|
Viren, Trojaner, Spyware Hi Leute ... Mein Computer ist in letzter Zeit unglaublich langsam geworden. Ich habe mehrere Antivirus Programme installiert (Kaspersky, Norton, Avira, Spyware Doctor, Malwarebytes, Spybot, Adaware) und damit über 4000 (!!!) infizierte Dateien gelöscht. Der Zustand meines PCs hat sich dadurch gebessert, ist aber immernoch ziemlich langsam. Vorallem wenn ich im Internet surfe oder Videos schaue, dann ist das PC unglaublich langsam. Ich kann nicht mehr Filme schauen, weil sie so sehr stocken!! Kann mir jemand helfen ???????????? Thx |
Du solltest dich für ein AV-Programm entscheiden und dann die anderen deinstallieren, jedenfalls würde ich Norton keinesfalls drauf lassen. Bitte Norton mit dem Norton Removel deinstallieren: Download und Ausführung des Norton-Entfernungsprogramms Dann bitte CCleaner wie in der Anleitung benutzen (auch Registry säubern)! Dann bitte einen HiJackThis Log posten (anleitung genau durchlsen). Malwarebytes' Anti-Malware: Downloade dir MalwareBytes herunter Installiere es Befolge die Anleitung (führe einen kompletten Scan aus!) http://saved.im/mtc5mth3amc0/maware_loeschen.png Poste den entstandenen Log @Händichweg da haben wir wohl zur selben Zeit geopstet... |
Moin, hast du die Virenscanner gleichzeitig am laufen? Lad dir mal bitte HiJackThis runter und mach ein logfile und stell es hier rein. Entscheide dich für einen Virenscanner (ich würde Avira nehmen) und deinstalliere bitte die anderen. Bitte Logfile hier posten! |
Hi Leute .. Danke für die schnellen Antworten. Nein ich habe nicht alle gleichzeitig laufen, sondern nacheinander .. Zurzeit hab ich Kaspersky, Spyware Doctor, Spybot S&D und Malewarebytes drauf .. Ich habe auch CCleaner installiert und eingesetzt .. Hier ist nun mein Hijackthis Logfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:17:26, on 15.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe F:\My Documents\""\Programms\"" SpyDoctor\Spyware Doctor\pctsAuxs.exe F:\My Documents\""\Programms\"" SpyDoctor\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\TUProgSt.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe F:\My Documents\""\Programms\"" SpyDoctor\Spyware Doctor\pctsTray.exe C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\""\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe F:\My Documents\""\Programms\"" SpyBot S&D\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\USB\USB VoIP Phone\USBPhoneDriver.exe C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe F:\My Documents\""\Programms\"" Azureus\Azureus\Azureus.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\VideoLAN\VLC\vlc.exeC:\Documents and Settings\""\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\""\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\""\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\""\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\""\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\""\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h""p://www.google.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h""p://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h""p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h""p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h""p://downloads.yahoo.com/internetexplorer/welcome.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\MYDOCU~1\""\PROGRA~1\""~1\SPYBOT~1\SDHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [ISTray] "F:\My Documents\""\Programms\"" SpyDoctor\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\""\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\My Documents\""\Programms\"" SpyBot S&D\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: USBVoIPPhone.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\""\Games\Poker\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Omar & Youssef\Games\Poker\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\MYDOCU~1\""\PROGRA~1\""~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\MYDOCU~1\""\PROGRA~1\""~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - h""p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} (WCLoaderCtl Class) - h""p://download.paltalk.com/wcloader_prod/wcloader.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - h""p://egyptian-"".spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h""p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145681592718 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - h""p://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - h""p://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CD9C35DB-9D48-4193-923D-A4684DFA35B8}: NameServer = 163.121.128.134,163.121.128.135 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing) O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing) O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\My Documents\""\Programms\"" SpyDoctor\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\My Documents\""\Programms\"" SpyDoctor\Spyware Doctor\pctsSvc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 12373 bytes ------------- Danke sehr Leute schon im Voraus .. Lg Tony |
Da ist immer noch Norton drauf! Lies mal mein ersten Post genau durch! |
Ey Eminemstyle: Danke. Ich hatte es eigentlich deinstalliert, aber hab nun dein Programm benutzt und Norton endgültig entfernt, dann Malware und CCleaner.. Hier nun mein Hijackthis Logfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:38:24, on 15.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe F:\My Documents\Marwan\Programms\Marwans SpyDoctor\Spyware Doctor\pctsAuxs.exe F:\My Documents\Marwan\Programms\Marwans SpyDoctor\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe F:\My Documents\Marwan\Programms\Marwans SpyDoctor\Spyware Doctor\pctsTray.exe C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe F:\My Documents\Marwan\Programms\Marwans SpyBot S&D\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\USB\USB VoIP Phone\USBPhoneDriver.exe C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe F:\My Documents\Marwan\Programms\Marwans Azureus\Azureus\Azureus.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://downloads.yahoo.com/internetexplorer/welcome.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\MYDOCU~1\Marwan\PROGRA~1\MARWAN~1\SPYBOT~1\SDHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [ISTray] "F:\My Documents\Marwan\Programms\Marwans SpyDoctor\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\My Documents\Marwan\Programms\Marwans SpyBot S&D\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: USBVoIPPhone.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Omar & Youssef\Games\Poker\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Omar & Youssef\Games\Poker\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\MYDOCU~1\Marwan\PROGRA~1\MARWAN~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\MYDOCU~1\Marwan\PROGRA~1\MARWAN~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} (WCLoaderCtl Class) - http://download.paltalk.com/wcloader_prod/wcloader.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://egyptian-marwan.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145681592718 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CD9C35DB-9D48-4193-923D-A4684DFA35B8}: NameServer = 163.121.128.134,163.121.128.135 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\My Documents\Marwan\Programms\Marwans SpyDoctor\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\My Documents\Marwan\Programms\Marwans SpyDoctor\Spyware Doctor\pctsSvc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 10989 bytes Thx |
Bitte deinstallieren: Code: AdAware Es bleiben meistens oder immer Teile von Norton übrig die andere AV-Softwares behinder oder blockieren und den PC verlangsamen, deswegen den Norton Removal. Dann bitte einen Malwarebytes Scan und danach einen frischen HiJackThis Log. |
Hi Eminemstyle .. Ok habe alles deinstalliert und Malwarebytes laufen gelassen -- keine Malwares gefunden .. Hier nun mein Hijackthis Logfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:28:51, on 16.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\System32\TUProgSt.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\USB\USB VoIP Phone\USBPhoneDriver.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe F:\My Documents\Marwan\Programms\Marwans Azureus\Azureus\Azureus.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://downloads.yahoo.com/internetexplorer/welcome.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: USBVoIPPhone.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Omar & Youssef\Games\Poker\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Omar & Youssef\Games\Poker\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} (WCLoaderCtl Class) - http://download.paltalk.com/wcloader_prod/wcloader.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://egyptian-marwan.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145681592718 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CD9C35DB-9D48-4193-923D-A4684DFA35B8}: NameServer = 163.121.128.134,163.121.128.135 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 9728 bytes Thx Lg Tony |
Zitat:
Hast du das gelesen? Du solltest den ersten und 3. Abschnitt beachten und befolgen. Dann mir sagen ob er schneller geworden ist, ob dir irgendwas auffällt ob sich was verändert hat. |
Was meinst du ?? Ich hab genau das gemacht, was du gesagt hast. Ich hab Norton mit deinem Removal Tool deinstalliert, hab Adaware, Spybot und Spyware Doctor auch deinstalliert und dann mein Hijackthis Logfile gepostet. Mein PC ist genauso langsam wie früher, hat sich nix geändert. Könntest du bitte mein Hijackthis Logfile anschauen ?? Lg Tony |
Hier meinen frischen Hijackthis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:10:25, on 17.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\System32\TUProgSt.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\USB\USB VoIP Phone\USBPhoneDriver.exe C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe C:\WINDOWS\System32\TuneUpDefragService.exe F:\My Documents\Marwan\Programms\Marwans Azureus\Azureus\Azureus.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\winlogon.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://downloads.yahoo.com/internetexplorer/welcome.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1960408961-2139871995-839522115-1003\..\Run: [ares] "E:\Marwan\Marwans Prgramms\Marwans Ares\Ares\Ares.exe" -h (User 'Owner') O4 - HKUS\S-1-5-21-1960408961-2139871995-839522115-1003\..\Run: [VoipBuster] "E:\marwan\marwans prgramms\marwans voipbusters\voipbuster\voipbuster.exe" -nosplash -minimized (User 'Owner') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: USBVoIPPhone.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Omar & Youssef\Games\Poker\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Omar & Youssef\Games\Poker\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} (WCLoaderCtl Class) - http://download.paltalk.com/wcloader_prod/wcloader.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://egyptian-marwan.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145681592718 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CD9C35DB-9D48-4193-923D-A4684DFA35B8}: NameServer = 163.121.128.134,163.121.128.135 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 10185 bytes ----------- Thx Leutz |
Okay also: Dann fixen wir Einträge mit HiJackThis (siehe Anleitung http://www.trojaner-board.de/51130-a...ijackthis.html): Code: R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)Folgende Dateien bei VirusTotal - Free Online Virus and Malware Scan Code: C:\WINDOWS\system32\userinit.exeGMER - Rootkit Detection
Dann bitte einen Scan mit Blacklight und Log posten. Dann einen SASW Scan und entstandenen Log posten. Dann einen neuen HiJackThis Log. |
Hi Eminemstyle .. Erstens mal danke sehr für dein Bemühen und deine Hilfe.. Hier erstens mal die Ergebnisse aus dem VirusTotal Scan: Die Datei wurde bereits analysiert: MD5: a93aee1928a9d7ce3e16d24ec7380f89 First received: - Datum 2009.01.18 09:40:07 (CET) [<1D] Ergebnisse 0/38 Permalink: analisis/c48331caaeeec6de65b58780460b74a7 |
Okay dann weiter |
Jetzt mein Gmer Log (Ich habe alle Harddrives gescant): GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-01-18 07:10:36 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB9A80224] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xB9A807F8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xB9A82234] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xB9A81BE6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xB9A7F99A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB9A83BC6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xB9A805F8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xB9A7FDDC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xB9A7FFDC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xB9A81EF6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xB9A840CE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xB9A800F2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xB9A8015A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xB9A81DA8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xB9A8366A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xB9A81A42] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xB9A7FAFC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xB9A803FC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xB9A83BF0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xB9A80348] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xB9A801C2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xB9A7FEC6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xB9A7FCA4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xB9A838D2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xB9A7F61C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xB9A82ABE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xB9A7F77E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xB9A83FA0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xB9A7F41A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xB9A820D6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xB9A806F6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xB9A83764] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xB9A83C1A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xB9A7FB52] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xB9A83CFE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xB9A83E2A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xB9A83596] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xB9A804C8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xB9A8053A] Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.14 ---- .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP B9A97874 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) .text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP B9A97C2E \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) .text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 12 Bytes [ FE, 3C, A8, B9, 2A, 3E, A8, ... ] ---- User code sections - GMER 1.0.14 ---- .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [ 25, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [ 65, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [ A5, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes [ E5, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [ A5, 02, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [ 65, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [ 65, 02, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes [ E5, 02, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [ A5, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes [ E5, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [ 25, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [ 25, 02, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [ E2 ] ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[1652] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[1652] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [ 70, 11, 41, 6D ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [ 25, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [ 65, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [ A5, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes [ E5, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [ A5, 02, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [ 65, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [ 65, 02, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes [ E5, 02, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [ A5, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes [ E5, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [ 25, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [ 25, 02, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [ E2 ] ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[2892] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[2892] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [ 70, 11, 41, 6D ] .text C:\Program Files\MSN Messenger\MsnMsgr.Exe[2960] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation) .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [ 25, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [ 65, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [ A5, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [ E2 ] .text |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 23:45 Uhr. |
Copyright ©2000-2025, Trojaner-Board