Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
csrss.exe, atiedxx.exe, winlogon?

csrss.exe, atiedxx.exe, winlogon?


Plagegeister aller Art und deren Bekämpfung: csrss.exe, atiedxx.exe, winlogon?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.08.2010, 15:50   #1
Peilermann
 
csrss.exe, atiedxx.exe, winlogon? - Standard

csrss.exe, atiedxx.exe, winlogon?


Hallo,

ich hab in den letzten Tagen große Probleme mit Trojanern. z.B hatte ich Probleme mit Antimalware Doctor und anderen pseudo reinigungstools. Hab auf Trojaner-Board eine Lösung gefunden wie man diesen entfernt und hoffe auch ,dass es mir gelungen ist. Heute habe ich in meinem Task Manager Prozesse gefunden die auf andere Trojaner hindeuten.

.


Hab mir das Tool Malwarebytes' Anti-Malware heruntergeladen und einen Scan durchgeführ. Dabei hat er 9 Trojaner entfernt, allerdings sind die Prozesse von der Beschreibung immer noch vorhanden. Wie kann ich diese entfernen? Finde nichts bei Google das hilfreich sein könnte.

Mir ist ausserdem aufgefallen dass sich meine iTunes nicht mit dem Internet verbinden kann, habe es auch schon Neuinstalliert. Ausserdem kann sich meine Antivirus Software nicht updaten. Hat das auch was mit der Spyware zutun?

Alt 28.08.2010, 16:05   #2
john.doe
 
csrss.exe, atiedxx.exe, winlogon? - Standard

csrss.exe, atiedxx.exe, winlogon?


Hallo Peilermann und

Klicke auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die Liste unter Punkt 2 ab (nur Alternative B).

ciao, andreas
__________________

__________________
Alt 02.09.2010, 15:33   #3
Peilermann
 
csrss.exe, atiedxx.exe, winlogon? - Standard

csrss.exe, atiedxx.exe, winlogon?


Schuldigung das ich erst jetzt antworten kann aber konnte erst jetzt an den PC

Hier die Logfiles von OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.09.2010 16:22:28 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Martin\Downloads\Explorer
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 53,31 Gb Free Space | 35,77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\Explorer\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\RocketDock\RocketDock.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\Explorer\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\Temp\logishrd\LVPrcInj01.dll (Logitech Inc.)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\rswin_3745.dll ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sdCoreService) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (cpuz130) -- C:\Users\***\AppData\Local\Temp\cpuz130\cpuz_x32.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (qcusbser) -- C:\Windows\System32\drivers\qcusbser.sys (QUALCOMM Incorporated)
DRV - (qcusbmdm) Qualcomm Proprietary USB Driver (PID 3197) -- C:\Windows\System32\drivers\qcusbmdm.sys (QUALCOMM Incorporated)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "chrome://fastdial/content/fastdial.html"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.4.0.4
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=2&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.02 12:26:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.02 12:26:37 | 000,000,000 | ---D | M]
 
[2009.12.11 21:46:49 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2010.09.02 12:19:32 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\dn6krivt.default\extensions
[2009.12.15 16:33:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\dn6krivt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.13 17:27:58 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\dn6krivt.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.03.09 16:16:19 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\dn6krivt.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.01.25 00:00:04 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\dn6krivt.default\extensions\battlefieldheroespatcher@ea.com
[2009.12.12 16:20:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\dn6krivt.default\extensions\fastdial@telega.phpnet.us
[2009.10.25 13:33:18 | 000,000,886 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\dn6krivt.default\searchplugins\conduit.xml
[2010.08.29 18:46:56 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.29 18:45:44 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.29 18:45:44 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.29 18:45:44 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.29 18:45:44 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.29 18:45:44 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.04.04 20:07:31 | 000,000,955 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{70f3895f-e9af-11de-b1e1-001731700e8c}\Shell - "" = AutoRun
O33 - MountPoints2\{70f3895f-e9af-11de-b1e1-001731700e8c}\Shell\AutoRun\command - "" = J:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.02 12:29:33 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.09.02 12:29:29 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.09.02 12:25:49 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.09.02 12:22:00 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.09.02 12:21:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.08.28 16:24:01 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.08.28 16:24:01 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.08.28 16:24:01 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.08.28 16:23:28 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.08.28 16:23:28 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.08.28 16:23:24 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.08.28 16:23:24 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.08.28 16:23:19 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.08.28 16:23:09 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Doctor
[2010.08.28 16:23:09 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\PC Tools
[2010.08.28 16:23:09 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools
[2010.08.28 16:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.08.28 16:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.08.28 15:23:16 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010.08.26 11:47:34 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Saves
[2010.08.25 22:37:48 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Malwarebytes
[2010.08.25 22:37:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.25 22:37:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.25 22:37:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.25 22:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.25 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\0C377AD7766305A22D8D675EF62A289B
[2010.08.25 21:42:21 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\lvghdxhvd
[2010.08.25 21:40:56 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\A38353B8C709D5FF2C0C24C2A9F74853
[2010.08.24 23:28:25 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\My Art
[2010.08.19 21:09:04 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\StarCraft II
[2010.08.19 21:09:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Blizzard Entertainment
[2010.08.19 21:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.08.17 22:06:29 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\2K Games
[2010.08.17 22:05:53 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2010.08.17 22:05:53 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2010.08.17 22:05:53 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2010.08.17 22:05:52 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2010.08.17 22:05:52 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2010.08.17 22:05:52 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2010.08.17 22:05:52 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2010.08.17 22:05:52 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2010.08.17 20:48:30 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.17 20:48:21 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.08.17 20:48:21 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.17 20:48:21 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.08.17 20:48:01 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.17 20:47:57 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.17 20:47:39 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.17 20:47:39 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010.08.10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.02 16:23:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.02 16:21:46 | 002,097,152 | ---- | M] () -- C:\Users\Martin\NTUSER.DAT
[2010.09.02 16:00:02 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.09.02 14:38:00 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.02 14:37:57 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.02 14:37:51 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.02 14:37:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.02 14:37:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.02 13:21:29 | 000,524,288 | -HS- | M] () -- C:\Users\Martin\NTUSER.DAT{395b9acb-add8-11df-978f-001731700e8c}.TMContainer00000000000000000001.regtrans-ms
[2010.09.02 13:21:29 | 000,065,536 | -HS- | M] () -- C:\Users\Martin\NTUSER.DAT{395b9acb-add8-11df-978f-001731700e8c}.TM.blf
[2010.09.02 13:21:26 | 003,368,563 | -H-- | M] () -- C:\Users\Martin\AppData\Local\IconCache.db
[2010.09.02 12:30:39 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.09.02 12:26:10 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.09.01 20:02:53 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.01 20:02:53 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.01 20:02:53 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.01 20:02:53 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.01 20:02:53 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.28 16:23:22 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.08.27 14:23:48 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010.08.25 22:37:43 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.25 15:09:08 | 000,001,729 | ---- | M] () -- C:\Users\Public\Desktop\Mafia II.lnk
[2010.08.24 23:30:37 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2010.08.22 17:23:18 | 000,000,215 | ---- | M] () -- C:\Users\Martin\Desktop\Mafia II - Public Demo.url
[2010.08.22 17:04:13 | 000,524,288 | -HS- | M] () -- C:\Users\Martin\NTUSER.DAT{395b9acb-add8-11df-978f-001731700e8c}.TMContainer00000000000000000002.regtrans-ms
[2010.08.22 16:26:44 | 000,524,288 | -HS- | M] () -- C:\Users\Martin\NTUSER.DAT{2bf508dd-748d-11df-a25d-001731700e8c}.TMContainer00000000000000000001.regtrans-ms
[2010.08.22 16:26:44 | 000,065,536 | -HS- | M] () -- C:\Users\Martin\NTUSER.DAT{2bf508dd-748d-11df-a25d-001731700e8c}.TM.blf
[2010.08.19 21:31:04 | 000,000,761 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.08.19 16:09:26 | 000,009,728 | ---- | M] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.19 15:49:15 | 002,182,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.19 13:12:42 | 000,055,384 | ---- | M] () -- C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010.08.10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.02 12:30:39 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.09.02 12:26:10 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.08.28 16:24:01 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.08.28 16:24:01 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.08.28 16:24:01 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.08.28 16:24:01 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.08.28 16:24:01 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.08.28 16:23:28 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010.08.28 16:23:24 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010.08.28 16:23:24 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010.08.28 16:23:22 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.08.28 16:23:19 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010.08.27 14:23:48 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010.08.25 22:37:43 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.25 15:09:08 | 000,001,729 | ---- | C] () -- C:\Users\Public\Desktop\Mafia II.lnk
[2010.08.22 17:23:18 | 000,000,215 | ---- | C] () -- C:\Users\Martin\Desktop\Mafia II - Public Demo.url
[2010.08.22 16:27:55 | 000,524,288 | -HS- | C] () -- C:\Users\Martin\NTUSER.DAT{395b9acb-add8-11df-978f-001731700e8c}.TMContainer00000000000000000002.regtrans-ms
[2010.08.22 16:27:55 | 000,524,288 | -HS- | C] () -- C:\Users\Martin\NTUSER.DAT{395b9acb-add8-11df-978f-001731700e8c}.TMContainer00000000000000000001.regtrans-ms
[2010.08.22 16:27:55 | 000,065,536 | -HS- | C] () -- C:\Users\Martin\NTUSER.DAT{395b9acb-add8-11df-978f-001731700e8c}.TM.blf
[2010.08.19 21:09:04 | 000,000,761 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.06.18 18:32:58 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.06.18 18:26:47 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.05.26 13:44:53 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.04.27 19:13:11 | 000,000,025 | ---- | C] () -- C:\Windows\CDE CX3600FGD.ini
[2010.03.28 14:03:36 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.03.05 19:29:34 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.03.05 19:29:34 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.02.18 20:39:02 | 000,000,552 | ---- | C] () -- C:\Users\Martin\AppData\Local\d3d8caps.dat
[2010.02.11 05:16:10 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.02.07 14:45:42 | 000,073,728 | ---- | C] () -- C:\Windows\System32\VistaInfo32.dll
[2010.02.07 14:45:41 | 000,000,068 | ---- | C] () -- C:\Windows\MyProg.ini
[2010.01.20 14:58:35 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.01.20 14:58:35 | 000,138,056 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\PnkBstrK.sys
[2009.12.20 13:56:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.15 21:46:59 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2009.12.15 21:21:53 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.12.13 20:52:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.12 13:34:28 | 000,147,456 | ---- | C] () -- C:\Windows\System32\RtlCPAPI.dll
[2009.12.11 21:49:46 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009.12.11 21:23:29 | 000,009,728 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.11 21:04:38 | 000,001,356 | ---- | C] () -- C:\Users\Martin\AppData\Local\d3d9caps.dat
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.04.30 23:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008.07.26 09:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002.08.13 17:04:12 | 000,217,088 | R--- | C] () -- C:\Users\Martin\AppData\Roaming\MafiaSetup.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
--- --- ---


Falls die noch benötigt werden hier die Logfiles von Malwarebytes':

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4478

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

25.08.2010 22:55:14
mbam-log-2010-08-25 (22-55-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 56037
Laufzeit: 16 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wsoemnxrac.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbv6rd5szf (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fdxqcyxo (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Local\Temp\wsoemnxrac.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\A38353B8C709D5FF2C0C24C2A9F74853\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\Sxk.exe (Trojan.Downloader) -> Delete on reboot.
C:\Users\***\AppData\Local\lvghdxhvd\grjxumcshdw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Sry das war die erste Logfile hier die aktuelle:
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4478

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

02.09.2010 16:17:56
mbam-log-2010-09-02 (16-17-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 264316
Laufzeit: 1 Stunde(n), 18 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________
Alt 02.09.2010, 20:35   #4
john.doe
 
csrss.exe, atiedxx.exe, winlogon? - Standard

csrss.exe, atiedxx.exe, winlogon?


Wasndas?
Zitat:
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
Es fehlt noch Extras.txt von OTL.

ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Alt 02.09.2010, 22:06   #5
Peilermann
 
csrss.exe, atiedxx.exe, winlogon? - Standard

csrss.exe, atiedxx.exe, winlogon?


Zitat:
Wasndas?
Zitat:
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
Das hab ich mal in eine Datei eingesetzt um auf eine erforderliche permanente Internetverbindung zu verzichten. Ist schon länger her desshalb sollte es nichts mit meinen derzeitigen Problemen zutun haben.


Hier die Extras.txt:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.09.2010 16:22:28 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Martin\Downloads\Explorer
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 53,31 Gb Free Space | 35,77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARTIN-PC
Current User Name: Martin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D3FEEF-B4F0-4648-A638-CF3E47569E9C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{18DFCA71-CCE8-4853-87C5-928187F89B03}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2F69BE3F-E34B-471C-960A-85945D241D66}" = rport=138 | protocol=17 | dir=out | app=system | 
"{493F4447-C44B-4C86-9497-90D5C76806A7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) | 
"{497F6076-A832-4D4B-B3F2-550A3F4C3217}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{68ABC764-FD0A-4115-A18F-C50F5D7ED600}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | 
"{690C9538-DB0B-41A4-B582-8FE9C984593D}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{6EC53014-2572-4D1F-8FCF-98D437D28085}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{77E54740-0EFC-4E8A-85E3-AD5F267C0144}" = rport=445 | protocol=6 | dir=out | app=system | 
"{824C88A4-37B6-49AE-9707-E5FEB8139D41}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8666C29F-2F96-462D-AE99-AF79284770B9}" = lport=49166 | protocol=6 | dir=in | name=akamai netsession interface | 
"{9E8370AB-754E-4476-A443-910418DEDFB1}" = lport=49171 | protocol=6 | dir=in | name=akamai netsession interface | 
"{A4AC3A7F-F78C-45A6-97BB-E2CF13844A35}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C6F9BC8F-465D-4295-A22E-CA4E024BD480}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EB785E3D-C9E2-4A59-9188-541F3C6FE587}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017AE748-DF59-4343-A91D-C2AA58C7D5C9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{1BDC6118-66E1-4D87-961D-51F6552B3324}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{20993196-C890-4BAE-AEA6-F49F556F4500}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) | 
"{30F3FCDC-EF5F-452D-8E5A-CFCD8A19A63D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{47C831F8-C303-497A-B727-9BFC16810C35}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{4D034EE9-E9C8-494A-9EC6-AB87784EE35C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mafia ii - public demo\launcher.exe | 
"{4FB13ECB-6D6F-4FDB-9773-85786C2895B1}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{53102C83-A366-406B-B10D-13376FDCF777}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) | 
"{5D94E60A-4227-409C-B948-C36973EED1EA}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) | 
"{66A9064A-DB0D-4343-805A-55E699AE61BD}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{6E491156-A523-47CA-8EE1-71C3C14A671A}" = protocol=6 | dir=in | app=c:\spiele\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{7CE15D7A-F888-406A-B14B-F01DE75322A9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{7DC5AB85-F045-4D93-8B25-332BC5F202A0}" = protocol=6 | dir=in | app=c:\spiele\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{7E0E7A6E-56F2-4B22-85E5-0101831EB1FF}" = protocol=17 | dir=in | app=c:\spiele\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{7EFA42A8-3398-486B-BA24-5CCE1EAC4A7B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{870DC001-E53D-40A7-AB57-8B33838DED16}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8FED0EE9-1F4E-4BEA-BAF8-C6B0555B8A08}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{952428AE-0EC8-42FC-8C17-BADC9A48525C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"{9C6C2A95-00F8-4C5F-A5E5-8A75FBB29805}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{A642357F-00E2-4341-847C-28AB079EA873}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{B2CD4EA0-AFC5-4258-BE44-89642CDF2CCD}" = protocol=6 | dir=in | app=c:\spiele\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{B965CB15-3851-4DF2-9A8D-EE4B80D78192}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{D3744C9C-4354-4F97-8E9D-6F8B0E24D739}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D53B9388-D1DB-4199-927B-AAAECE3C8B41}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mafia ii - public demo\launcher.exe | 
"{D7AB6A18-C842-4742-A85D-2583DAE56625}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{D91072E7-3D14-47CC-AE8B-B25A258F9954}" = protocol=17 | dir=in | app=c:\spiele\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{E1C23FB4-A788-4EFB-BCB2-803E645CA8D6}" = protocol=17 | dir=in | app=c:\spiele\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{E8B532DC-33C1-4304-A1D6-3D9D1064C3B6}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{F1728DC0-5686-441E-BC8D-19F045D6C239}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"{F7F12AC7-F78A-413A-9306-4A7CBB0A09D2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F83A7631-6E35-4574-ACDA-479D63C012BA}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) | 
"{FBC12C63-6A38-47C4-9758-5BCBCED8E81D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"TCP Query User{1AE8CF38-811F-4525-8A6D-702B287B3399}C:\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base15405\sc2.exe | 
"TCP Query User{24708B2D-A40D-41F6-B5E4-DB69C915C119}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"TCP Query User{5C921E75-000D-41CC-A30B-C2B4320523D4}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{948FBDFB-3269-4F64-8DFA-76EE70A5337D}C:\spiele\steamless counterstrikesource pack\hl2.exe" = protocol=6 | dir=in | app=c:\spiele\steamless counterstrikesource pack\hl2.exe | 
"TCP Query User{9F079B74-673C-4550-924A-5E2C1097CC0A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{A22918CD-BF7A-43E6-9EC1-99147361B476}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{B3993B3A-2098-44D0-B98A-F17B42B11FEC}C:\spiele\killing floor\system\killingfloor.exe" = protocol=6 | dir=in | app=c:\spiele\killing floor\system\killingfloor.exe | 
"TCP Query User{C3FB5764-920D-4BC4-86CD-5A7E0830E453}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"UDP Query User{1AAC2FAE-05B6-4664-81A4-B0CB5186AA08}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{291C2B26-75BB-405D-B5F6-C83FB9E81730}C:\spiele\steamless counterstrikesource pack\hl2.exe" = protocol=17 | dir=in | app=c:\spiele\steamless counterstrikesource pack\hl2.exe | 
"UDP Query User{2EDF7840-2FA2-4109-9588-A65B97025964}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{5B9FB4AB-EEF2-45D6-9D4A-11636D6BC2B5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{6109D1F4-F57D-4535-A8A2-6EDC8A46754D}C:\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{62944C18-3339-4F68-9224-B8200D9F424B}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"UDP Query User{6CAE0FBF-78EC-4D80-BBB5-3300CBE2C5DA}C:\spiele\killing floor\system\killingfloor.exe" = protocol=17 | dir=in | app=c:\spiele\killing floor\system\killingfloor.exe | 
"UDP Query User{78A9BD7B-15E6-4986-A7BE-90C6A3417647}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{03B0D67B-36C9-C2CD-B63B-7B526138BA52}" = ccc-utility
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04FC2E4C-0E41-9D39-4E58-1EF29D4EF09D}" = ccc-core-static
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{0949C078-58B4-CAF1-9A63-A4545145806D}" = Catalyst Control Center Graphics Previews Common
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0FEA9A38-B993-0969-3A78-4D5CDDACEFEE}" = ATI Catalyst Install Manager
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B0098FF-1816-4F42-8203-FA29F5735596}" = Samsung PC Studio 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{302AC480-43D2-11D5-A818-00500435FC18}" = Gothic_Patch
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028702}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028703}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028704}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028705}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028706}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E8B45A0-072C-91F7-BC80-29374194B452}" = Catalyst Control Center Graphics Previews Vista
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = Communication Opt-in
"{7BA01D2D-E25C-0C2C-5779-7A8E02A4BE7D}" = Catalyst Control Center Core Implementation
"{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}" = PIF DESIGNER2.1
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FF4E834-DCAD-29E7-1EE8-9D817A3FA15B}" = CCC Help English
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BA10AC78-E687-4523-8B93-540428FC256F}" = Fahrenheit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C03A56EE-2715-5F54-69C4-A1CDB7602354}" = Catalyst Control Center Graphics Full New
"{C307DD64-1C69-8C52-D2C9-02D38995A269}" = Catalyst Control Center HydraVision Full
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E3E1398E-8FF2-0154-6D8F-7FC26299EBED}" = Catalyst Control Center Graphics Full Existing
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBEF69BB-829C-8D4D-B299-497147916039}" = Catalyst Control Center Graphics Light
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"DivX Setup.divx.com" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.2.7.1
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"lvdrivers_11.80" = Logitech QuickCam-Treiberpaket
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"PunkBusterSvc" = PunkBuster Services
"RocketDock_is1" = RocketDock 1.3.5
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Spyware Doctor" = Spyware Doctor 7.0
"StarCraft II" = StarCraft II
"Steam App 50280" = Mafia II - Demo
"Steam App 630" = Alien Swarm
"WinRAR archiver" = WinRAR archiver
"Worms Reloaded_is1" = Worms Reloaded
"Xfire" = Xfire (remove only)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.08.2010 10:23:30 | Computer Name = Martin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 28.08.2010 10:23:30 | Computer Name = Martin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 28.08.2010 10:24:02 | Computer Name = Martin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 28.08.2010 10:24:11 | Computer Name = Martin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 28.08.2010 10:24:14 | Computer Name = Martin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 28.08.2010 14:36:53 | Computer Name = Martin-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000374, Fehleroffset 0x000afaf8,  Prozess-ID 0x174, Anwendungsstartzeit
 01cb46dfdb334234.
 
Error - 30.08.2010 09:55:42 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 01.09.2010 14:44:40 | Computer Name = Martin-PC | Source = MsiInstaller | ID = 11730
Description = 
 
Error - 02.09.2010 06:36:19 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 02.09.2010 06:36:19 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
[ System Events ]
Error - 28.08.2010 18:22:29 | Computer Name = Martin-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 28.08.2010 18:22:29 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 28.08.2010 18:22:29 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.08.2010 07:45:24 | Computer Name = Martin-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = 
 
Error - 31.08.2010 07:45:24 | Computer Name = Martin-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = 
 
Error - 31.08.2010 07:45:24 | Computer Name = Martin-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = 
 
Error - 31.08.2010 07:45:24 | Computer Name = Martin-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = 
 
Error - 31.08.2010 07:45:24 | Computer Name = Martin-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = 
 
Error - 02.09.2010 06:22:20 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 02.09.2010 06:23:50 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7031
Description = 
 
[ TuneUp Events ]
Error - 26.08.2010 05:45:13 | Computer Name = Martin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-26 11:45:13', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','2500',0)
 
Error - 27.08.2010 08:19:20 | Computer Name = Martin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-27 14:19:20', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','556',0)
 
Error - 27.08.2010 08:19:25 | Computer Name = Martin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-27 14:19:25', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','4724',0)
 
Error - 27.08.2010 13:36:44 | Computer Name = Martin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-27 19:36:44', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','9032',0)
 
Error - 27.08.2010 17:27:52 | Computer Name = Martin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-27 23:27:52', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','1540',0)
 
Error - 27.08.2010 17:28:22 | Computer Name = Martin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-27 23:28:22', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','4776',0)
 
Error - 27.08.2010 17:28:57 | Computer Name = Martin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-27 23:28:57', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','5684',0)
 
Error - 27.08.2010 17:29:37 | Computer Name = Martin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-27 23:29:37', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','876',0)
 
Error - 28.08.2010 13:08:27 | Computer Name = Martin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-28 19:08:27', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','8384',0)
 
Error - 28.08.2010 14:42:01 | Computer Name = Martin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-28 20:42:01', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','4500',0)
 
 
< End of report >
--- --- ---
Alt 02.09.2010, 22:32   #6
john.doe
 
csrss.exe, atiedxx.exe, winlogon? - Standard

csrss.exe, atiedxx.exe, winlogon?


Da weiß ich ja nicht einmal ansatzweise, wo ich zuerst anfangen soll.
  • TuneUp
  • Spyware Doctor
  • AMC (legal erstanden???)
  • Azureus aka Vuze

Die Prozesse, die dir im Taskmanager aufgefallen sind, sind völlig legitime Einträge. Es gibt allerdings haufenweise Einträge, die da nicht hingehören.
winlogon.exe Windows Prozess - Was ist das?
csrss.exe Windows Prozess - Was ist das?
What Are CCC.Exe, Atiedxx.exe, Atiesrxx.exe, Mom.exe And CLIStart.exe?

ciao, andreas
__________________
--> csrss.exe, atiedxx.exe, winlogon?

Alt 03.09.2010, 09:56   #7
Peilermann
 
csrss.exe, atiedxx.exe, winlogon? - Standard

csrss.exe, atiedxx.exe, winlogon?


Also scheint es das mein pc virenfrei ist?
Mit Tuneup kann ich den Computer sauber halten. Mit Spyware Doctor kann ich nix anfangen weil er mir die Spyware anzeigt ich sie aber nich entfernen kann da es nur eine Testversion ist und Azureus benutz ich auch schon seit Jahren nicht. Ist auch garnich mehr auf meinem Rechner installiert desshalb wundert es mich das es noch Einträge gibt. AMC sagt mir nichts meinst du das hier? Als Vierenschutz benutz ich Avira Antivir Personal davon die kostenlose version.

Alt 03.09.2010, 18:06   #8
john.doe
 
csrss.exe, atiedxx.exe, winlogon? - Standard

csrss.exe, atiedxx.exe, winlogon?


Zitat:
Also scheint es das mein pc virenfrei ist?
Eigentlich bin ich dafür bekannt, dass ich recht deutlich (einigen zu deutlich) formuliere. Nein, dein Rechner ist verseucht, nicht unbedingt von allgemeinhin bekannten Schädlingen, aber auf jeden Fall von Software, die ich für Schädlinge halte, allen voran TuneUp.
Zitat:
Mit Tuneup kann ich den Computer sauber halten.
Sauber von was? Wieso hast/hattest du Schädlinge an Board?
Das hier hat auf keinem Rechner etwas zu suchen!
Zitat:
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
Also bevor du dich fälschlichweise in Sicherheit wiegst, solltest du am Ball bleiben.
Zitat:
und Azureus benutz ich auch schon seit Jahren nicht
Nehme ich dir sogar ab. Nichtdestotrotz ist genau dieses Programm ein Haupteinfallstor für Schädlinge. Deshalb liegt es Nahe dort nachzuhaken.
Zitat:
Als Vierenschutz benutz ich Avira Antivir Personal davon die kostenlose version.
Völlig falsch. Ein AVP kann dich prinzipbedingt nur vor bekannten Schädlingen schützen. Ich kann dir hunderte von Virustotal-Logs zeigen, in denen Avira nichts erkennt. Damit ist dein vermeintlicher Schutz ziemlich wirkunglos und eigentlich nur Makulatur. Klicke auf die letzten beiden Links in meiner Signatur und erkenne endlich, dass egal welches AVP dir in der Werbung als ultimativer Schutz verkauft wird, es nur Dreck sein kann.

Weiter mit => http://www.trojaner-board.de/85306-a...n-manager.html

Und dann => http://www.trojaner-board.de/79118-a...l-toolkit.html

ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Antwort

Themen zu csrss.exe, atiedxx.exe, winlogon?
anderen, anti-malware, antimalware, antivirus, atiedxx.exe, csrss.exe, entfernen, entfernt, google, heute, hilfreich, interne, internet, itunes, lösung, malwarebytes, manager, nichts, probleme, prozesse, scan, software, spyware, task manager, trojaner, trojaner-board, update, winlogon


« Kein update von Microsoft oder Antivirensoftware möglich | Zwei Trojaner durch Malwarebytes Anti-Malware gefunden »


Ähnliche Themen: csrss.exe, atiedxx.exe, winlogon?


  1. atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden.
    Log-Analyse und Auswertung - 26.07.2015 (4)
  2. Windows7: zu langsam - atiedxx.exe, csrss.exe und winlogon.exe
    Log-Analyse und Auswertung - 21.06.2015 (12)
  3. Langsamer Laptop atiedxx.exe, csrss.exe und winlogon.exe
    Log-Analyse und Auswertung - 05.03.2015 (11)
  4. Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig
    Plagegeister aller Art und deren Bekämpfung - 09.08.2014 (5)
  5. Virus (csrss.exe/winlogon.exe) nach mbr und normaler Formatierung immer noch da
    Log-Analyse und Auswertung - 19.05.2014 (7)
  6. csrss.exe, atiedxx.exe, winlogon.exe, ePowerEvent.exe - Dateipfad lässt sich nicht öffnen & kein Benutzer & keine Beschreibung
    Log-Analyse und Auswertung - 19.05.2014 (7)
  7. winlogon.exe und csrss.exe ---> Trojaner
    Log-Analyse und Auswertung - 30.10.2013 (3)
  8. Winlogon.exe & csrss.exe...Virus? Trojan (?)
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (22)
  9. tpnumlk.exe , csrss.exe , winlogon.exe ohne Benutzer und Beschreibung im Task-Manager (Win7)
    Plagegeister aller Art und deren Bekämpfung - 01.12.2011 (21)
  10. atiecixx.exe , csrss.exe , winlogon.exe ohne Benutzer und Beschreibung im Task-Manager (Win7)
    Plagegeister aller Art und deren Bekämpfung - 28.10.2011 (7)
  11. Prozesse csrss.exe, atiedxx.exe, winlogon; Computer langsam
    Log-Analyse und Auswertung - 21.08.2011 (5)
  12. Facebook-Virus?, *.JPG.scr geöffnet, Folge: winsvc.exe, csrss.exe, atiedxx.exe, winlogon.exe
    Log-Analyse und Auswertung - 16.08.2011 (2)
  13. Trojaner + csrss.exe & winlogon.exe ohne Beschreibung
    Plagegeister aller Art und deren Bekämpfung - 09.06.2011 (32)
  14. Csrss.exe Winlogon.exe Atieclxx.exe ohne zuweisung im Taskmanager
    Log-Analyse und Auswertung - 26.05.2011 (6)
  15. atiedxx,csrss sowie winlogon.exe ohne Dateipfad - Verseucht!
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (1)
  16. winlogon.exe/csrss.exe ? jemand entscheidet was ich darf und was nicht..Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2010 (10)
  17. csrss/winlogon/rundll32 unter vista,HILFE
    Log-Analyse und Auswertung - 08.08.2008 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema csrss.exe, atiedxx.exe, winlogon? - Hallo, ich hab in den letzten Tagen große Probleme mit Trojanern. z.B hatte ich Probleme mit Antimalware Doctor und anderen pseudo reinigungstools. Hab auf Trojaner-Board eine Lösung gefunden wie man - csrss.exe, atiedxx.exe, winlogon?...
Archiv
Du betrachtest: csrss.exe, atiedxx.exe, winlogon? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55