Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   CPU-Auslastung 99% bei Prozess "System" (https://www.trojaner-board.de/91535-cpu-auslastung-99-prozess-system.html)

Tangomaus 11.10.2010 20:16
Wollt mich auch mal schnell bedanken, dass Du Dir solche Mühe gibst! Gehe zur Zeit nur mit dem Laptop online, weil der PC mitunter nur noch 10 Minuten online geht bis die CPU Auslastung auf 99% steigt.
Ausserdem lässt sich IncrediMail nicht beenden. Selbst wenn ich denn Prozess "IncMail" im TaskManager beende, bleibt das Symbol im Systemtray bestehen. Kann das etwas mit dem Problem zu tun haben?

Tangomaus 11.10.2010 20:47
Hi,
entschuldige, hatte eine Datei zum Prüfen bei Virustotal übersehen, daher hier noch der Nachtrag:

Code:
File name:
spoolsv.exe
Submission date:
2010-10-11 19:38:28 (UTC)
Current status:
finished
Result:
0 /41 (0.0%)

Antivirus          Version          Last Update          Result
AntiVir        7.10.12.184        2010.10.11        -
Antiy-AVL        2.0.3.7        2010.10.11        -
Authentium        5.2.0.5        2010.10.11        -
Avast        4.8.1351.0        2010.10.11        -
Avast5        5.0.594.0        2010.10.11        -
AVG        9.0.0.851        2010.10.11        -
BitDefender        7.2        2010.10.11        -
CAT-QuickHeal        11.00        2010.10.11        -
ClamAV        0.96.2.0-git        2010.10.11        -
Comodo        6356        2010.10.11        -
DrWeb        5.0.2.03300        2010.10.11        -
Emsisoft        5.0.0.50        2010.10.11        -
eSafe        7.0.17.0        2010.10.11        -
eTrust-Vet        36.1.7905        2010.10.11        -
F-Prot        4.6.2.117        2010.10.11        -
F-Secure        9.0.15370.0        2010.10.11        -
Fortinet        4.2.249.0        2010.10.11        -
GData        21        2010.10.11        -
Ikarus        T3.1.1.90.0        2010.10.11        -
Jiangmin        13.0.900        2010.10.11        -
K7AntiVirus        9.65.2724        2010.10.11        -
Kaspersky        7.0.0.125        2010.10.11        -
McAfee        5.400.0.1158        2010.10.11        -
McAfee-GW-Edition        2010.1C        2010.10.11        -
Microsoft        1.6201        2010.10.11        -
NOD32        5521        2010.10.11        -
Norman        6.06.07        2010.10.11        -
nProtect        2010-10-11.01        2010.10.11        -
Panda        10.0.2.7        2010.10.11        -
PCTools        7.0.3.5        2010.10.11        -
Prevx        3.0        2010.10.11        -
Rising        22.69.00.01        2010.10.11        -
Sophos        4.58.0        2010.10.11        -
Sunbelt        7038        2010.10.11        -
SUPERAntiSpyware        4.40.0.1006        2010.10.11        -
Symantec        20101.2.0.161        2010.10.11        -
TheHacker        6.7.0.1.054        2010.10.10        -
TrendMicro        9.120.0.1004        2010.10.11        -
TrendMicro-HouseCall        9.120.0.1004        2010.10.11        -
ViRobot        2010.10.4.4074        2010.10.11        -
VirusBuster        12.67.13.0        2010.10.11        -


Additional information
Show all
MD5  : 60784f891563fb1b767f70117fc2428f
SHA1  : e6e904b84332191d44de729deb7bfed9bcef2ce9
SHA256: e0b07f08e60ffbad36c2e58180f4b2a16dca47716044cbe0213df7b74d742f1f
ssdeep: 768:ioE4mVpn/hQUbwaf8MNy6knSRDuPMV2FzFlzV3D+JMUQkwvDLkCUJigo:inn/jbwaVc6knS
NIbVlkHCFgo
File size : 58880 bytes
First seen: 2010-09-14 18:05:45
Last seen : 2010-10-11 19:38:28
Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID:
Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Spooler SubSystem App
original name: spoolsv.exe
internal name: spoolsv.exe
file version.: 5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x463B
timedatestamp....: 0x4C6A8BD1 (Tue Aug 17 13:17:05 2010)
machinetype......: 0x14C (Intel I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xBE44, 0xC000, 5.94, fb8e2b74b1ed27f9776070bfaf512921
.data, 0xD000, 0x13B4, 0x1400, 2.23, a058f24120fe94e91092e48b3909e9f9
.rsrc, 0xF000, 0xC78, 0xE00, 6.19, e05210f2747d04cbe5cfb1fb2a66eddd

[[ 6 import(s) ]]
advapi32.dll: RegisterServiceCtrlHandlerExW, OpenThreadToken, CheckTokenMembership, StartServiceCtrlDispatcherW, SetServiceStatus, RegQueryValueExW, AllocateAndInitializeSid, FreeSid, InitializeSecurityDescriptor, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, GetLengthSid, InitializeAcl, AddAccessAllowedAce, AddAccessDeniedAce, GetAce, SetSecurityDescriptorDacl, GetSecurityDescriptorLength, MakeSelfRelativeSD, RegDisablePredefinedCache, RegOpenKeyExW, RegCloseKey
gdi32.dll: bMakePathNameW, GdiInitSpool, GdiGetSpoolMessage
kernel32.dll: GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetTickCount, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, QueryPerformanceCounter, GetModuleHandleW, GetCurrentProcess, GetSystemDirectoryW, FreeLibrary, InterlockedExchange, InitializeCriticalSection, ExitThread, CloseHandle, WaitForSingleObject, CreateEventW, CreateThread, ExitProcess, Sleep, OpenEventW, GetLastError, LoadLibraryA, LocalFree, LocalAlloc, SetEvent, LeaveCriticalSection, EnterCriticalSection, SetLastError, GetCurrentThread, CreateFileW, CompareStringW, OpenProcess, InterlockedIncrement, RaiseException, InterlockedDecrement, GetProcAddress
msvcrt.dll: _XcptFilter, _c_exit, __initenv, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, _exit, _except_handler3, wcsrchr, _stricmp, _wcsnicmp, wcslen, wcschr
ntdll.dll: RtlValidRelativeSecurityDescriptor
rpcrt4.dll: RpcServerRegisterIf2, I_RpcBindingInqTransportType, I_RpcBindingIsClientLocal, I_RpcSessionStrictContextHandle, RpcRaiseException, RpcImpersonateClient, RpcRevertToSelf, NdrServerCall2, RpcServerUseProtseqEpA, I_RpcSsDontSerializeContext, RpcMgmtSetServerStackSize, RpcServerListen

[[ 12 export(s) ]]
YDriverUnloadComplete, YEndDocPrinter, YFlushPrinter, YGetPrinter, YGetPrinterDriver2, YGetPrinterDriverDirectory, YReadPrinter, YSeekPrinter, YSetJob, YSetPort, YSplReadPrinter, YWritePrinter
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 49152
CompanyName: Microsoft Corporation
EntryPoint: 0x463b
FileDescription: Spooler SubSystem App
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 58 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)
FileVersionNumber: 5.1.2600.6024
ImageVersion: 5.1
InitializedDataSize: 8704
InternalName: spoolsv.exe
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 7.1
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.1
ObjectFileType: Executable application
OriginalFilename: spoolsv.exe
PEType: PE32
ProductName: Microsoft Windows Operating System
ProductVersion: 5.1.2600.6024
ProductVersionNumber: 5.1.2600.6024
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2010:08:17 15:17:05+02:00
UninitializedDataSize: 0
Symantec reputation:Suspicious.Insight

Chris4You 12.10.2010 06:51
Hi,

Fix für OSAM:
  • Wähle "Settings" oben rechts im Hauptfenster.
http://www.online-solutions.ru/temp/...menu_small.gif
  • Setze einen Haken bei "Disable objects using the driver" und einen auf die darunterliegende Option "Always"!
http://img651.imageshack.us/img651/1165/settingstwq.png
  • Deaktiviere die angegebenen Einträge, keinesfalls andere!
Code:
[Drivers]
"catchme" (catchme) - ? - C:\DOKUME~1\caro\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
  • Wenn alle genannten Einträge deaktivert sind, klicke auf "Apply".
http://www.online-solutions.ru/temp/...ply_revert.gif
  • Die Frage nach "Reboot" bestätigen.
http://www.online-solutions.ru/temp/...reboot_now.gif
  • Nach dem Neustart starte OSAM erneut - den Report über die deaktivierten Einträge kopieren und posten.
  • Wenn der Rechner ohne Problem läuft, dann löschen wir jetzt die Einträge endgültig!
  • Dazu OSAM starten und die Einträge mit einem rechts-Klick anwählen und mit "Delete from storage" löschen.
http://www.online-solutions.ru/temp/...e_function.gif

chris

Tangomaus 12.10.2010 12:03
Hallo,

hab osam ausgeführt wie oben beschrieben. Leider hat sich der PC wieder aufgehangen, bevor ich den Report über die deaktivierten Einträge speichern konnte. Es stand vor jedem der deaktivierten Einträge "Success".
Hab derweil einen neuen scan laufen lassen und poste die neue Log (sind noch nicht engültig gelöscht, PC scheint aber stabil zu laufen):

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:53:47 on 12.10.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"SANDRA" (SANDRA) - "SiSoftware" - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"SyGate for NT, wg3n" (wg3n) - "Sygate Technologies, Inc." - C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
"Teefer for NT" (Teefer) - "Sygate Technologies, Inc." - C:\WINDOWS\System32\Drivers\Teefer.sys
"wpsdrvnt" (wpsdrvnt) - "Sygate Technologies, Inc." - C:\WINDOWS\system32\drivers\wpsdrvnt.sys
(Disabled) "catchme" (catchme) - ? - C:\DOKUME~1\caro\LOKALE~1\Temp\catchme.sys  (File not found)
(Disabled) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
(Disabled) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
(Disabled) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
(Disabled) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
(Disabled) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
(Disabled) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
(Disabled) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
(Disabled) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
(Disabled) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Programme\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll
(Disabled) {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
(Disabled) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
(Disabled) {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Launcher.lnk" - "TODO: <Company name>" - C:\Programme\InternetEverywhere\Launcher.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\caro\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"IncrediMail" - "IncrediMail, Ltd." - C:\Programme\IncrediMail\bin\IncMail.exe /c
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"LogitechCommunicationsManager" - "Logitech Inc." - "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe"
"SmcService" - "Sygate Technologies, Inc." - C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\HpTcpMon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LVCOMSer" (LVCOMSer) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
"SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe
"Sygate Personal Firewall" (SmcService) - "Sygate Technologies, Inc." - C:\Programme\Sygate\SPF\smc.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"WTGService" (WTGService) - ? - C:\Programme\InternetEverywhere\WTGService.exe  (File found, but it contains no detailed information)

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
(Disabled) "MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
(Disabled) {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Chris4You 12.10.2010 13:19
Hi,

kannst die Einträge löschen...
Das Eventlog wäre interessant um zu schauen, ob was über die Abstürze drin steht...

chris

Tangomaus 13.10.2010 16:19
Hi,

Einträge sind gelöscht.

Wo finde ich das Eventlog?

Tangomaus 13.10.2010 16:47
Okay, habs glaub ich gefunden. Hier die Logs, hoffentlich hilft das weiter, ist ja langsam zum Verzweifeln.

Chris4You 14.10.2010 09:52
Hallo,

habe die Eventlogs durchgesehen, es sind jede Menge Google-Updatefehler drin (würde GoogleDesktop etc. mal disablen).

Wir müssen das vorgehen ändern. Wenn der Rechner wieder am Internet langsamer werden sollte, dann TCPView anschmeißen und schauen was er versucht wo runterzuladen. Weiterhin parallel dazu alle Prozesse im Taskmanager anschauen und versuchen den Prozess zu identifizieren, der die meiste Rechenzeit verbrät (dazu nach CPU-Last sortiern lassen).
Benutze folgende SW dazu:
Processexplorer:
Process Explorer
TCPView:
Download: TCPView for Windows
Anleitung: Sysinternals ? die besten Utilities (3): TCPView IT-techBlog: Home of MobileTech

Mach Dich mit den Anwendungen vorher etwas vertraut, z.B. Log speichern etc.

chris


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:32 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19