:45:06 ----D---- C:\Users\****\AppData\Roaming\Malwarebytes
2009-07-17 08:44:58 ----D---- C:\ProgramData\Malwarebytes
2009-07-17 08:44:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-17 08:41:47 ----D---- C:\Program Files\CCleaner
2009-07-16 13:52:30 ----D---- C:\ProgramData\InstallShield
2009-07-16 13:52:16 ----A---- C:\Windows\system32\Mfc42loc.dll
2009-07-16 09:05:43 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-07-16 09:05:40 ----A---- C:\Windows\system32\PnkBstrA.exe
2009-07-16 09:05:40 ----A---- C:\Windows\system32\pbsvc.exe
2009-07-16 08:12:20 ----D---- C:\Program Files\iPod
2009-07-16 08:10:40 ----SHD---- C:\Config.Msi
2009-07-15 21:44:27 ----D---- C:\ProgramData\Avira
2009-07-15 21:44:27 ----D---- C:\Program Files\Avira
2009-07-15 08:28:56 ----A---- C:\Windows\system32\t2embed.dll
2009-07-15 08:28:55 ----A---- C:\Windows\system32\lpk.dll
2009-07-15 08:28:55 ----A---- C:\Windows\system32\fontsub.dll
2009-07-15 08:28:55 ----A---- C:\Windows\system32\dciman32.dll
2009-07-15 08:28:55 ----A---- C:\Windows\system32\atmfd.dll
2009-07-14 19:28:19 ----D---- C:\Users\****\AppData\Roaming\teamspeak2
2009-07-14 19:27:59 ----D---- C:\Program Files\Teamspeak2_RC2
2009-07-14 17:03:24 ----D---- C:\ProgramData\Valve
2009-07-14 16:06:00 ----D---- C:\Program Files\WinUHA
2009-07-14 15:14:18 ----D---- C:\ProgramData\Tunngle
2009-07-14 15:13:08 ----D---- C:\Users\****\AppData\Roaming\Tunngle
2009-07-14 15:12:57 ----D---- C:\Program Files\Tunngle
2009-07-14 14:29:45 ----D---- C:\Program Files\Common Files\Skype
2009-07-13 19:14:55 ----D---- C:\Program Files\LibUSB-Win32-0.1.10.1
2009-07-13 19:14:55 ----A---- C:\Windows\system32\libusbd-nt.exe
2009-07-13 19:14:55 ----A---- C:\Windows\system32\libusbd-9x.exe
2009-07-13 19:14:55 ----A---- C:\Windows\system32\libusb0.dll
2009-07-13 18:22:30 ----D---- C:\Windows\system32\xlive
2009-07-13 18:22:29 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-07-13 16:48:30 ----D---- C:\Program Files\Common Files\Steam
2009-07-11 15:47:37 ----D---- C:\Users\****\AppData\Roaming\RenPy
2009-07-11 12:36:00 ----D---- C:\Users\****\AppData\Roaming\ClubCooee
2009-07-11 11:12:27 ----D---- C:\Windows\RegisteredPackages
2009-07-11 11:12:23 ----HD---- C:\Windows\msdownld.tmp
2009-07-11 11:12:11 ----D---- C:\Program Files\Windows Media-Komponenten
2009-07-09 23:46:52 ----D---- C:\Users\****\AppData\Roaming\FileZilla
2009-07-09 23:40:33 ----D---- C:\Program Files\FileZilla FTP Client
2009-07-07 08:56:10 ----D---- C:\Python26
2009-07-07 07:52:46 ----D---- C:\Users\****\AppData\Roaming\Blender Foundation
2009-07-07 07:52:42 ----D---- C:\Program Files\Blender Foundation
2009-07-04 17:18:41 ----A---- C:\Windows\system32\GEARAspi.dll
2009-07-04 17:18:38 ----D---- C:\ProgramData\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-07-04 17:16:52 ----D---- C:\ProgramData\Norton
2009-07-04 17:16:36 ----D---- C:\ProgramData\NortonInstaller
2009-07-04 17:16:14 ----SHD---- C:\Windows\ftpcache
2009-06-30 13:36:12 ----D---- C:\ProgramData\Media Center Programs
2009-06-30 12:14:09 ----HD---- C:\ProgramData\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}
2009-06-30 12:00:48 ----D---- C:\ProgramData\DAEMON Tools Lite
2009-06-30 12:00:28 ----D---- C:\Program Files\DAEMON Tools Lite
2009-06-30 11:56:58 ----D---- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
2009-06-29 18:50:53 ----D---- C:\Program Files\CamSpace
2009-06-28 20:16:51 ----D---- C:\Users\****\AppData\Roaming\Windows Live Writer
2009-06-28 14:42:05 ----D---- C:\Program Files\Phantasy Star Online Blue Burst
2009-06-24 20:13:41 ----D---- C:\Users\****\AppData\Roaming\FFSJ
2009-06-23 05:44:14 ----D---- C:\Windows\system32\Futuremark
2009-06-23 05:44:14 ----D---- C:\Program Files\Common Files\Futuremark Shared
2009-06-22 13:29:49 ----D---- C:\Program Files\Veoh Networks
2009-06-20 18:07:02 ----D---- C:\ProgramData\Electronic Arts
2009-06-20 18:06:41 ----D---- C:\Program Files\Electronic Arts
2009-06-20 18:06:03 ----D---- C:\Program Files\Microsoft WSE
2009-06-20 08:11:07 ----D---- C:\Users\****\AppData\Roaming\CD Art Display

der rest folgt^^

 

Themen zu Hohe CPU-Auslastung und voller RAM! Verdacht auf Trojaner
adobe, antivir, antivir guard, autorun, avg, avira, bho, browser, c:\windows\system32\rundll32.exe, computer, defender, desktop, explorer, ftp, home, home premium, internet, internet explorer, launch, malwarebytes' anti-malware, media center, menu.exe, mobility radeon, notepad.exe, pdf, plug-in, programdata, registry, rundll, senden, shell32.dll, software, system, teamspeak, trojane, trojaner, tuneup.defrag, tuprogst.exe, verdacht auf trojaner, vista, voller ram, wscript.exe


« Trojanische Pferd TR/Crapt.XPACK.Gen | TR/Drop.VB.lhn.6 »


Ähnliche Themen: Hohe CPU-Auslastung und voller RAM! Verdacht auf Trojaner


  1. Trojaner Verdacht - CPU im Leerlauf bei 50 - 100% Auslastung
    Log-Analyse und Auswertung - 26.06.2014 (8)
  2. Windows 7: Diktiersoftware hakt- hohe CPU-Auslastung und garantiert Trojaner
    Log-Analyse und Auswertung - 16.01.2014 (20)
  3. Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner?
    Log-Analyse und Auswertung - 22.06.2013 (11)
  4. Verdacht auf Trojaner (CPU Auslastung)
    Log-Analyse und Auswertung - 15.11.2011 (3)
  5. Hohe CPU-Auslastung (cmd.exe)
    Plagegeister aller Art und deren Bekämpfung - 04.11.2011 (9)
  6. PC und Browser langsamer, hohe CPU-Auslastung, Verdacht auf Befall
    Log-Analyse und Auswertung - 06.09.2011 (20)
  7. Hohe CPU Auslastung. Verdacht auf Infektion.
    Log-Analyse und Auswertung - 25.08.2011 (1)
  8. Hohe CPU Auslastung. Verdacht auf Infektion.
    Log-Analyse und Auswertung - 24.08.2011 (1)
  9. hohe cpu auslastung
    Antiviren-, Firewall- und andere Schutzprogramme - 10.11.2010 (5)
  10. zu hohe CPU Auslastung
    Log-Analyse und Auswertung - 07.11.2010 (13)
  11. hohe CPU-Auslastung
    Netzwerk und Hardware - 12.10.2009 (3)
  12. Permanent hohe CPU auslastung möglicherweise durch Virus/Trojaner
    Plagegeister aller Art und deren Bekämpfung - 19.08.2009 (10)
  13. Bluescreen nach Windows Anmeldung. Häufig hohe Auslastung und Trojaner endeckt.
    Log-Analyse und Auswertung - 04.07.2009 (36)
  14. Hohe Cpu Auslastung, Verdacht auf Virus
    Log-Analyse und Auswertung - 09.06.2009 (3)
  15. Hohe CPU Auslastung
    Plagegeister aller Art und deren Bekämpfung - 18.01.2009 (1)
  16. Hohe CPU-Auslastung..Help!!!
    Log-Analyse und Auswertung - 12.12.2006 (3)
  17. PC hat hohe CPU Auslastung :<
    Log-Analyse und Auswertung - 28.05.2005 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Hohe CPU-Auslastung und voller RAM! Verdacht auf Trojaner - Hey, ich bin ganz neu hier im Forum und weil ich seit kurzem Probleme mit meinem Computer hab (ständig hohe CPU-Auslastung und komplett voller RAM) hat ein Kumpel von mir - Hohe CPU-Auslastung und voller RAM! Verdacht auf Trojaner...
Archiv
Du betrachtest: Hohe CPU-Auslastung und voller RAM! Verdacht auf Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19