|
Viren, Trojaner, Spyware Hi Leute ... Mein Computer ist in letzter Zeit unglaublich langsam geworden. Ich habe mehrere Antivirus Programme installiert (Kaspersky, Norton, Avira, Spyware Doctor, Malwarebytes, Spybot, Adaware) und damit über 4000 (!!!) infizierte Dateien gelöscht. Der Zustand meines PCs hat sich dadurch gebessert, ist aber immernoch ziemlich langsam. Vorallem wenn ich im Internet surfe oder Videos schaue, dann ist das PC unglaublich langsam. Ich kann nicht mehr Filme schauen, weil sie so sehr stocken!! Kann mir jemand helfen ???????????? Thx |
Du solltest dich für ein AV-Programm entscheiden und dann die anderen deinstallieren, jedenfalls würde ich Norton keinesfalls drauf lassen. Bitte Norton mit dem Norton Removel deinstallieren: Download und Ausführung des Norton-Entfernungsprogramms Dann bitte CCleaner wie in der Anleitung benutzen (auch Registry säubern)! Dann bitte einen HiJackThis Log posten (anleitung genau durchlsen). Malwarebytes' Anti-Malware: Downloade dir MalwareBytes herunter Installiere es Befolge die Anleitung (führe einen kompletten Scan aus!) http://saved.im/mtc5mth3amc0/maware_loeschen.png Poste den entstandenen Log @Händichweg da haben wir wohl zur selben Zeit geopstet... |
Moin, hast du die Virenscanner gleichzeitig am laufen? Lad dir mal bitte HiJackThis runter und mach ein logfile und stell es hier rein. Entscheide dich für einen Virenscanner (ich würde Avira nehmen) und deinstalliere bitte die anderen. Bitte Logfile hier posten! |
Hi Leute .. Danke für die schnellen Antworten. Nein ich habe nicht alle gleichzeitig laufen, sondern nacheinander .. Zurzeit hab ich Kaspersky, Spyware Doctor, Spybot S&D und Malewarebytes drauf .. Ich habe auch CCleaner installiert und eingesetzt .. Hier ist nun mein Hijackthis Logfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:17:26, on 15.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe F:\My Documents\""\Programms\"" SpyDoctor\Spyware Doctor\pctsAuxs.exe F:\My Documents\""\Programms\"" SpyDoctor\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\TUProgSt.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe F:\My Documents\""\Programms\"" SpyDoctor\Spyware Doctor\pctsTray.exe C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\""\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe F:\My Documents\""\Programms\"" SpyBot S&D\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\USB\USB VoIP Phone\USBPhoneDriver.exe C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe F:\My Documents\""\Programms\"" Azureus\Azureus\Azureus.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\VideoLAN\VLC\vlc.exeC:\Documents and Settings\""\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\""\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\""\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\""\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\""\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\""\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h""p://www.google.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h""p://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h""p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h""p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h""p://downloads.yahoo.com/internetexplorer/welcome.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\MYDOCU~1\""\PROGRA~1\""~1\SPYBOT~1\SDHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [ISTray] "F:\My Documents\""\Programms\"" SpyDoctor\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\""\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\My Documents\""\Programms\"" SpyBot S&D\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: USBVoIPPhone.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\""\Games\Poker\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Omar & Youssef\Games\Poker\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\MYDOCU~1\""\PROGRA~1\""~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\MYDOCU~1\""\PROGRA~1\""~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - h""p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} (WCLoaderCtl Class) - h""p://download.paltalk.com/wcloader_prod/wcloader.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - h""p://egyptian-"".spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h""p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145681592718 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - h""p://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - h""p://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CD9C35DB-9D48-4193-923D-A4684DFA35B8}: NameServer = 163.121.128.134,163.121.128.135 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing) O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing) O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\My Documents\""\Programms\"" SpyDoctor\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\My Documents\""\Programms\"" SpyDoctor\Spyware Doctor\pctsSvc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 12373 bytes ------------- Danke sehr Leute schon im Voraus .. Lg Tony |
Da ist immer noch Norton drauf! Lies mal mein ersten Post genau durch! |
Ey Eminemstyle: Danke. Ich hatte es eigentlich deinstalliert, aber hab nun dein Programm benutzt und Norton endgültig entfernt, dann Malware und CCleaner.. Hier nun mein Hijackthis Logfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:38:24, on 15.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe F:\My Documents\Marwan\Programms\Marwans SpyDoctor\Spyware Doctor\pctsAuxs.exe F:\My Documents\Marwan\Programms\Marwans SpyDoctor\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe F:\My Documents\Marwan\Programms\Marwans SpyDoctor\Spyware Doctor\pctsTray.exe C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe F:\My Documents\Marwan\Programms\Marwans SpyBot S&D\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\USB\USB VoIP Phone\USBPhoneDriver.exe C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe F:\My Documents\Marwan\Programms\Marwans Azureus\Azureus\Azureus.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://downloads.yahoo.com/internetexplorer/welcome.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\MYDOCU~1\Marwan\PROGRA~1\MARWAN~1\SPYBOT~1\SDHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [ISTray] "F:\My Documents\Marwan\Programms\Marwans SpyDoctor\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\My Documents\Marwan\Programms\Marwans SpyBot S&D\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: USBVoIPPhone.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Omar & Youssef\Games\Poker\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Omar & Youssef\Games\Poker\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\MYDOCU~1\Marwan\PROGRA~1\MARWAN~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\MYDOCU~1\Marwan\PROGRA~1\MARWAN~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} (WCLoaderCtl Class) - http://download.paltalk.com/wcloader_prod/wcloader.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://egyptian-marwan.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145681592718 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CD9C35DB-9D48-4193-923D-A4684DFA35B8}: NameServer = 163.121.128.134,163.121.128.135 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\My Documents\Marwan\Programms\Marwans SpyDoctor\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\My Documents\Marwan\Programms\Marwans SpyDoctor\Spyware Doctor\pctsSvc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 10989 bytes Thx |
Bitte deinstallieren: Code: AdAware Es bleiben meistens oder immer Teile von Norton übrig die andere AV-Softwares behinder oder blockieren und den PC verlangsamen, deswegen den Norton Removal. Dann bitte einen Malwarebytes Scan und danach einen frischen HiJackThis Log. |
Hi Eminemstyle .. Ok habe alles deinstalliert und Malwarebytes laufen gelassen -- keine Malwares gefunden .. Hier nun mein Hijackthis Logfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:28:51, on 16.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\System32\TUProgSt.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\USB\USB VoIP Phone\USBPhoneDriver.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe F:\My Documents\Marwan\Programms\Marwans Azureus\Azureus\Azureus.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://downloads.yahoo.com/internetexplorer/welcome.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: USBVoIPPhone.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Omar & Youssef\Games\Poker\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Omar & Youssef\Games\Poker\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} (WCLoaderCtl Class) - http://download.paltalk.com/wcloader_prod/wcloader.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://egyptian-marwan.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145681592718 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CD9C35DB-9D48-4193-923D-A4684DFA35B8}: NameServer = 163.121.128.134,163.121.128.135 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 9728 bytes Thx Lg Tony |
Zitat:
Hast du das gelesen? Du solltest den ersten und 3. Abschnitt beachten und befolgen. Dann mir sagen ob er schneller geworden ist, ob dir irgendwas auffällt ob sich was verändert hat. |
Was meinst du ?? Ich hab genau das gemacht, was du gesagt hast. Ich hab Norton mit deinem Removal Tool deinstalliert, hab Adaware, Spybot und Spyware Doctor auch deinstalliert und dann mein Hijackthis Logfile gepostet. Mein PC ist genauso langsam wie früher, hat sich nix geändert. Könntest du bitte mein Hijackthis Logfile anschauen ?? Lg Tony |
Hier meinen frischen Hijackthis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:10:25, on 17.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\System32\TUProgSt.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\USB\USB VoIP Phone\USBPhoneDriver.exe C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe C:\WINDOWS\System32\TuneUpDefragService.exe F:\My Documents\Marwan\Programms\Marwans Azureus\Azureus\Azureus.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\winlogon.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://downloads.yahoo.com/internetexplorer/welcome.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1960408961-2139871995-839522115-1003\..\Run: [ares] "E:\Marwan\Marwans Prgramms\Marwans Ares\Ares\Ares.exe" -h (User 'Owner') O4 - HKUS\S-1-5-21-1960408961-2139871995-839522115-1003\..\Run: [VoipBuster] "E:\marwan\marwans prgramms\marwans voipbusters\voipbuster\voipbuster.exe" -nosplash -minimized (User 'Owner') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: USBVoIPPhone.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Omar & Youssef\Games\Poker\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Omar & Youssef\Games\Poker\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} (WCLoaderCtl Class) - http://download.paltalk.com/wcloader_prod/wcloader.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://egyptian-marwan.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145681592718 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CD9C35DB-9D48-4193-923D-A4684DFA35B8}: NameServer = 163.121.128.134,163.121.128.135 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 10185 bytes ----------- Thx Leutz |
Okay also: Dann fixen wir Einträge mit HiJackThis (siehe Anleitung http://www.trojaner-board.de/51130-a...ijackthis.html): Code: R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)Folgende Dateien bei VirusTotal - Free Online Virus and Malware Scan Code: C:\WINDOWS\system32\userinit.exeGMER - Rootkit Detection
Dann bitte einen Scan mit Blacklight und Log posten. Dann einen SASW Scan und entstandenen Log posten. Dann einen neuen HiJackThis Log. |
Hi Eminemstyle .. Erstens mal danke sehr für dein Bemühen und deine Hilfe.. Hier erstens mal die Ergebnisse aus dem VirusTotal Scan: Die Datei wurde bereits analysiert: MD5: a93aee1928a9d7ce3e16d24ec7380f89 First received: - Datum 2009.01.18 09:40:07 (CET) [<1D] Ergebnisse 0/38 Permalink: analisis/c48331caaeeec6de65b58780460b74a7 |
Okay dann weiter |
Jetzt mein Gmer Log (Ich habe alle Harddrives gescant): GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-01-18 07:10:36 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB9A80224] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xB9A807F8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xB9A82234] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xB9A81BE6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xB9A7F99A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB9A83BC6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xB9A805F8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xB9A7FDDC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xB9A7FFDC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xB9A81EF6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xB9A840CE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xB9A800F2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xB9A8015A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xB9A81DA8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xB9A8366A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xB9A81A42] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xB9A7FAFC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xB9A803FC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xB9A83BF0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xB9A80348] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xB9A801C2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xB9A7FEC6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xB9A7FCA4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xB9A838D2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xB9A7F61C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xB9A82ABE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xB9A7F77E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xB9A83FA0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xB9A7F41A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xB9A820D6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xB9A806F6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xB9A83764] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xB9A83C1A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xB9A7FB52] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xB9A83CFE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xB9A83E2A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xB9A83596] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xB9A804C8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xB9A8053A] Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.14 ---- .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP B9A97874 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) .text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP B9A97C2E \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) .text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 12 Bytes [ FE, 3C, A8, B9, 2A, 3E, A8, ... ] ---- User code sections - GMER 1.0.14 ---- .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [ 25, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [ 65, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [ A5, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes [ E5, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [ A5, 02, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [ 65, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [ 65, 02, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes [ E5, 02, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [ A5, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes [ E5, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [ 25, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [ 25, 02, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [ E2 ] ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[1652] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[1652] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [ 70, 11, 41, 6D ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [ 25, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [ 65, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [ A5, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes [ E5, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [ A5, 02, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [ 65, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [ 65, 02, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes [ E5, 02, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [ A5, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes [ E5, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [ 25, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [ 25, 02, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [ E2 ] ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[2892] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[2892] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [ 70, 11, 41, 6D ] .text C:\Program Files\MSN Messenger\MsnMsgr.Exe[2960] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation) .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [ 25, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [ 65, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [ A5, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [ E2 ] .text |
und der zweite Teil meines Gmer Log: C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes [ E5, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [ A5, 02, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [ 65, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [ 65, 02, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes [ E5, 02, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [ A5, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes [ E5, 00, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [ 25, 01, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [ E2 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [ 25, 02, 16, 00 ] .text C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [ E2 ] ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [BA11BDF0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [BA11BDF0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ---- Devices - GMER 1.0.14 ---- AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ---- Registry - GMER 1.0.14 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ... Reg HKLM\SOFTWARE\Classes\CLSID\{86FEAD98-AFD3-FB98-6E03-2C9BCEA1E7FE}\InProcServer32@ C:\WINDOWS\system32\msxml4.dll Reg HKLM\SOFTWARE\Classes\CLSID\{86FEAD98-AFD3-FB98-6E03-2C9BCEA1E7FE}\InProcServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\InprocServer@ ole2disp.dll Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\InprocServer32@ oleaut32.dll Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\InprocServer32@InprocServer32 i7R(d6jnX8iv0l4VX6{Ioleaut32>M5KDYSUnf(HA*L[xeX)y? Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ... Reg HKLM\SOFTWARE\Classes\CLSID\{F1904B58-8B7A-54D7-CF67-C6422667681B}\InprocServer32@ C:\Program Files\Common Files\System\ado\msado15.dll Reg HKLM\SOFTWARE\Classes\CLSID\{F1904B58-8B7A-54D7-CF67-C6422667681B}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F1904B58-8B7A-54D7-CF67-C6422667681B}\ProgID@ ADODB.Connection.2.8 Reg HKLM\SOFTWARE\Classes\CLSID\{F1904B58-8B7A-54D7-CF67-C6422667681B}\VersionIndependentProgID@ ADODB.Connection Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ... ---- EOF - GMER 1.0.14 ---- |
hast du schon die Einträge gefixt? Wenn ja dann mach mit Blacklight weiter |
Ja die Einträge bei Hijackthis hab ich gefixt, ausser eins, weil ich es bei VirusTotal gescant habe. Soll ich das auch fixen?? Blacklight funktioniert bei mir nicht.. Kann ich einfach mit dem Nächsten weitermachne? |
Hast du die 7 Punkt jetzt gefixt? Warum geht es nicht? Ja versuch mit dem nächsten weiterzumachen. |
Also hab jetzt auch einen kompletten Scan mit Auperantispyware gemacht, etwa 56 Infizierungen gefunden bei den cookies von meinem Bruder und hab alles gelöscht. Blacklight geht immernoch nicht, kann die Download Datei nicht mal öffnen. Hier ist nun mein frischer Hijackthis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:02:07, on 18.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\System32\TUProgSt.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe F:\My Documents\Marwan\Programms\Marwans SuperAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\USB\USB VoIP Phone\USBPhoneDriver.exe C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://downloads.yahoo.com/internetexplorer/welcome.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\My Documents\Marwan\Programms\Marwans SuperAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: USBVoIPPhone.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://egyptian-marwan.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145681592718 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CD9C35DB-9D48-4193-923D-A4684DFA35B8}: NameServer = 163.121.128.134,163.121.128.135 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O20 - Winlogon Notify: !SASWinLogon - F:\My Documents\Marwan\Programms\Marwans SuperAntiSpyware\SASWINLO.dll O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 8541 bytes |
Bitte Log posten von SASW |
Hier mein SuperAntiSpyware Log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/18/2009 at 09:16 AM Application Version : 4.24.1004 Core Rules Database Version : 3714 Trace Rules Database Version: 1689 Scan type : Complete Scan Total Scan Time : 00:42:48 Memory items scanned : 580 Memory threats detected : 0 Registry items scanned : 5742 Registry threats detected : 2 File items scanned : 22991 File threats detected : 56 Adware.Tracking Cookie C:\Documents and Settings\Marwan\Cookies\marwan@ad2.doublepimp[1].txt C:\Documents and Settings\Guest\Cookies\guest@adultfriendfinder[1].txt C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt C:\Documents and Settings\Guest\Cookies\guest@adultfreindfinder[1].txt C:\Documents and Settings\Marwan\Cookies\marwan@adbrite[2].txt C:\Documents and Settings\Omar\Cookies\omar@riptownmedia.122.2o7[1].txt C:\Documents and Settings\Omar\Cookies\omar@accounts.pkr[1].txt C:\Documents and Settings\Omar\Cookies\omar@ad.flux[1].txt C:\Documents and Settings\Omar\Cookies\omar@banners.victor[1].txt C:\Documents and Settings\Omar\Cookies\omar@ad.yieldmanager[1].txt C:\Documents and Settings\Omar\Cookies\omar@adfarm1.adition[1].txt C:\Documents and Settings\Omar\Cookies\omar@router.partypoker[3].txt C:\Documents and Settings\Omar\Cookies\omar@router.partypoker[4].txt C:\Documents and Settings\Omar\Cookies\omar@www.3dstats[1].txt C:\Documents and Settings\Omar\Cookies\omar@tradedoubler[1].txt C:\Documents and Settings\Omar\Cookies\omar@stats.vegasred[2].txt C:\Documents and Settings\Omar\Cookies\omar@bwincom.122.2o7[2].txt C:\Documents and Settings\Omar\Cookies\omar@imrworldwide[2].txt C:\Documents and Settings\Omar\Cookies\omar@statcounter[2].txt C:\Documents and Settings\Omar\Cookies\omar@ad.trigami[2].txt C:\Documents and Settings\Omar\Cookies\omar@adopt.euroclick[2].txt C:\Documents and Settings\Omar\Cookies\omar@phg.hitbox[2].txt C:\Documents and Settings\Omar\Cookies\omar@ehg-ads.hitbox[1].txt C:\Documents and Settings\Omar\Cookies\omar@4stats[2].txt C:\Documents and Settings\Omar\Cookies\omar@atdmt[2].txt C:\Documents and Settings\Omar\Cookies\omar@ads-dev.youporn[1].txt C:\Documents and Settings\Omar\Cookies\omar@ads1.partnerlogic[1].txt C:\Documents and Settings\Omar\Cookies\omar@adtech[1].txt C:\Documents and Settings\Omar\Cookies\omar@apmebf[1].txt C:\Documents and Settings\Omar\Cookies\omar@casalemedia[1].txt C:\Documents and Settings\Omar\Cookies\omar@famouspornstars[2].txt C:\Documents and Settings\Omar\Cookies\omar@eas.apm.emediate[2].txt C:\Documents and Settings\Omar\Cookies\omar@ehg-ladbrokes.hitbox[1].txt C:\Documents and Settings\Omar\Cookies\omar@ehg-vcbs.hitbox[1].txt C:\Documents and Settings\Omar\Cookies\omar@fastclick[1].txt C:\Documents and Settings\Omar\Cookies\omar@hitbox[1].txt C:\Documents and Settings\Omar\Cookies\omar@overture[1].txt C:\Documents and Settings\Omar\Cookies\omar@partygaming.122.2o7[1].txt C:\Documents and Settings\Omar\Cookies\omar@partypoker[1].txt C:\Documents and Settings\Omar\Cookies\omar@router.partypoker[1].txt C:\Documents and Settings\Omar\Cookies\omar@server.iad.liveperson[3].txt C:\Documents and Settings\Omar\Cookies\omar@server.iad.liveperson[2].txt C:\Documents and Settings\Omar\Cookies\omar@server.iad.liveperson[4].txt C:\Documents and Settings\Omar\Cookies\omar@server.iad.liveperson[5].txt C:\Documents and Settings\Omar\Cookies\omar@server.iad.liveperson[6].txt C:\Documents and Settings\Omar\Cookies\omar@server.iad.liveperson[7].txt C:\Documents and Settings\Omar\Cookies\omar@stats.casinodelrio[2].txt C:\Documents and Settings\Omar\Cookies\omar@www.etracker[1].txt C:\Documents and Settings\Omar\Cookies\omar@www.jackpotmadness[1].txt C:\Documents and Settings\Omar\Cookies\omar@youporn[1].txt C:\Documents and Settings\Omar\Cookies\omar@zedo[1].txt C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt C:\Documents and Settings\Owner\Cookies\owner@adinterax[2].txt C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt Adware.MyWebSearch/FunWebProducts HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs |
und das computer wird langsamer und langsamer ... |
Wie ist denn das mit dem Norton? Muss das draufbleiben? Darf man das deinstallieren? bitte Malwarebytes Updaten und einen Full Scan machen Log posten. ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. Poste alle Logfiles bitte mit Codetags umschlossen (#-Button) also so: HTML-Code: [code] Hier das Logfile rein! [/code] |
Hallo Leute, Kann mir jemand netter weise mal den GMER erklären? Wie wärte ich später den logifile aus??? Ich kenn mich damit nicht soderlich gut aus. Danke für eure hilfe! |
@ SpeedFan stell doch einfach hier deine Frage :) Antiviren-, Firewall- und andere Schutzprogramme - Trojaner-Board |
Ich habe Malware geupdated und mein PC damit gescant. Es hat nix gefunden. Jetzt hab ich ComboFix runtergeladen, aber noch nix gemacht, weil auf dieser Seite, die du mir gegeben hast, steht dass ich eine bestimmte Bootinstallation von Microsoft machen muss. Ich hab keine CD und bin deshalb auf der Internehtseite von Microsoft gegangen, diese hier: http://support.microsoft.com/?scid=kb;de;310994&x=13&y=11 aber ich muss diese Bootinstallation für Windows XP mit SP3, und auf der Seite gibt es nur von SP1 und SP2. Was soll ich jetzt machen?? Lg Tony |
Du hast keine Windows CD? Ganz sicher? Wenn man einen PC gekafut hat dann sind die meistens dabei. Du musst das auch nicht unbedingt machen mit der Widerherstellungskonsole, aber es ist deine Entscheidung ob du das willst oder nicht. |
Also hab jetzt ComboFix laufen gelassen und hier ist das Log: ----------------------------------------------------- Time of Exception: 22:46:44.765 19/10/2007 (D/M/Y) Exception Code: 0xc0000005 Access Violation Exception: Due to the thread attempting to read from an inaccessible address Access Violation Address: 0x00000018 Exception is continuable Exception Address Details: 0x0092670E [.text]:0x0052570E C:\Program Files\Electronic Arts\The Godfather The Game\godfather.exe Process Path: C:\Program Files\Electronic Arts\The Godfather The Game\godfather.exe Current Directory: C:\PROGRA~1\ELECTR~1\THEGOD~1 Command Line: "C:\Program Files\Electronic Arts\The Godfather The Game\godfather.exe" Process ID: 0x00000988 Thread ID where exception has occurred: 0x000010B4 System Details: Computer Name: 4ECD8E0BA1A247B User Name: Marwan Number of Processors: 2 Page size: 4096 Lowest Memory Address: 65536 Highest Memory Address: 2147418111 Global Memory Status: Using GlobalMemoryStatusEx Memory Load: 57 Physical Memory: 2096620 Kbytes Physical Memory (available): 897536 Kbytes Page File: 4035136 kbytes Page File (available): 2863156 Kbytes Virtual Memory: 2097024 Kbytes Virtual Memory (available): 1725004 Kbytes Windows XP v5.1 Current Build: 2600 Service Pack: Service Pack 2 Registered Organisation: .. Registered Owner: .. Current Type: Multiprocessor Free Windows Directory: C:\WINDOWS System Directory: C:\WINDOWS\system32 Normal Boot Monitors: 1 Virtual Screen 0, 0, 1024, 768 Active Display (Bits per Pixel): 32 Active Display (Width): 1024 Active Display (Height): 768 Active Display (Refresh Rate): 60 Mouse Buttons: 5 Network present ANSI Code Page: 1252 OEM Code Page: 437 User Default Lang ID: 2055 System Default Lang ID: 1033 User Default Locale ID: 2055 System Default Locale ID: 1033 Environment Strings: =::=::\ =C:=C:\PROGRA~1\ELECTR~1\THEGOD~1 ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Marwan\Application Data CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=4ECD8E0BA1A247B ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Marwan LOGONSERVER=\\4ECD8E0BA1A247B NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\Electronic Arts\The Godfather The Game;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0407 ProgramFiles=C:\Program Files SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Marwan\LOCALS~1\Temp TMP=C:\DOCUME~1\Marwan\LOCALS~1\Temp USERDOMAIN=4ECD8E0BA1A247B USERNAME=Marwan USERPROFILE=C:\Documents and Settings\Marwan windir=C:\WINDOWS Processes: Name: [System Process] Process ID: 0 Threads: 2 Reference Count: 0 Parent Process ID: 0 Base Priority: 0 Name: System Process ID: 4 Threads: 71 Reference Count: 0 Parent Process ID: 0 Base Priority: 8 Name: smss.exe Process ID: 612 Threads: 3 Reference Count: 0 Parent Process ID: 4 File Version: 5.1.2600.2180 Base Priority: 11 Name: csrss.exe Process ID: 660 Threads: 14 Reference Count: 0 Parent Process ID: 612 File Version: 5.1.2600.2180 Base Priority: 13 Name: winlogon.exe Process ID: 688 Threads: 23 Reference Count: 0 Parent Process ID: 612 File Version: 5.1.2600.2180 Base Priority: 13 Name: services.exe Process ID: 732 Threads: 16 Reference Count: 0 Parent Process ID: 688 File Version: 5.1.2600.2180 Base Priority: 9 Name: lsass.exe Process ID: 744 Threads: 19 Reference Count: 0 Parent Process ID: 688 File Version: 5.1.2600.2180 Base Priority: 9 Name: ati2evxx.exe Process ID: 904 Threads: 5 Reference Count: 0 Parent Process ID: 732 File Version: 6.14.10.4131 Base Priority: 8 Name: svchost.exe Process ID: 920 Threads: 32 Reference Count: 0 Parent Process ID: 732 File Version: 5.1.2600.2180 Base Priority: 8 Name: svchost.exe Process ID: 996 Threads: 11 Reference Count: 0 Parent Process ID: 732 File Version: 5.1.2600.2180 Base Priority: 8 Name: svchost.exe Process ID: 1096 Threads: 75 Reference Count: 0 Parent Process ID: 732 File Version: 5.1.2600.2180 Base Priority: 8 Name: svchost.exe Process ID: 1136 Threads: 5 Reference Count: 0 Parent Process ID: 732 File Version: 5.1.2600.2180 Base Priority: 8 Name: svchost.exe Process ID: 1216 Threads: 6 Reference Count: 0 Parent Process ID: 732 File Version: 5.1.2600.2180 Base Priority: 8 Name: svchost.exe Process ID: 1332 Threads: 17 Reference Count: 0 Parent Process ID: 732 File Version: 5.1.2600.2180 Base Priority: 8 Name: CCSETMGR.EXE Process ID: 1388 Threads: 6 Reference Count: 0 Parent Process ID: 732 Base Priority: 8 Name: CCEVTMGR.EXE Process ID: 1648 Threads: 26 Reference Count: 0 Parent Process ID: 732 Base Priority: 8 Name: CCPROXY.EXE Process ID: 2032 Threads: 13 Reference Count: 0 Parent Process ID: 732 Base Priority: 8 Name: PIFSvc.exe Process ID: 2044 Threads: 6 Reference Count: 0 Parent Process ID: 732 Base Priority: 8 Name: SNDSrvc.exe Process ID: 172 Threads: 7 Reference Count: 0 Parent Process ID: 732 Base Priority: 8 Name: SPBBCSvc.exe Process ID: 224 Threads: 12 Reference Count: 0 Parent Process ID: 732 Base Priority: 8 Name: symlcsvc.exe Process ID: 248 Threads: 6 Reference Count: 0 Parent Process ID: 732 Base Priority: 8 Name: spoolsv.exe Process ID: 556 Threads: 11 Reference Count: 0 Parent Process ID: 732 File Version: 5.1.2600.2696 Base Priority: 8 Name: AluSchedulerSvc.exe Process ID: 932 Threads: 5 Reference Count: 0 Parent Process ID: 732 Base Priority: 8 Name: sqlservr.exe Process ID: 1120 Threads: 28 Reference Count: 0 Parent Process ID: 732 Base Priority: 8 Name: NAVAPSVC.EXE Process ID: 1208 Threads: 11 Reference Count: 0 Parent Process ID: 732 Base Priority: 8 Name: PMSHost.exe Process ID: 1764 Threads: 20 Reference Count: 0 Parent Process ID: 732 Base Priority: 8 Name: alg.exe Process ID: 2176 Threads: 5 Reference Count: 0 Parent Process ID: 732 File Version: 5.1.2600.2180 Base Priority: 8 Name: ati2evxx.exe Process ID: 3088 Threads: 5 Reference Count: 0 Parent Process ID: 688 File Version: 6.14.10.4131 Base Priority: 8 Name: explorer.exe Process ID: 3248 Threads: 15 Reference Count: 0 Parent Process ID: 964 File Version: 6.0.2900.3156 Base Priority: 8 Name: RTHDCPL.EXE Process ID: 3588 Threads: 4 Reference Count: 0 Parent Process ID: 3248 File Version: 1.1.1.6 Base Priority: 8 Name: PDVDServ.exe Process ID: 3604 Threads: 2 Reference Count: 0 Parent Process ID: 3248 Base Priority: 8 Name: CCAPP.EXE Process ID: 3612 Threads: 57 Reference Count: 0 Parent Process ID: 3248 Base Priority: 8 Name: jusched.exe Process ID: 3660 Threads: 3 Reference Count: 0 Parent Process ID: 3248 Base Priority: 8 Name: apdproxy.exe Process ID: 2716 Threads: 8 Reference Count: 0 Parent Process ID: 3248 Base Priority: 8 Name: DataLayer.exe Process ID: 3772 Threads: 3 Reference Count: 0 Parent Process ID: 3248 Base Priority: 8 Name: realsched.exe Process ID: 3784 Threads: 4 Reference Count: 0 Parent Process ID: 3248 Base Priority: 8 Name: remoterm.exe Process ID: 3816 Threads: 5 Reference Count: 0 Parent Process ID: 3248 Base Priority: 8 Name: PMC.Service.Main.exe Process ID: 3836 Threads: 18 Reference Count: 0 Parent Process ID: 3248 Base Priority: 8 Name: ICQLite.exe Process ID: 3768 Threads: 8 Reference Count: 0 Parent Process ID: 3248 Base Priority: 8 Name: BearShare.exe Process ID: 3868 Threads: 19 Reference Count: 0 Parent Process ID: 3248 Base Priority: 8 Name: SERVIC~1.EXE Process ID: 3936 Threads: 15 Reference Count: 0 Parent Process ID: 920 Base Priority: 8 Name: msnmsgr.exe Process ID: 2448 Threads: 26 Reference Count: 0 Parent Process ID: 3248 Base Priority: 8 Name: ctfmon.exe Process ID: 1920 Threads: 1 Reference Count: 0 Parent Process ID: 3248 File Version: 5.1.2600.2180 Base Priority: 8 Name: Skype.exe Process ID: 2072 Threads: 12 Reference Count: 0 Parent Process ID: 3248 Base Priority: 8 Name: NaturalColorLoad.exe Process ID: 1076 Threads: 1 Reference Count: 0 Parent Process ID: 3248 Base Priority: 8 Name: svchost.exe Process ID: 2528 Threads: 5 Reference Count: 0 Parent Process ID: 732 File Version: 5.1.2600.2180 Base Priority: 8 Name: USBPhoneDriver.exe Process ID: 3748 Threads: 3 Reference Count: 0 Parent Process ID: 3248 Base Priority: 8 Name: VideoControl.exe Process ID: 952 Threads: 10 Reference Count: 0 Parent Process ID: 920 Base Priority: 10 Name: NSCSRVCE.EXE Process ID: 4652 Threads: 13 Reference Count: 0 Parent Process ID: 732 Base Priority: 8 Name: jucheck.exe Process ID: 5296 Threads: 4 Reference Count: 0 Parent Process ID: 3660 Base Priority: 8 Name: usnsvc.exe Process ID: 4000 Threads: 3 Reference Count: 0 Parent Process ID: 732 Base Priority: 8 Name: csrss.exe Process ID: 4908 Threads: 11 Reference Count: 0 Parent Process ID: 612 File Version: 5.1.2600.2180 Base Priority: 13 Name: winlogon.exe Process ID: 2696 Threads: 13 Reference Count: 0 Parent Process ID: 612 File Version: 5.1.2600.2180 Base Priority: 13 Name: ati2evxx.exe Process ID: 4776 Threads: 5 Reference Count: 0 Parent Process ID: 2696 File Version: 6.14.10.4131 Base Priority: 8 Name: explorer.exe Process ID: 4992 Threads: 13 Reference Count: 0 Parent Process ID: 212 File Version: 6.0.2900.3156 Base Priority: 8 Name: RTHDCPL.EXE Process ID: 5216 Threads: 4 Reference Count: 0 Parent Process ID: 4992 File Version: 1.1.1.6 Base Priority: 8 Name: PDVDServ.exe Process ID: 5032 Threads: 2 Reference Count: 0 Parent Process ID: 4992 Base Priority: 8 Name: CCAPP.EXE Process ID: 1824 Threads: 55 Reference Count: 0 Parent Process ID: 4992 Base Priority: 8 Name: apdproxy.exe Process ID: 4832 Threads: 8 Reference Count: 0 Parent Process ID: 4992 Base Priority: 8 Name: DataLayer.exe Process ID: 2236 Threads: 3 Reference Count: 0 Parent Process ID: 4992 Base Priority: 8 Name: remoterm.exe Process ID: 4780 Threads: 5 Reference Count: 0 Parent Process ID: 4992 Base Priority: 8 Name: PMC.Service.Main.exe Process ID: 5456 Threads: 19 Reference Count: 0 Parent Process ID: 4992 Base Priority: 8 Name: ctfmon.exe Process ID: 1724 Threads: 1 Reference Count: 0 Parent Process ID: 4992 File Version: 5.1.2600.2180 Base Priority: 8 Name: SERVIC~1.EXE Process ID: 4212 Threads: 10 Reference Count: 0 Parent Process ID: 2696 Base Priority: 8 Name: NaturalColorLoad.exe Process ID: 4544 Threads: 1 Reference Count: 0 Parent Process ID: 4992 Base Priority: 8 Name: USBPhoneDriver.exe Process ID: 4516 Threads: 3 Reference Count: 0 Parent Process ID: 4992 Base Priority: 8 Name: VideoControl.exe Process ID: 5840 Threads: 10 Reference Count: 0 Parent Process ID: 2696 Base Priority: 10 Name: Ymsgr_tray.exe Process ID: 4480 Threads: 1 Reference Count: 0 Parent Process ID: 5072 Base Priority: 8 Name: AcroRd32.exe Process ID: 5608 Threads: 4 Reference Count: 0 Parent Process ID: 3248 Base Priority: 8 Name: iexplore.exe Process ID: 4968 Threads: 28 Reference Count: 0 Parent Process ID: 3248 Base Priority: 8 Name: rundll32.exe Process ID: 3040 Threads: 3 Reference Count: 0 Parent Process ID: 2700 File Version: 5.1.2600.2180 Base Priority: 8 Name: wmplayer.exe Process ID: 5448 Threads: 19 Reference Count: 0 Parent Process ID: 3248 Base Priority: 8 Name: DivXsm.exe Process ID: 1932 Threads: 3 Reference Count: 0 Parent Process ID: 920 Base Priority: 8 Name: godfather.exe Process ID: 2440 Threads: 9 Reference Count: 0 Parent Process ID: 3248 Base Priority: 8 Name: msmsgs.exe Process ID: 4648 Threads: 5 Reference Count: 0 Parent Process ID: 920 Base Priority: 8 Name: msmsgs.exe Process ID: 2468 Threads: 6 Reference Count: 0 Parent Process ID: 2696 Base Priority: 8 Threads: Thread ID: 0x000010B4 Priority Level: 8 Delta Priority: 0 References: 0 Creation Time: 05:34:17.062 20/10/2007 (D/M/Y) Kernel Time (Seconds): 33 User Time: (Seconds) 120 Thread ID: 0x000011A8 Priority Level: 15 Delta Priority: 0 References: 0 Creation Time: 05:34:17.890 20/10/2007 (D/M/Y) Kernel Time (Seconds): 0 User Time: (Seconds) 0 Thread ID: 0x000016EC Priority Level: 15 Delta Priority: 0 References: 0 Creation Time: 05:34:17.953 20/10/2007 (D/M/Y) Kernel Time (Seconds): 0 User Time: (Seconds) 0 Thread ID: 0x00000BA4 Priority Level: 15 Delta Priority: 0 References: 0 Creation Time: 05:34:17.953 20/10/2007 (D/M/Y) Kernel Time (Seconds): 0 User Time: (Seconds) 0 Thread ID: 0x000010BC Priority Level: 10 Delta Priority: 0 References: 0 Creation Time: 05:34:17.984 20/10/2007 (D/M/Y) Kernel Time (Seconds): 0 User Time: (Seconds) 0 Thread ID: 0x00000C80 Priority Level: 9 Delta Priority: 0 References: 0 Creation Time: 05:34:17.984 20/10/2007 (D/M/Y) Kernel Time (Seconds): 0 User Time: (Seconds) 0 Thread ID: 0x00000C70 Priority Level: 10 Delta Priority: 0 References: 0 Creation Time: 05:34:18.937 20/10/2007 (D/M/Y) Kernel Time (Seconds): 0 User Time: (Seconds) 0 Thread ID: 0x00000CEC Priority Level: 15 Delta Priority: 0 References: 0 Creation Time: 05:34:19.031 20/10/2007 (D/M/Y) Kernel Time (Seconds): 0 User Time: (Seconds) 0 Thread ID: 0x0000166C Priority Level: 9 Delta Priority: 0 References: 0 Creation Time: 05:34:19.046 20/10/2007 (D/M/Y) Kernel Time (Seconds): 2 User Time: (Seconds) 0 Modules: Name: godfather.exe Path: C:\Program Files\Electronic Arts\The Godfather The Game\godfather.exe Global Usage Count: 65535 Process Usage Count: 65535 HMODULE: 00400000 Size: 13508608 Name: ntdll.dll Path: C:\WINDOWS\system32\ntdll.dll Global Usage Count: 65535 Process Usage Count: 65535 HMODULE: 7C900000 Size: 720896 File Version: 5.1.2600.2180 Name: kernel32.dll Path: C:\WINDOWS\system32\kernel32.dll Global Usage Count: 65535 Process Usage Count: 65535 HMODULE: 7C800000 Size: 1003520 File Version: 5.1.2600.3119 Name: d3d9.dll Path: C:\WINDOWS\system32\d3d9.dll Global Usage Count: 65535 Process Usage Count: 65535 HMODULE: 4FDD0000 Size: 1728512 File Version: 5.3.2600.2180 Name: d3d8thk.dll Path: C:\WINDOWS\system32\d3d8thk.dll Global Usage Count: 65535 Process Usage Count: 65535 HMODULE: 6D990000 Size: 24576 File Version: 5.3.2600.2180 Name: GDI32.dll Path: C:\WINDOWS\system32\GDI32.dll Global Usage Count: 65535 Process Usage Count: 65535 HMODULE: 77F10000 Size: 290816 File Version: 5.1.2600.3159 Name: USER32.dll Path: C:\WINDOWS\system32\USER32.dll Global Usage Count: 65535 Process Usage Count: 65535 HMODULE: 7E410000 Size: 589824 File Version: 5.1.2600.3099 Name: msvcrt.dll Path: C:\WINDOWS\system32\msvcrt.dll Global Usage Count: 65535 Process Usage Count: 65535 HMODULE: 77C10000 Size: 360448 File Version: 7.0.2600.2180 Name: ADVAPI32.dll Path: C:\WINDOWS\system32\ADVAPI32.dll Global Usage Count: 65535 Process Usage Count: 65535 HMODULE: 77DD0000 Size: 634880 File Version: 5.1.2600.2180 Name: RPCRT4.dll Path: C:\WINDOWS\system32\RPCRT4.dll Global Usage Count: 65535 Process Usage Count: 65535 HMODULE: 77E70000 Size: 593920 File Version: 5.1.2600.3173 Name: VERSION.dll Path: C:\WINDOWS\system32\VERSION.dll Global Usage Count: 65535 Process Usage Count: 65535 HMODULE: 77C00000 Size: 32768 File Version: 5.1.2600.2180 Name: WINMM.dll Path: C:\WINDOWS\system32\WINMM.dll Global Usage Count: 65535 Process Usage Count: 65535 HMODULE: 76B40000 Size: 184320 File Version: 5.1.2600.2180 Name: d3dx9_27.dll Path: C:\WINDOWS\system32\d3dx9_27.dll Global Usage Count: 65535 Process Usage Count: 65535 HMODULE: 010F0000 Size: 2420736 File Version: 9.8.299.0 Name: DSOUND.dll Path: C:\WINDOWS\system32\DSOUND.dll Global Usage Count: 65535 Process Usage Count: 65535 HMODULE: 73F10000 Size: 376832 File Version: 5.3.2600.2180 Name: ole32.dll Path: C:\WINDOWS\system32\ole32.dll Global Usage Count: 65535 Process Usage Count: 65535 HMODULE: 774E0000 Size: 1298432 File Version: 5.1.2600.2726 Name: SHELL32.dll Path: C:\WINDOWS\system32\SHELL32.dll Global Usage Count: 65535 Process Usage Count: 65535 HMODULE: 7C9C0000 Size: 8474624 File Version: 6.0.2900.3051 Name: SHLWAPI.dll Path: C:\WINDOWS\system32\SHLWAPI.dll Global Usage Count: 65535 Process Usage Count: 65535 HMODULE: 77F60000 Size: 483328 File Version: 6.0.2900.2995 Name: DINPUT8.dll Path: C:\WINDOWS\system32\DINPUT8.dll Global Usage Count: 65535 Process Usage Count: 65535 HMODULE: 6CE10000 Size: 229376 File Version: 5.3.2600.2180 Name: DDRAW.dll Path: C:\WINDOWS\system32\DDRAW.dll Global Usage Count: 65535 Process Usage Count: 65535 HMODULE: 73760000 Size: 299008 File Version: 5.3.2600.2180 Name: DCIMAN32.dll Path: C:\WINDOWS\system32\DCIMAN32.dll Global Usage Count: 65535 Process Usage Count: 65535 HMODULE: 73BC0000 Size: 24576 File Version: 5.1.2600.2180 Name: IMM32.DLL Path: C:\WINDOWS\system32\IMM32.DLL Global Usage Count: 4 Process Usage Count: 4 HMODULE: 76390000 Size: 118784 File Version: 5.1.2600.2180 Name: LPK.DLL Path: C:\WINDOWS\system32\LPK.DLL Global Usage Count: 1 Process Usage Count: 1 HMODULE: 629C0000 Size: 36864 File Version: 5.1.2600.2180 Name: USP10.dll Path: C:\WINDOWS\system32\USP10.dll Global Usage Count: 1 Process Usage Count: 1 HMODULE: 74D90000 Size: 438272 File Version: 1.420.2600.2180 Name: comctl32.dll Path: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll Global Usage Count: 1 Process Usage Count: 1 HMODULE: 773D0000 Size: 1060864 File Version: 6.0.2900.2982 Name: comctl32.dll Path: C:\WINDOWS\system32\comctl32.dll Global Usage Count: 1 Process Usage Count: 1 HMODULE: 5D090000 Size: 630784 File Version: 5.82.2900.2982 Name: DBGHELP.DLL Path: C:\WINDOWS\system32\DBGHELP.DLL Global Usage Count: 1 Process Usage Count: 1 HMODULE: 59A60000 Size: 659456 File Version: 5.1.2600.2180 Name: WINTRUST.dll Path: C:\WINDOWS\system32\WINTRUST.dll Global Usage Count: 7 Process Usage Count: 7 HMODULE: 76C30000 Size: 188416 File Version: 5.131.2600.2180 Name: CRYPT32.dll Path: C:\WINDOWS\system32\CRYPT32.dll Global Usage Count: 7 Process Usage Count: 7 HMODULE: 77A80000 Size: 606208 File Version: 5.131.2600.2180 Name: MSASN1.dll Path: C:\WINDOWS\system32\MSASN1.dll Global Usage Count: 14 Process Usage Count: 14 HMODULE: 77B20000 Size: 73728 File Version: 5.1.2600.2180 Name: IMAGEHLP.dll Path: C:\WINDOWS\system32\IMAGEHLP.dll Global Usage Count: 7 Process Usage Count: 7 HMODULE: 76C90000 Size: 163840 File Version: 5.1.2600.2180 Name: wdmaud.drv Path: C:\WINDOWS\system32\wdmaud.drv Global Usage Count: 9 Process Usage Count: 9 HMODULE: 72D20000 Size: 36864 File Version: 5.1.2600.2180 Name: msacm32.drv Path: C:\WINDOWS\system32\msacm32.drv Global Usage Count: 2 Process Usage Count: 2 HMODULE: 72D10000 Size: 32768 File Version: 5.1.2600.0 Name: MSACM32.dll Path: C:\WINDOWS\system32\MSACM32.dll Global Usage Count: 2 Process Usage Count: 2 HMODULE: 77BE0000 Size: 86016 File Version: 5.1.2600.2180 Name: midimap.dll Path: C:\WINDOWS\system32\midimap.dll Global Usage Count: 1 Process Usage Count: 1 HMODULE: 77BD0000 Size: 28672 File Version: 5.1.2600.2180 Name: KsUser.dll Path: C:\WINDOWS\system32\KsUser.dll Global Usage Count: 1 Process Usage Count: 1 HMODULE: 73EE0000 Size: 16384 File Version: 5.3.2600.2180 Name: uxtheme.dll Path: C:\WINDOWS\system32\uxtheme.dll Global Usage Count: 2 Process Usage Count: 2 HMODULE: 5AD70000 Size: 229376 File Version: 6.0.2900.2180 Name: ASOEHOOK.DLL Path: C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASOEHOOK.DLL Global Usage Count: 1 Process Usage Count: 1 HMODULE: 651B0000 Size: 139264 File Version: 2006.2.0.153 Name: MSVCR71.dll Path: C:\WINDOWS\system32\MSVCR71.dll Global Usage Count: 3 Process Usage Count: 3 HMODULE: 7C340000 Size: 352256 File Version: 7.10.3052.4 Name: ccL40.dll Path: C:\Program Files\Common Files\Symantec Shared\ccL40.dll Global Usage Count: 1 Process Usage Count: 1 HMODULE: 6AF90000 Size: 385024 File Version: 104.0.14.2 Name: OLEAUT32.dll Path: C:\WINDOWS\system32\OLEAUT32.dll Global Usage Count: 2 Process Usage Count: 2 HMODULE: 77120000 Size: 569344 File Version: 5.1.2600.3139 Name: MSVCP71.dll Path: C:\WINDOWS\system32\MSVCP71.dll Global Usage Count: 1 Process Usage Count: 1 HMODULE: 7C3A0000 Size: 503808 File Version: 7.10.3077.0 Name: MSCTF.dll Path: C:\WINDOWS\system32\MSCTF.dll Global Usage Count: 1 Process Usage Count: 1 HMODULE: 74720000 Size: 307200 File Version: 5.1.2600.2180 Name: msctfime.ime Path: C:\WINDOWS\system32\msctfime.ime Global Usage Count: 2 Process Usage Count: 2 HMODULE: 755C0000 Size: 188416 File Version: 5.1.2600.2180 Name: HID.DLL Path: C:\WINDOWS\system32\HID.DLL Global Usage Count: 1 Process Usage Count: 1 HMODULE: 688F0000 Size: 36864 File Version: 5.1.2600.2180 Name: SETUPAPI.DLL Path: C:\WINDOWS\system32\SETUPAPI.DLL Global Usage Count: 1 Process Usage Count: 1 HMODULE: 77920000 Size: 995328 File Version: 5.1.2600.2180 Name: Secur32.dll Path: C:\WINDOWS\system32\Secur32.dll Global Usage Count: 1 Process Usage Count: 1 HMODULE: 77FE0000 Size: 69632 File Version: 5.1.2600.2180 Registers: EAX 00000000 EBX 00000D75 ECX 0012F73C EDX 000003A3 ESI 0DF385B0 EDI 0DF385B0 CS:EIP 0000001B:0092670E SS:ESP 00000023:0012F788 EBP 00000023 DS 00000023 ES 00000023 FS 0000003B GS 00000000 Flags 00010206 Call Stack: 0x0092670E [.text]:0x0052570E C:\Program Files\Electronic Arts\The Godfather The Game\godfather.exe Variables Frame Pointer: 0x0012F7A8 0x009268F7 [.text]:0x005258F7 C:\Program Files\Electronic Arts\The Godfather The Game\godfather.exe Variables Frame Pointer: 0x0012F7C0 0x0092430D [.text]:0x0052330D C:\Program Files\Electronic Arts\The Godfather The Game\godfather.exe Variables Frame Pointer: 0x00000000 [/QUOTE] |
Ähm du bist dir sicher mit Combofix gescannt zu haben? Ich zeig dir mal einen typischen Combofix Scan: http://www.trojaner-board.de/68673-f...tml#post407135 |
Ja ich hab mit Combofix gescannt. Es hat viele Probleme behoben und dann mein Computer neugestartet. Da aber kein Log da war bin ich auf C gegangen und hab dort die Log Datei gefunden, die ich dann hier gepostet habe. Soll ich nochmal Combofix machen oder was?? Weisst du mein PC ist jetzt nicht mehr so langsam, aber die Videos stocken immernoch massiv und es regt voll auf. Ich habe einen volll schnellen PC, und kann nicht mal richtig Filme schauen, und ich brauche meinen PC in erster Linie fürs Filme schauen. Auch mein Internet ist nich mehr langsam, aber wenn ich auf den Seiten runterscrolle, dann fühlt es sich so an, als müsste es die ganze Seite neu laden. Verstehst du was ich meine?? Vielleicht liegt das Problem woanders?? Lg Tony |
Nein Combofix nicht noch einmal machen! also: Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des System durch einen Wiederherstellungspunkt das System wahrscheinlich wieder infizieren würde. Blacklight scannen lassen * Lade Blacklight runter in einen eigenen Ordner, z.B. C:\programme\blacklight. Sollte der Download nicht klappen, dann probiere es mit diesem Link. * Starte in diesem Ordner blbeta.exe. Alle anderen Programme schließen. * Klick "I accept the agreement", "next", "Scan". * Wenn der Scan fertig ist beende Blacklight mit "Close". * Im Verzeichnis von Blacklight findest Du das erstellte Log fsbl-XXX.log, anstelle der XXX steht eine längere Folge von Ziffern. SDFix anwenden:
dann einen neuen HiJackThis Log. |
Hab Blacklight laufen gelassen, nix gefunden und nix repariert. Hier mein Report von SDFix: SDFix: Version 1.240 Run by Marwan on 2009-01-21 at 08:03 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-21 08:10:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="G G" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 "DisableSR"=dword:00000000 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe:LocalSubNet:Enabled:Pmc.exe" "C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe:LocalSubNet:Enabled:PSST.exe" "C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe:LocalSubNet:Enabled:PMSManager.exe" "C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe" "C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe:LocalSubNet:Enabled:PMC.Tvtv.Wizard.exe" "C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe" "G:\\STHIW\\STSetup.exe"="G:\\STHIW\\STSetup.exe:*:Enabled:SpeedTouch Home Install Wizard" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "F:\\My Documents\\Marwan\\Programms\\Marwans Azureus\\Azureus\\Azureus.exe"="F:\\My Documents\\Marwan\\Programms\\Marwans Azureus\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : Files with Hidden Attributes : Finished! -------- Hijackthis Log folgt |
Hijackthis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:19, on 2009-01-21 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\System32\TUProgSt.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe F:\My Documents\Marwan\Programms\Marwans SuperAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\USB\USB VoIP Phone\USBPhoneDriver.exe C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://downloads.yahoo.com/internetexplorer/welcome.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\My Documents\Marwan\Programms\Marwans SuperAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: USBVoIPPhone.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://egyptian-marwan.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145681592718 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CD9C35DB-9D48-4193-923D-A4684DFA35B8}: NameServer = 163.121.128.134,163.121.128.135 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - F:\My Documents\Marwan\Programms\Marwans SuperAntiSpyware\SASWINLO.dll O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 8244 bytes |
Lass mal bitte Windows updaten: => Start => alle Programme => Windows Update Hast du wirklich alle neusten Treiber installiert? Was hast du denn mit TuneUp Utilities 2009 alles gemacht? |
Also jetzt hab ich einen Windows Update durchgeführt, hat sich leider aber trotzdem nix geändert. Mit TuneUp Utilities hab ich alles Mögliche gemacht, was man damit machen. System Checkup, Defragmentierung, Registery Bearbeiten usw. Mein Pc ist jetzt zwar schneller geworden, aber im Internet und bei den Videos (auch beim Musik hören) hat sich nix verändert. Ich versteh einfach nicht wo das Problem liegt. und bei jedem Scan mit jedem Programm sagen sie mir immer, dass keine Infizierungen gefunden worden. Aber es ändert sich einfach nix ... was is da los???? Lg Tony |
Ich hab jetzt die neuste Version von directX runtergeladen von Microsoft und ausserdem das neuste divx codec. Es ändert sich aber nix, die videos stocken immernoch wie behindert und das internet auch ... könnte das problem irgendwo anders liegen?? denn sonst ist mein computer nicht mehr langsam. Es sind nur die Videos und das internet, sowie Microsoft word und adobe. |
Hey Leutz .. weiss niemand weiter?? Ihr seid meine letzte Hoffnung hab schon alles ausprobiert :headbang: |
Hallo, deinstalliere alles von Google und Yahoo. Falls du dich nicht gerade in Ägypten aufhältst, dann fixe folgende Einträge mit HJT: Code: O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')ciao, andreas |
Google und Yahoo alles deinstalliert. Zeug mit HJT gefixt. Hier nun mein neuer Log Zitat:
|
und leutz ?? keine ahnung ??? kann jemand mein HJT Log checken?? irgendwie is es einfach bescheuert ich hab absolut alles probiert und mein PC ist dank Eminemstyle wieder mal schnell, aber das internet ist verdammt langsam und die videos auch ... könnte das problem woanders liegen ?? Lg Tony |
Ja. An deiner Leitung oder deinem Provider. ciao, andreas |
@ JohnDoe: Nein, daran liegt es nicht ... Ich hab einen anderen Computer, der die gleiche verbindung hat, und dort läuft alles perfekt .. ausserdem ist nich nur das internet lahm, sondern auch die videos, die die ganze zeit stocken ... ich hab ausserdem alle meine codecs gelöscht und dann nur das K-lite codec installiert.. könnte es an den codecs liegen ?? und wenn, was müsste ich dann installiern? Lg und Thx Tony |
Poste ein HJT-Log von dem anderen Computer. ciao, andreas |
Also ich würd mich für eins der vielen Antivirusprogramme entscheiden und die anderen:snyper:!! Untereinander vertragen die sich nicht und die gekauften(G Data, Norton etc.) solltest du garnicht erst nutzen. Im Computerbildtest haben die Gekauften (die meißten) hinter den abgeschnitten die umsonst sind!!(Kaspersky ist erster geworden!!) Am besten du lädst dir AVG runter(hat unser Nachbar uns empfohlen...er ist Programmierer und entwickelt diese Programme beruflich)!! Auf keinen Fall Avira nehmen das hat bei mir obwohl ich das neuste Update hatte einen Virus von 2006 durchgelassen...:schmoll: |
@ John.Doe: Ich kann keinen HIJT Log vom anderen Computer posten, weil der andere kapputt ist. Aber ich sags dir, es liegt nicht an der Verbindung. @Gunit: Ich habe jetzt nur noch AVG drauf, aber das Problem besteht immernoch... Nach jedem Scan sagen mir meine Programme, dass keine Fehler vorhanden sind, aber das Zeug ist immernohc unglaublich langsam, und die Videos stocken, und wenn ich Windows media Player anschalte, dann ist es so verdammt langsam, als hätte ich ein PC aus dem 15 Jahrhundert. Ideen??? hab jetz schon alles ausprobiert .. Lg Tony |
Schau mal, ob du im Hauptverzeichnis eine Datei combofix.txt findest, falls ja, dann poste sie, falls nein: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. ciao, andreas |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 14:20 Uhr. |
Copyright ©2000-2025, Trojaner-Board