| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC läuft sehr langsam, svchost.exe lastet das System extrem ausWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.08.2010, 18:57
| #6 |
 |  PC läuft sehr langsam, svchost.exe lastet das System extrem aus Hallo cosinus, vielen Dank für Deine Antwort. CC Cleaner und ComboFix habe ich wie vorgeschlagen durchgeführt. Grüße intrus Hier die Log-Datei von ComboFix: Combofix Logfile: Code:
ATTFilter ComboFix 10-08-29.04 - *** 30.08.2010 19:23:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.988 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Helper
c:\users\***\AppData\Local\Temp\ppcrlui_3136_2
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-28 bis 2010-08-30 ))))))))))))))))))))))))))))))
.
2010-08-30 17:34 . 2010-08-30 17:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-18 21:36 . 2010-08-18 21:36 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-08-18 21:36 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-18 21:36 . 2010-08-18 21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-18 21:36 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-17 18:46 . 2010-08-17 18:46 -------- d-----w- c:\program files\Defraggler
2010-08-17 18:26 . 2010-08-30 17:10 -------- d-----w- c:\program files\CCleaner
2010-08-12 20:33 . 2010-01-21 09:46 441168 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
2010-08-11 21:48 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 21:48 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 21:48 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 21:48 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-07 11:56 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-08-07 11:52 . 2008-07-11 00:28 92184 ----a-w- c:\windows\system32\SQSRVRES.DLL
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 16:00 . 2008-11-15 13:42 1 ----a-w- c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-29 22:23 . 2007-04-26 19:10 7692 ----a-w- c:\windows\bthservsdp.dat
2010-08-29 16:30 . 2007-11-24 22:50 -------- d-----w- c:\users\***\AppData\Roaming\Buhl Data Service GmbH
2010-08-29 16:15 . 2007-07-21 15:36 105800 ----a-w- c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-29 11:27 . 2007-11-24 22:38 -------- d-----w- c:\program files\Buhl
2010-08-29 11:27 . 2007-11-24 22:39 -------- d-----w- c:\program files\Common Files\Buhl Data Service
2010-08-17 17:08 . 2007-07-21 22:31 83438 ----a-w- c:\users\***\AppData\Roaming\nvModes.dat
2010-08-16 21:24 . 2009-11-24 22:48 142935 ----a-w- c:\windows\hppins23.dat
2010-08-13 19:33 . 2007-08-03 20:58 -------- d-----w- c:\users\***\AppData\Roaming\Canon
2010-08-12 18:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-07 11:49 . 2007-04-26 20:02 -------- d-----w- c:\program files\Microsoft.NET
2010-08-07 11:46 . 2007-04-26 20:05 -------- d-----w- c:\program files\Microsoft SQL Server
2010-07-30 09:54 . 2007-04-26 01:59 788886 ----a-w- c:\windows\system32\perfh007.dat
2010-07-30 09:54 . 2007-04-26 01:59 185136 ----a-w- c:\windows\system32\perfc007.dat
2010-07-30 09:15 . 2010-06-21 19:17 -------- d-----w- c:\program files\iTunes
2010-07-30 09:15 . 2010-07-30 09:15 -------- d-----w- c:\program files\iPod
2010-07-30 09:15 . 2007-07-29 12:11 -------- d-----w- c:\program files\Common Files\Apple
2010-07-30 09:11 . 2010-07-30 09:11 -------- d-----w- c:\program files\Bonjour
2010-07-30 08:38 . 2010-07-30 08:38 32256 ----a-w- c:\windows\system32\MiniInstaller.dll
2010-07-30 08:38 . 2010-07-30 08:38 101248 ----a-w- c:\windows\system32\drivers\avmaudio.sys
2010-07-29 21:52 . 2007-04-26 20:11 -------- d-----w- c:\program files\McAfee.com
2010-07-28 22:20 . 2009-11-25 07:21 -------- d-----w- c:\users\***\AppData\Roaming\HP
2010-07-28 21:56 . 2010-07-28 21:56 -------- d-----w- c:\program files\SystemRequirementsLab
2010-07-28 21:47 . 2007-04-26 19:29 -------- d-----w- c:\program files\Samsung
2010-07-28 21:47 . 2007-04-26 19:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-28 21:40 . 2007-12-26 13:30 -------- d-----w- c:\users\***\AppData\Roaming\InstallShield
2010-07-28 21:11 . 2009-04-27 21:23 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-07-28 19:35 . 2007-04-26 20:10 -------- d-----w- c:\program files\McAfee
2010-07-28 19:33 . 2007-04-26 20:11 -------- d-----w- c:\program files\Common Files\McAfee
2010-07-06 21:57 . 2008-12-30 22:55 -------- d-----w- c:\users\***\AppData\Roaming\Skype
2010-07-06 18:19 . 2008-12-30 23:15 -------- d-----w- c:\users\***\AppData\Roaming\skypePM
2010-06-26 06:05 . 2010-08-11 21:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 21:49 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 21:49 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 21:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-11 21:49 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-11 21:49 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-11 16:16 . 2010-08-11 21:49 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-08 17:35 . 2010-08-11 21:49 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-11 21:49 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-02 09:37 . 2010-06-04 08:30 50176 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
2010-06-02 09:37 . 2010-06-04 08:30 80896 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
2007-03-21 00:32 . 2007-04-26 19:36 3062 ----a-w- c:\program files\MSetup.xml
2007-02-12 03:12 . 2007-04-26 19:36 2010 ----a-w- c:\program files\MSetup.ini
2007-01-09 00:43 . 2007-04-26 19:36 528040 ----a-w- c:\program files\MSetup.exe
2010-05-31 18:32 . 2010-07-28 19:25 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
------- Sigcheck -------
[-] 2009-11-24 . 690D53BD10A804BB6D0A772D1C0E6907 . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"AVMUSBFernanschluss"="c:\users\***\AppData\Local\Apps\2.0\A6LEZJWD.ORC\NPZEZQ0N.7ZL\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe" [2010-07-30 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 4399104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-06 839680]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2007-04-25 311296]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-22 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-22 81920]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-24 1193848]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 719664]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-16 805392]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Play AVStation TV Scheduler"=c:\program files\Samsung\Play AVStation\TvScheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):1f,24,48,2a,81,e7,c9,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-05-31 83496]
R3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2009-04-08 42888]
R3 NETw2v32;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 WMSvc;Webverwaltungsdienst;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-05-31 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-05-31 160720]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-04-26 13312]
S2 McMPFSvc;McAfee Personal Firewall-Dienst;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-05-31 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-05-31 141792]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2010-07-30 101248]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-05-31 55456]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-05-31 312616]
S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2009-01-23 243840]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
2010-08-30 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 12:00]
2010-08-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-03 20:29]
2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 20:20]
2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 20:20]
2010-08-30 c:\windows\Tasks\SupBackGroundTask.job
- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [2008-09-25 12:26]
2010-08-30 c:\windows\Tasks\User_Feed_Synchronization-{8E8A436B-0DAD-463B-A292-076DE172E0AC}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.myownstartpage.net/?cm=640368<=2&it=2008-02-16%2000%3A06%3A17&dt=2008-02-16%2000%3A52%3A40&q=about:blank
uInternet Settings,ProxyOverride = *.local
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://dsl-start.computerbild.de/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-30 19:34
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2010-08-30 19:38:59
ComboFix-quarantined-files.txt 2010-08-30 17:38
Vor Suchlauf: 13 Verzeichnis(se), 27.746.078.720 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 27.553.845.248 Bytes frei
- - End Of File - - 2EE07E69FDE79A5DBB11AEB5B7FC41B0
|
| Themen zu PC läuft sehr langsam, svchost.exe lastet das System extrem aus |
| 32 bit, agere systems, autorun, bonjour, components, corp./icp, defender, desktop, device driver, ebay, error, explorer, firefox, firefox.exe, format, google, home, home premium, install.exe, kb973917, langsam, location, logfile, microsoft office 2003, mozilla, nvidia, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, otl logfile, otl.exe, pc läuft, picasa, plug-in, problem, programdata, realtek, registry, rundll, saver, search.hijacker, searchplugins, searchscopes, security, security update, sehr langsam, server, shell32.dll, skype.exe, software, staropen, start menu, studio, svchost.exe, system, torrent.exe, vista, visual studio |
Baum-Darstellung