| |
| |||||||
Log-Analyse und Auswertung: CPU-Auslastung 99% bei Prozess "System"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.10.2010, 22:44
| #1 |
 |  CPU-Auslastung 99% bei Prozess "System" Hallöchen, meine Freundin hat mit ihrem PC folgendes Problem: ca. 30 - 60 Minuten nachdem sie online geht, steigt die CPU-Auslastung auf 99 % im Prozess "System". Die beiden Monitore im Infobereich in der Taskleiste verschwinden und der PC lahmt und lässt sich nicht mehr runterfahren. PC: Intel Celeron 2,66 GHz, 960 MB Ram, Windows XP SP3, Antivir und Sygate Firewall Internetverbindung: per USB-Stick "Huawei" 1750 (?) Dieser Stick wird sowohl mit dem PC als auch mit einem Laptop genutzt. Ausserdem meldet Sygate Personal Firewall ständig Portscans von 3 verschiedenen IP-Adressen. Es werden ständig andere Ports gescannt. Vielleicht könnt Ihr im Logfile von HijackThis was erkennen? Im Anhang die Logs von Gmer, OTL, TFC, MBAM. Ich hoffe, ich hab alles richtig gemacht! Vielen Dank schon mal im voraus, würde mich sehr freuen wenn ihr uns helfen könnt!!! Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:42:29, on 06.10.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\HPZipm12.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\svchost.exe C:\Programme\InternetEverywhere\WTGService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\RunDll32.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\IncrediMail\bin\IncMail.exe C:\Programme\InternetEverywhere\Launcher.exe C:\Programme\IncrediMail\bin\IMApp.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\Programme\HIJ\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ***://go.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ***://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ***://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ***://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ***://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Launcher.lnk = C:\Programme\InternetEverywhere\Launcher.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Programme\IncrediMail\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe O23 - Service: WTGService - Unknown owner - C:\Programme\InternetEverywhere\WTGService.exe -- End of file - 5860 bytes |
|
07.10.2010, 08:56
| #2 |
  | CPU-Auslastung 99% bei Prozess "System" Hi,
__________________Bitte MAM einen Fullscan durchführen lassen, Log posten (vorher MAM updaten)! Java updaten Java-Downloads für alle Betriebssysteme! Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Programme\InternetEverywhere\Launcher.exe
C:\WINDOWS\System32\CNMVS76.DLL
Fix für OTL:
 Code:
ATTFilter
:OTL
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKLM..\Run: [Cmaudio] File not found
O33 - MountPoints2\{60774e1e-79f7-11df-95ad-000b6abcd2a3}\Shell - "" = AutoRun
O33 - MountPoints2\{60774e1e-79f7-11df-95ad-000b6abcd2a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{60774e1e-79f7-11df-95ad-000b6abcd2a3}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- File not found
O33 - MountPoints2\{abba2774-a62b-11df-9602-e50544c5f4e7}\Shell - "" = AutoRun
O33 - MountPoints2\{abba2774-a62b-11df-9602-e50544c5f4e7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{abba2774-a62b-11df-9602-e50544c5f4e7}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- File not found
O33 - MountPoints2\{e918f9d9-ce21-11df-966c-83cde16d5bf9}\Shell - "" = AutoRun
O33 - MountPoints2\{e918f9d9-ce21-11df-966c-83cde16d5bf9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e918f9d9-ce21-11df-966c-83cde16d5bf9}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- File not found
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys -- (LVMVDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\LVcKap.sys -- (LVcKap)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = dword:0x00
"AntiVirusDisableNotify" = dword:0x00
"FirewallDisableNotify" = dword:0x00
"UpdatesDisableNotify" = dword:0x00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = dword:0x00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = dword:0x00
:Commands
[emptytemp]
[EMPTYFLASH]
[purity]
[Reboot]
Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet! Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. chris
__________________ |
|
08.10.2010, 16:07
| #3 |
| | CPU-Auslastung 99% bei Prozess "System" Danke erst einmal für Deine Zeit und Mühe! Scan MBAM läuft bereits, werde Log schnellstens posten!
__________________ |
|
08.10.2010, 16:12
| #4 |
| | CPU-Auslastung 99% bei Prozess "System" Hi, poste bitte alle Logs, bin jetzt erstmal weg (Geburtstagsfeier!)... Nein, nicht meine... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
08.10.2010, 16:36
| #5 |
| | CPU-Auslastung 99% bei Prozess "System" Ja okay! Dann erst mal viel Spass beim Feiern  Hab ja erst mal zu tun jetzt  |
|
09.10.2010, 19:20
| #6 |
| | CPU-Auslastung 99% bei Prozess "System" Hallo, schön gefeiert? Ich war fleissig, hier das Log von Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4778
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
08.10.2010 16:31:27
mbam-log-2010-10-08 (16-31-27).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 207306
Laufzeit: 30 Minute(n), 30 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
09.10.2010, 19:22
| #7 |
| | CPU-Auslastung 99% bei Prozess "System" Hier das Scanergebnis von Virustotal: File name: CNMVS76.DLL Submission date: 2010-10-08 16:11:46 (UTC) Current status: queued (#1) queued analysing finished Result: 0/ 43 (0.0%) Antivirus Version Last Update Result AhnLab-V3 2010.10.08.01 2010.10.08 - AntiVir 7.10.12.167 2010.10.08 - Antiy-AVL 2.0.3.7 2010.10.08 - Authentium 5.2.0.5 2010.10.08 - Avast 4.8.1351.0 2010.10.08 - Avast5 5.0.594.0 2010.10.08 - AVG 9.0.0.851 2010.10.08 - BitDefender 7.2 2010.10.08 - CAT-QuickHeal 11.00 2010.10.08 - ClamAV 0.96.2.0-git 2010.10.08 - Comodo 6320 2010.10.08 - DrWeb 5.0.2.03300 2010.10.08 - Emsisoft 5.0.0.50 2010.10.08 - eSafe 7.0.17.0 2010.10.07 - eTrust-Vet 36.1.7900 2010.10.08 - F-Prot 4.6.2.117 2010.10.08 - F-Secure 9.0.15370.0 2010.10.08 - Fortinet 4.2.249.0 2010.10.08 - GData 21 2010.10.08 - Ikarus T3.1.1.90.0 2010.10.08 - Jiangmin 13.0.900 2010.10.08 - K7AntiVirus 9.65.2707 2010.10.08 - Kaspersky 7.0.0.125 2010.10.08 - McAfee 5.400.0.1158 2010.10.08 - McAfee-GW-Edition 2010.1C 2010.10.08 - Microsoft 1.6201 2010.10.08 - NOD32 5515 2010.10.08 - Norman 6.06.07 2010.10.08 - nProtect 2010-10-08.01 2010.10.08 - Panda 10.0.2.7 2010.10.08 - PCTools 7.0.3.5 2010.10.08 - Prevx 3.0 2010.10.08 - Rising 22.67.02.07 2010.09.30 - Sophos 4.58.0 2010.10.08 - Sunbelt 7015 2010.10.08 - SUPERAntiSpyware 4.40.0.1006 2010.10.08 - Symantec 20101.2.0.161 2010.10.08 - TheHacker 6.7.0.1.052 2010.10.08 - TrendMicro 9.120.0.1004 2010.10.08 - TrendMicro-HouseCall 9.120.0.1004 2010.10.08 - VBA32 3.12.14.1 2010.10.08 - ViRobot 2010.10.4.4074 2010.10.08 - VirusBuster 12.67.9.0 2010.10.08 - MD5 : 4fa5bfef6d99516344d33f70807b3b72 SHA1 : df3b7aa3bb20ede9609317ccd440987b3b2cdfb9 SHA256: ab7e844f752d416cf28a1f3759f609e4b186e4811bba2aa132d47bed6200798d File name: Launcher.exe Submission date: 2010-10-08 15:51:07 (UTC) Current status: queued queued analysing finished Result: 0/ 43 (0.0%) Antivirus Version Last Update Result AhnLab-V3 2010.10.08.01 2010.10.08 - AntiVir 7.10.12.166 2010.10.08 - Antiy-AVL 2.0.3.7 2010.10.08 - Authentium 5.2.0.5 2010.10.08 - Avast 4.8.1351.0 2010.10.08 - Avast5 5.0.594.0 2010.10.08 - AVG 9.0.0.851 2010.10.08 - BitDefender 7.2 2010.10.08 - CAT-QuickHeal 11.00 2010.10.08 - ClamAV 0.96.2.0-git 2010.10.08 - Comodo 6320 2010.10.08 - DrWeb 5.0.2.03300 2010.10.08 - Emsisoft 5.0.0.50 2010.10.08 - eSafe 7.0.17.0 2010.10.07 - eTrust-Vet 36.1.7900 2010.10.08 - F-Prot 4.6.2.117 2010.10.08 - F-Secure 9.0.15370.0 2010.10.08 - Fortinet 4.2.249.0 2010.10.08 - GData 21 2010.10.08 - Ikarus T3.1.1.90.0 2010.10.08 - Jiangmin 13.0.900 2010.10.08 - K7AntiVirus 9.63.2698 2010.10.07 - Kaspersky 7.0.0.125 2010.10.08 - McAfee 5.400.0.1158 2010.10.08 - McAfee-GW-Edition 2010.1C 2010.10.08 - Microsoft 1.6201 2010.10.08 - NOD32 5515 2010.10.08 - Norman 6.06.07 2010.10.08 - nProtect 2010-10-08.01 2010.10.08 - Panda 10.0.2.7 2010.10.08 - PCTools 7.0.3.5 2010.10.08 - Prevx 3.0 2010.10.08 - Rising 22.67.02.07 2010.09.30 - Sophos 4.58.0 2010.10.08 - Sunbelt 7015 2010.10.08 - SUPERAntiSpyware 4.40.0.1006 2010.10.08 - Symantec 20101.2.0.161 2010.10.08 - TheHacker 6.7.0.1.052 2010.10.08 - TrendMicro 9.120.0.1004 2010.10.08 - TrendMicro-HouseCall 9.120.0.1004 2010.10.08 - VBA32 3.12.14.1 2010.10.08 - ViRobot 2010.10.4.4074 2010.10.08 - VirusBuster 12.67.9.0 2010.10.08 - MD5 : 571437a31c5eaef3193c19af568651d3 SHA1 : bc2fb92ba95f4f1744a26b196f4ff88e086655ba SHA256: fe253be93c3f8bc549fbe6b75fa5e405f1f232b63fa4354fcc7346b569727ccb |
|
09.10.2010, 19:24
| #8 |
| | CPU-Auslastung 99% bei Prozess "System" Und hier das Ergebnis von OTL: Code:
ATTFilter All processes killed
========== OTL ==========
Error: No service named HidServ was found to stop!
Service\Driver key HidServ not found.
File C:\WINDOWS\System32\hidserv.dll not found.
Error: No service named AppMgmt was found to stop!
Service\Driver key AppMgmt not found.
File C:\WINDOWS\System32\appmgmts.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60774e1e-79f7-11df-95ad-000b6abcd2a3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60774e1e-79f7-11df-95ad-000b6abcd2a3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60774e1e-79f7-11df-95ad-000b6abcd2a3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60774e1e-79f7-11df-95ad-000b6abcd2a3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60774e1e-79f7-11df-95ad-000b6abcd2a3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60774e1e-79f7-11df-95ad-000b6abcd2a3}\ not found.
File F:\.\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abba2774-a62b-11df-9602-e50544c5f4e7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abba2774-a62b-11df-9602-e50544c5f4e7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abba2774-a62b-11df-9602-e50544c5f4e7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abba2774-a62b-11df-9602-e50544c5f4e7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abba2774-a62b-11df-9602-e50544c5f4e7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abba2774-a62b-11df-9602-e50544c5f4e7}\ not found.
File F:\.\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e918f9d9-ce21-11df-966c-83cde16d5bf9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e918f9d9-ce21-11df-966c-83cde16d5bf9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e918f9d9-ce21-11df-966c-83cde16d5bf9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e918f9d9-ce21-11df-966c-83cde16d5bf9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e918f9d9-ce21-11df-966c-83cde16d5bf9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e918f9d9-ce21-11df-966c-83cde16d5bf9}\ not found.
File F:\.\Setup.exe not found.
Service SymIMMP stopped successfully!
Service SymIMMP deleted successfully!
File C:\WINDOWS\System32\DRIVERS\SymIM.sys not found.
Service SymIM stopped successfully!
Service SymIM deleted successfully!
File C:\WINDOWS\System32\DRIVERS\SymIM.sys not found.
Service LVMVDrv stopped successfully!
Service LVMVDrv deleted successfully!
File C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys not found.
Service LVcKap stopped successfully!
Service LVcKap deleted successfully!
File C:\WINDOWS\System32\DRIVERS\LVcKap.sys not found.
Service Lbd stopped successfully!
Service Lbd deleted successfully!
File C:\WINDOWS\System32\DRIVERS\Lbd.sys not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled" | dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusDisableNotify" | dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallDisableNotify" | dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UpdatesDisableNotify" | dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: caro
->Temp folder emptied: 11217820 bytes
->Temporary Internet Files folder emptied: 296492 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44870006 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 743 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 249028 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 54,00 mb
[EMPTYFLASH]
User: All Users
User: caro
->Flash cache emptied: 0 bytes
User: Default User
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.14.1 log created on 10082010_174149
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
09.10.2010, 19:25
| #9 |
| | CPU-Auslastung 99% bei Prozess "System" So, konnte auch Combofix laufen lassen. PC ist neu gestartet und danach war folgendes Fenster offen: "Combofix - Find3M Bereite Logdatei vor. Starte keine anderen Programme, bevor ComboFix fertig ist. This application has requested the Runtime to terminate it in an unusual way.Please contact the application's support team for more information." und ein zusätzliches kleines Fenster mit dem einzigen Button "Schliessen": "PEV.cfxxe hat ein Problem festgestellt und muss beendet werden. Nicht gespeicherte Änderungen gehen verloren." Eine Reportdatei wurde nicht angezeigt. Scanende ist jetzt 2 Stunden her, also kommt da auch nix mehr vermutl. |
|
09.10.2010, 20:35
| #10 |
| | CPU-Auslastung 99% bei Prozess "System" Hi, bitte CF (ComboFix) im abgesicherten Modus ausführen (F8 beim Booten). Nenne die CF.exe vorher auf test.com um... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
09.10.2010, 21:02
| #11 |
| | CPU-Auslastung 99% bei Prozess "System" und hier noch die combofix-logdatei: Combofix Logfile: Code:
ATTFilter ComboFix 10-10-08.01 - caro 09.10.2010 20:51:10.2.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.959.682 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\caro\Desktop\test.com
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
C:\Thumbs.db
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc
((((((((((((((((((((((( Dateien erstellt von 2010-09-09 bis 2010-10-09 ))))))))))))))))))))))))))))))
.
2010-10-08 16:28 . 2010-10-08 16:28 -------- d-----w- C:\_OTL
2010-10-08 15:47 . 2010-10-08 15:47 61440 ----a-w- c:\dokumente und einstellungen\caro\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1a4aac02-n\decora-sse.dll
2010-10-08 15:47 . 2010-10-08 15:47 12800 ----a-w- c:\dokumente und einstellungen\caro\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1a4aac02-n\decora-d3d.dll
2010-10-08 15:47 . 2010-10-08 15:47 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2010-10-08 15:46 . 2010-07-17 04:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-03 21:37 . 2010-10-03 21:37 -------- d-----w- c:\programme\ERUNT
2010-10-03 21:16 . 2010-10-03 21:16 -------- d-----w- c:\dokumente und einstellungen\caro\Anwendungsdaten\Malwarebytes
2010-10-03 21:16 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-03 21:16 . 2010-10-03 21:16 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-10-03 21:16 . 2010-10-03 21:16 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-10-03 21:16 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-03 19:10 . 2010-10-06 20:43 -------- d-----w- c:\programme\HIJ
2010-10-02 12:41 . 2010-10-02 13:06 -------- d-----w- c:\dokumente und einstellungen\caro\Anwendungsdaten\InternetEverywhere
2010-10-02 12:40 . 2010-10-02 12:40 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2010-10-02 12:40 . 2010-10-02 12:40 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-10-02 12:40 . 2010-10-02 12:40 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2010-10-02 12:40 . 2010-10-02 12:40 100224 ----a-w- c:\windows\system32\drivers\ewsercd.sys
2010-10-02 12:40 . 2010-10-02 12:40 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-10-02 12:40 . 2010-10-02 12:40 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\InternetEverywhere
2010-10-02 12:40 . 2008-12-13 09:27 102784 ------w- c:\windows\system32\drivers\ewusbmdm.sys
2010-10-02 12:40 . 2010-10-02 12:40 -------- d-----w- c:\programme\InternetEverywhere
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 17:47 . 2004-08-04 12:00 84318 ----a-w- c:\windows\system32\perfc007.dat
2010-10-08 17:47 . 2004-08-04 12:00 458476 ----a-w- c:\windows\system32\perfh007.dat
2010-10-08 15:46 . 2008-11-01 08:32 -------- d-----w- c:\programme\Java
2010-10-04 09:43 . 2010-06-06 14:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-09-20 09:48 . 2009-09-19 09:43 -------- d-----w- c:\programme\Lavasoft
2010-09-05 18:51 . 2010-09-05 18:51 -------- d-----w- c:\programme\Purplehills
2010-09-01 11:16 . 2008-07-28 08:18 -------- d-----w- c:\programme\IncrediMail
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-12 15:45 . 2008-11-01 08:41 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-22 15:48 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"VTTrayp"="VTtrayp.exe" [2005-01-11 143360]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Launcher.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Launcher.lnk
backup=c:\windows\pss\Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^McAfee Security Scan Plus.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
c:\programme\Ares\Ares.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-03-02 10:28 282792 ----a-w- c:\programme\Avira\AntiVir Desktop\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 ----a-w- c:\programme\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2010-09-01 11:14 353736 ----a-w- c:\programme\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 17:15 2407184 ----a-w- c:\programme\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 10:34 5724184 ----a-w- c:\programme\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
2004-02-24 15:35 2372760 ----a-w- c:\progra~1\Sygate\SPF\Smc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\programme\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\programme\Java\jre6\bin\jusched.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programme\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programme\\IncrediMail\\bin\\ImpCnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2010.SP2\\RpcAgentSrv.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2010.SP2\\WNt500x86\\RpcSandraSrv.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [28.02.2010 18:11 135664]
S2 WTGService;WTGService;c:\programme\InternetEverywhere\WTGService.exe [02.10.2010 13:40 308688]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [02.10.2010 13:40 103040]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [09.07.2010 23:02 93848]
S4 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [28.06.2009 23:55 135336]
.
Inhalt des "geplante Tasks" Ordners
2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-28 17:10]
2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-28 17:10]
2010-10-09 c:\windows\Tasks\User_Feed_Synchronization-{89C656CA-6C0B-454F-806C-7DC3E9B3B042}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Add animation to IncrediMail Style Box - c:\programme\IncrediMail\bin\resources\WebMenuImg.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\caro\Anwendungsdaten\Mozilla\Firefox\Profiles\j0w8iknc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - GoogIe
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.offos.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=RkC8lIxM&q=
FF - component: c:\programme\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: browser.search.selectedEngine - GoogIe
FF - user.js: keyword.URL - hxxp://www.offos.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=RkC8lIxM&q=
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
AddRemove-HijackThis - c:\dokumente und einstellungen\caro\Desktop\HijackThis.exe
.
Zeit der Fertigstellung: 2010-10-09 20:56:59
ComboFix-quarantined-files.txt 2010-10-09 19:56
Vor Suchlauf: 19 Verzeichnis(se), 288.079.613.952 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 288.065.941.504 Bytes frei
- - End Of File - - CCF910682D519B73B952195642A7357E
|
|
09.10.2010, 21:04
| #12 |
| | CPU-Auslastung 99% bei Prozess "System" Kannst Du sagen, was das sein könnte? |
|
10.10.2010, 19:24
| #13 |
| | CPU-Auslastung 99% bei Prozess "System" Hi, bisher noch nichts konkretes... Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter c:\dokumente und einstellungen\caro\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1a4aac02-n\decora-sse.dll
c:\dokumente und einstellungen\caro\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1a4aac02-n\decora-d3d.dll
c:\windows\system32\spoolsv.exe
OSAM Folge den Anweisungen hier http://www.trojaner-board.de/84180-a...n-manager.html zur Erstellung eines Logs und poste das hier in Deinem Thread. chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
11.10.2010, 15:33
| #14 |
| | CPU-Auslastung 99% bei Prozess "System" ok, hier die Ergebnisse von virustotal: Code:
ATTFilter File name:
decora-d3d.dll
Submission date:
2010-10-11 14:03:00 (UTC)
Current status:
queued (#5) queued analysing finished
Result:
0/ 43 (0.0%)
Antivirus Version Last Update Result
AhnLab-V3 2010.10.11.00 2010.10.11 -
AntiVir 7.10.12.173 2010.10.11 -
Antiy-AVL 2.0.3.7 2010.10.11 -
Authentium 5.2.0.5 2010.10.11 -
Avast 4.8.1351.0 2010.10.11 -
Avast5 5.0.594.0 2010.10.11 -
AVG 9.0.0.851 2010.10.11 -
BitDefender 7.2 2010.10.11 -
CAT-QuickHeal 11.00 2010.10.11 -
ClamAV 0.96.2.0-git 2010.10.11 -
Comodo 6353 2010.10.11 -
DrWeb 5.0.2.03300 2010.10.11 -
Emsisoft 5.0.0.50 2010.10.11 -
eSafe 7.0.17.0 2010.10.07 -
eTrust-Vet 36.1.7904 2010.10.11 -
F-Prot 4.6.2.117 2010.10.11 -
F-Secure 9.0.15370.0 2010.10.11 -
Fortinet 4.2.249.0 2010.10.11 -
GData 21 2010.10.11 -
Ikarus T3.1.1.90.0 2010.10.11 -
Jiangmin 13.0.900 2010.10.11 -
K7AntiVirus 9.65.2713 2010.10.09 -
Kaspersky 7.0.0.125 2010.10.11 -
McAfee 5.400.0.1158 2010.10.11 -
McAfee-GW-Edition 2010.1C 2010.10.11 -
Microsoft 1.6201 2010.10.11 -
NOD32 5520 2010.10.11 -
Norman 6.06.07 2010.10.11 -
nProtect 2010-10-11.01 2010.10.11 -
Panda 10.0.2.7 2010.10.10 -
PCTools 7.0.3.5 2010.10.11 -
Prevx 3.0 2010.10.11 -
Rising 22.69.00.01 2010.10.11 -
Sophos 4.58.0 2010.10.11 -
Sunbelt 7036 2010.10.11 -
SUPERAntiSpyware 4.40.0.1006 2010.10.10 -
Symantec 20101.2.0.161 2010.10.11 -
TheHacker 6.7.0.1.054 2010.10.10 -
TrendMicro 9.120.0.1004 2010.10.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.11 -
VBA32 3.12.14.1 2010.10.11 -
ViRobot 2010.10.4.4074 2010.10.11 -
VirusBuster 12.67.11.0 2010.10.10 -
Additional information
Show all
MD5 : a2a8f4a7128af1a5bcb7535a5cd55319
SHA1 : 14cde2f898767d8ad4e45f2ecca3274e2ea17295
SHA256: 8e765baa73a7cb31c0942c49297d762b0667970f85505e72084fa0758481cfa5
ssdeep: 192:KSnM+Mh+1clWQaWEBh+cELbnf/vicYjZuDqYAe9tUMm6usm2liJ:khTWQy+c6bnX/AZGq/e
9+l6R8
File size : 12800 bytes
First seen: 2010-08-03 00:45:46
Last seen : 2010-10-11 14:03:00
TrID:
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x2AFE
timedatestamp....: 0x4C3F3C1B (Thu Jul 15 16:49:31 2010)
machinetype......: 0x14c (I386)
[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x1D28, 0x1E00, 6.04, e8ede46673d80f231515f00fb51515eb
.rdata, 0x3000, 0xBD7, 0xC00, 5.16, 4e287f411db0470751707abaa7b7f680
.data, 0x4000, 0x3C, 0x200, 0.15, 2863725623484c165d7c47ea87d28218
.reloc, 0x5000, 0x134, 0x200, 3.87, e03cdab60f837c99bb0f3277b5208b92
[[ 2 import(s) ]]
MSVCR71.dll: _iob, printf, fopen, sscanf, getenv, fflush, vfprintf, fprintf, __3@YAXPAX@Z, _initterm, malloc, _adjust_fdiv, __CppXcptFilter, _except_handler3, __dllonexit, _onexit, free, __2@YAPAXI@Z
KERNEL32.dll: DisableThreadLibraryCalls
[[ 19 export(s) ]]
TraceImpl, _Java_com_sun_scenario_effect_impl_hw_d3d_D3DRendererDelegate_createFloatTexture@24, _Java_com_sun_scenario_effect_impl_hw_d3d_D3DRendererDelegate_disable@16, _Java_com_sun_scenario_effect_impl_hw_d3d_D3DRendererDelegate_dispose@16, _Java_com_sun_scenario_effect_impl_hw_d3d_D3DRendererDelegate_drawQuad@40, _Java_com_sun_scenario_effect_impl_hw_d3d_D3DRendererDelegate_drawTexture2@96, _Java_com_sun_scenario_effect_impl_hw_d3d_D3DRendererDelegate_drawTexture@68, _Java_com_sun_scenario_effect_impl_hw_d3d_D3DRendererDelegate_enable@16, _Java_com_sun_scenario_effect_impl_hw_d3d_D3DRendererDelegate_getDevicePtr@16, _Java_com_sun_scenario_effect_impl_hw_d3d_D3DRendererDelegate_init@20, _Java_com_sun_scenario_effect_impl_hw_d3d_D3DRendererDelegate_setBlendMode@20, _Java_com_sun_scenario_effect_impl_hw_d3d_D3DRendererDelegate_updateFloatTexture@36, _Java_com_sun_scenario_effect_impl_hw_d3d_D3DShader_disable@16, _Java_com_sun_scenario_effect_impl_hw_d3d_D3DShader_dispose@16, _Java_com_sun_scenario_effect_impl_hw_d3d_D3DShader_enable@16, _Java_com_sun_scenario_effect_impl_hw_d3d_D3DShader_init@20, _Java_com_sun_scenario_effect_impl_hw_d3d_D3DShader_setConstantsF@32, _Java_com_sun_scenario_effect_impl_hw_d3d_D3DShader_setConstantsI@32, _TraceInit@0
ExifTool:
file metadata
CodeSize: 7680
EntryPoint: 0x2afe
FileSize: 12 kB
FileType: Win32 DLL
ImageVersion: 0.0
InitializedDataSize: 4096
LinkerVersion: 7.1
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2010:07:15 18:49:31+02:00
UninitializedDataSize: 0
VT Community
0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
File name:
decora-sse.dll
Submission date:
2010-10-11 14:07:46 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 43 (0.0%)
Antivirus Version Last Update Result
AhnLab-V3 2010.10.11.00 2010.10.11 -
AntiVir 7.10.12.173 2010.10.11 -
Antiy-AVL 2.0.3.7 2010.10.11 -
Authentium 5.2.0.5 2010.10.11 -
Avast 4.8.1351.0 2010.10.11 -
Avast5 5.0.594.0 2010.10.11 -
AVG 9.0.0.851 2010.10.11 -
BitDefender 7.2 2010.10.11 -
CAT-QuickHeal 11.00 2010.10.11 -
ClamAV 0.96.2.0-git 2010.10.11 -
Comodo 6353 2010.10.11 -
DrWeb 5.0.2.03300 2010.10.11 -
Emsisoft 5.0.0.50 2010.10.11 -
eSafe 7.0.17.0 2010.10.07 -
eTrust-Vet 36.1.7904 2010.10.11 -
F-Prot 4.6.2.117 2010.10.11 -
F-Secure 9.0.15370.0 2010.10.11 -
Fortinet 4.2.249.0 2010.10.11 -
GData 21 2010.10.11 -
Ikarus T3.1.1.90.0 2010.10.11 -
Jiangmin 13.0.900 2010.10.11 -
K7AntiVirus 9.65.2713 2010.10.09 -
Kaspersky 7.0.0.125 2010.10.11 -
McAfee 5.400.0.1158 2010.10.11 -
McAfee-GW-Edition 2010.1C 2010.10.11 -
Microsoft 1.6201 2010.10.11 -
NOD32 5520 2010.10.11 -
Norman 6.06.07 2010.10.11 -
nProtect 2010-10-11.01 2010.10.11 -
Panda 10.0.2.7 2010.10.10 -
PCTools 7.0.3.5 2010.10.11 -
Prevx 3.0 2010.10.11 -
Rising 22.69.00.01 2010.10.11 -
Sophos 4.58.0 2010.10.11 -
Sunbelt 7036 2010.10.11 -
SUPERAntiSpyware 4.40.0.1006 2010.10.10 -
Symantec 20101.2.0.161 2010.10.11 -
TheHacker 6.7.0.1.054 2010.10.10 -
TrendMicro 9.120.0.1004 2010.10.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.11 -
VBA32 3.12.14.1 2010.10.11 -
ViRobot 2010.10.4.4074 2010.10.11 -
VirusBuster 12.67.11.0 2010.10.10 -
Additional information
Show all
MD5 : 220a9a46dffd993028271db8b03ac16a
SHA1 : 3934585dbe64790a7ee14a8a12b0978bb891df18
SHA256: 8422c392c2da369356b60790ef0c18fffa6beba74bdb1696436d94f803894102
ssdeep: 768:MHvhnDBibYxg2U6ApHuxCL3xTJnqCcu8ahyW7ILbwERAZCnMk:4vhlYYOZuALhTJnf8lW7I
Lu
File size : 61440 bytes
First seen: 2010-08-02 23:51:20
Last seen : 2010-10-11 14:07:46
TrID:
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0xB524
timedatestamp....: 0x4C3F3C06 (Thu Jul 15 16:49:10 2010)
machinetype......: 0x14c (I386)
[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xA74C, 0xB000, 5.81, bc66a8c0e7285f09ea7fc72d808dd534
.rdata, 0xC000, 0xF2F, 0x1000, 5.12, 090cda4737b1e3532a3739bbc8295005
.data, 0xD000, 0x28, 0x1000, 0.01, 586326841f6d4db7c7987fcbc4ac4891
.reloc, 0xE000, 0x2F2, 0x1000, 1.62, 9213bed6abe38dd289cc4da9ea00671b
[[ 2 import(s) ]]
MSVCR71.dll: _CIpow, free, _initterm, malloc, floor, __CppXcptFilter, _except_handler3, __dllonexit, _onexit, _adjust_fdiv, ceil
KERNEL32.dll: DisableThreadLibraryCalls
[[ 37 export(s) ]]
_Java_com_sun_scenario_effect_impl_sw_sse_SSEBlend_1ADDPeer_filter@100, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBlend_1BLUEPeer_filter@100, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBlend_1COLOR_1BURNPeer_filter@100, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBlend_1COLOR_1DODGEPeer_filter@100, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBlend_1DARKENPeer_filter@100, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBlend_1DIFFERENCEPeer_filter@100, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBlend_1EXCLUSIONPeer_filter@100, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBlend_1GREENPeer_filter@100, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBlend_1HARD_1LIGHTPeer_filter@100, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBlend_1LIGHTENPeer_filter@100, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBlend_1MULTIPLYPeer_filter@100, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBlend_1OVERLAYPeer_filter@100, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBlend_1REDPeer_filter@100, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBlend_1SCREENPeer_filter@100, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBlend_1SOFT_1LIGHTPeer_filter@100, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBlend_1SRC_1ATOPPeer_filter@100, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBlend_1SRC_1INPeer_filter@100, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBlend_1SRC_1OUTPeer_filter@100, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBlend_1SRC_1OVERPeer_filter@100, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBoxBlurPeer_filterHorizontal@40, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBoxBlurPeer_filterVertical@40, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBoxShadowPeer_filterHorizontalBlack@44, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBoxShadowPeer_filterVertical@48, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBoxShadowPeer_filterVerticalBlack@44, _Java_com_sun_scenario_effect_impl_sw_sse_SSEBrightpassPeer_filter@68, _Java_com_sun_scenario_effect_impl_sw_sse_SSEColorAdjustPeer_filter@80, _Java_com_sun_scenario_effect_impl_sw_sse_SSEDisplacementMapPeer_filter@132, _Java_com_sun_scenario_effect_impl_sw_sse_SSEInvertMaskPeer_filter@64, _Java_com_sun_scenario_effect_impl_sw_sse_SSELinearConvolvePeer_filterHV@52, _Java_com_sun_scenario_effect_impl_sw_sse_SSELinearConvolvePeer_filterVector@72, _Java_com_sun_scenario_effect_impl_sw_sse_SSELinearConvolveShadowPeer_filterHV@56, _Java_com_sun_scenario_effect_impl_sw_sse_SSELinearConvolveShadowPeer_filterVector@76, _Java_com_sun_scenario_effect_impl_sw_sse_SSEPerspectiveTransformPeer_filter@100, _Java_com_sun_scenario_effect_impl_sw_sse_SSEPhongLighting_1DISTANTPeer_filter@140, _Java_com_sun_scenario_effect_impl_sw_sse_SSEPhongLighting_1POINTPeer_filter@140, _Java_com_sun_scenario_effect_impl_sw_sse_SSEPhongLighting_1SPOTPeer_filter@156, _Java_com_sun_scenario_effect_impl_sw_sse_SSESepiaTonePeer_filter@68
ExifTool:
file metadata
CodeSize: 45056
EntryPoint: 0xb524
FileSize: 60 kB
FileType: Win32 DLL
ImageVersion: 0.0
InitializedDataSize: 12288
LinkerVersion: 7.1
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2010:07:15 18:49:10+02:00
UninitializedDataSize: 0
VT Community
0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
|
|
11.10.2010, 15:49
| #15 |
| | CPU-Auslastung 99% bei Prozess "System" und hier osam-log: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:48:21 on 11.10.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\DOKUME~1\caro\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "SANDRA" (SANDRA) - "SiSoftware" - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "SyGate for NT, wg3n" (wg3n) - "Sygate Technologies, Inc." - C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys "Teefer for NT" (Teefer) - "Sygate Technologies, Inc." - C:\WINDOWS\System32\Drivers\Teefer.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "wpsdrvnt" (wpsdrvnt) - "Sygate Technologies, Inc." - C:\WINDOWS\system32\drivers\wpsdrvnt.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Programme\Windows Live\Messenger\fsshext.8.5.1302.1018.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Launcher.lnk" - "TODO: <Company name>" - C:\Programme\InternetEverywhere\Launcher.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\caro\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "IncrediMail" - "IncrediMail, Ltd." - C:\Programme\IncrediMail\bin\IncMail.exe /c -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "LogitechCommunicationsManager" - "Logitech Inc." - "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" "SmcService" - "Sygate Technologies, Inc." - C:\PROGRA~1\Sygate\SPF\smc.exe -startgui "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\HpTcpMon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "LVCOMSer" (LVCOMSer) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe "SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe "Sygate Personal Firewall" (SmcService) - "Sygate Technologies, Inc." - C:\Programme\Sygate\SPF\smc.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "WTGService" (WTGService) - ? - C:\Programme\InternetEverywhere\WTGService.exe (File found, but it contains no detailed information) [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] |
|
| Themen zu CPU-Auslastung 99% bei Prozess "System" |
| adobe, antivir, antivir guard, avira, bho, dateien, desktop, dll, excel, explorer, hijack, hijackthis, hkus\s-1-5-18, internet explorer, ip-adresse, logfile, messenger, microsoft, plug-in, problem, programme, prozess, rundll, software, system, taskleiste, windows, windows xp |
Linear-Darstellung
