100 % CPU-Auslastung, besonders bei explorer.exe und diverse Trojaner |
||
---|---|---|
#0
| ||
02.11.2005, 18:57
Member
Beiträge: 13 |
||
|
||
03.11.2005, 01:31
Member
Beiträge: 4730 |
#2
Bitte erstelle zunächst ein HJT-Log, damit man sich ein besseres Bild von der Verseuchung machen kann. Wie das geht, erfährst Du hier:
http://managor.de/hjt.htm __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
||
03.11.2005, 06:13
Member
Themenstarter Beiträge: 13 |
#3
Hallo Managor,
hier mein HJT-Log: Logfile of HijackThis v1.99.1 Scan saved at 06:10:10, on 03.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\Smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Programme\Executive Software\Diskeeper\DkService.exe C:\Programme\ewido\security suite\ewidoctrl.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Programme\Raxco\PerfectDisk\PDSched.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\Programme\Ascentive\ActiveSpeed\AS.exe C:\PROGRA~1\1PW\ONEPW.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe C:\Programme\AT-AR215\AT-AR215 USB ADSL MODEM\dslmon.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\INCRED~1\bin\IncMail.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\taskmgr.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\Heike\LOKALE~1\Temp\Rar$EX00.172\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.incredimail.com/page.asp?page=reg_success&lang=7&version=4502089&aff_id=0&addon=IncrediMail O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Programme\Gemeinsame Dateien\ReGet Shared\Catcher.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Programme\DATA BECKER\DSL TurboPower\IEBar.dll O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [ActiveSpeed] C:\Programme\Ascentive\ActiveSpeed\AS.exe O4 - HKLM\..\Run: [1PW] C:\PROGRA~1\1PW\ONEPW.EXE O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programme\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: A&lles mit ReGet Deluxe herunterladen - C:\Programme\Gemeinsame Dateien\ReGet Shared\CC_All.htm O8 - Extra context menu item: Herunterladen mit Re&Get Deluxe - C:\Programme\Gemeinsame Dateien\ReGet Shared\CC_Link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: IE-Spuren löschen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Programme\TraXEx\Integration\TraXEx 3.0 Internet Explorer.lnk O9 - Extra button: Löschautomat - {8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - C:\Programme\TraXEx\Integration\TraXEx 3.0 Löschautomat.lnk O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130425055937 O17 - HKLM\System\CCS\Services\Tcpip\..\{670A69E6-5DD6-4423-BB92-358176272666}: NameServer = 194.97.173.125 194.97.173.124 O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programme\Executive Software\Diskeeper\DkService.exe O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDSched.exe O23 - Service: PestPatrol Remote - Computer Associates International, Inc. - C:\Programme\Gemeinsame Dateien\pestpatrol\ppRemoteService.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Sygate Personal Firewall Platinum (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\Smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe Erwähnen möchte ich noch, dass sich der Updater des Common Client von Symantec nicht mehr updatet. Virendefinitionen kann ich jedoch trotzdem runterladen. So sagt mir Norton das wenigstens. Danke schon mal für Deine Mühe und liebe Grüße, Heike |
|
|
||
10.11.2005, 22:24
...neu hier
Beiträge: 2 |
#4
Ich habe auch diese Problem...
ständig ist mein Explorer 100% ausgelastet zum wahnsinnig werden ich währe euch sehr dankbar wenn ihr mir helfen könntet. hier ist das LogFile von Hijack Logfile of HijackThis v1.99.1 Scan saved at 22:24:19, on 10.11.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\Norton AntiVirus\SAVScan.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Winamp\winampa.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\Fox Magic\ScreenVirtuoso Pro 2.00\dxlock.exe C:\Programme\Sphairon\UB801R USB Wireless LAN Card\Installer\WINXP\ScConfig2500USB.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Outlook Express\msimn.exe C:\Programme\Norton AntiVirus\OPScan.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\darki!\LOKALE~1\Temp\Rar$EX00.578\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar.dll O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programme\Gemeinsame Dateien\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [dxlock] C:\Programme\Fox Magic\ScreenVirtuoso Pro 2.00\dxlock.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: ScConfig2500USB.lnk = C:\Programme\Sphairon\UB801R USB Wireless LAN Card\Installer\WINXP\ScConfig2500USB.exe O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\googletoolbar.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\googletoolbar.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\googletoolbar.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\googletoolbar.dll/cmsimilar.html O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01ea3f4988d196589600/netzip/RdxIE601_de.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe Vielen Dank im Voraus!!! |
|
|
||
11.11.2005, 13:47
...neu hier
Beiträge: 1 |
#5
Hi,
ich schliess mich mal an: vielleicht kann auch bei mir jemand schnelle hilfe geben, das problem lässt sich durch neustarten des rechners meistens umgehen, tritt dann aber in unregelmäßigen abständen wieder auf, insbesondere z.B. nach starten des wmplayer. antivir und spybot finden nicht wirklich etwas: Logfile of HijackThis v1.99.1 Scan saved at 14:03:29, on 11.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SCARDS32.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\SG2.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Logitech\iTouch\iTouch.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\sstray.exe C:\Programme\Ahead\InCD\InCD.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\system32\lexpps.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\taskmgr.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Downloads\BTT\hijackthis\HijackThis.exe O4 - HKLM\..\Run: [SpeedGear] C:\WINDOWS\System32\SG2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [AWMON] "C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Preispiraten 2.1.2 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay Homepage - {D4951B60-8FF9-4813-B716-FF3E75386E74} - http://www.preispiraten.de/cgi-bin/e/tracker_short.pl?http://www.ebay.de (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - https://banking.seb.de/hbci/plugin/AXFOAM.CAB O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124266729406 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ich weiss leider nicht weiter .... danke schon einmal Dieser Beitrag wurde am 11.11.2005 um 14:05 Uhr von gilehad editiert.
|
|
|
||
ich habe ein großes Problem, und ich denke, Ihr könnt mir sicher gut weiter helfen.
Ich hatte vor einer Woche fast immer beim Öffnen von explorer.exe eine CPU-Auslastung von 100 %, die dann wieder etwas runterging und z. B. beim Defragmentieren oder Brennen wieder derart hoch ging, dass das System echt lahm war.
Habe das System neu aufgesetzt, vorher alles richtig gelöscht. Jetzt, nach nur wenigen Tagen, stehe ich wieder vor dem gleichen Problem.
Ich hab mal escan drüber laufen lassen. Ergebnis:
Tue Nov 01 22:13:34 2005 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\maxthon !!!
Tue Nov 01 22:13:40 2005 => Object "abxtoolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Tue Nov 01 22:13:40 2005 => Offending Key found: HKCU\Software\maxthon !!!
Tue Nov 01 22:13:40 2005 => Object "abxtoolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Tue Nov 01 22:13:41 2005 => Offending Folder found: C:\Programme\maxthon
Tue Nov 01 22:13:41 2005 => Object "abxtoolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Tue Nov 01 22:13:43 2005 => Offending Folder found: C:\Dokumente und Einstellungen\Startmenü\programme\maxthon
Tue Nov 01 22:13:43 2005 => Object "abxtoolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Tue Nov 01 22:13:43 2005 => Offending Folder found: C:\Dokumente und Einstellungen\Heike\Startmenü\Programme\maxthon
Tue Nov 01 22:13:43 2005 => Object "abxtoolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Tue Nov 01 22:13:45 2005 => Offending file found: C:\Dokumente und Einstellungen\Heike\Lokale Einstellungen\anwendungsdaten\im\runtime\emoticoncenter\new.gif
Tue Nov 01 22:13:45 2005 => System found infected with ezula toptext Spyware/Adware (new.gif)! Action taken: No Action Taken.
Tue Nov 01 22:13:50 2005 => Offending file found: C:\Dokumente und Einstellungen\Heike\Lokale Einstellungen\temporary internet files\content.ie5\opqrstuv\global[1].js
Tue Nov 01 22:13:50 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken.
Tue Nov 01 22:13:51 2005 => Offending file found: C:\Dokumente und Einstellungen\Heike\Lokale Einstellungen\Anwendungsdaten\im\runtime\emoticoncenter\new.gif
Tue Nov 01 22:13:51 2005 => System found infected with ezula toptext Spyware/Adware (new.gif)! Action taken: No Action Taken.
Tue Nov 01 22:13:53 2005 => Offending file found: C:\Dokumente und Einstellungen\Heike\Lokale Einstellungen\Temporary Internet Files\content.ie5\opqrstuv\global[1].js
Tue Nov 01 22:13:53 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken.
Tue Nov 01 22:13:54 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\norton systemworks\norton utilities\norton disk doctor.lnk
Tue Nov 01 22:13:54 2005 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.
Tue Nov 01 22:13:54 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\norton systemworks\norton utilities\norton disk doctor.lnk
Tue Nov 01 22:13:54 2005 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.
Tue Nov 01 22:13:55 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".acr". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".b3d". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cam". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cr2". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".crw". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dcm". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dds". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".djvu". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ecw". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fsh". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".g3". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gsm". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".icl". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ics". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".img". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iw44". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jng". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpm". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".kdc". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lbm". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ldf". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lds". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lwf". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".med". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ngg". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nlm". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".opw". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pbm". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pcd". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pcv". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pgm". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ppm". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ras". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".raw". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rgb". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sff". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfw". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sgi". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sid". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sun". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tga". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tla". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".wbmp". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xpm". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{5D422994-9E10-11D4-AEB1-00D0B7237D97}". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-7EC8-7489-000000000702}". Action Taken: No Action Taken.
Tue Nov 01 22:14:00 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B6F867E8-F092-4C5E-7D72-AC7057DBEF45}". Action Taken: No Action Taken.
Hm, und nun weiß ich nicht mehr weiter. Habe schon jede Menge gegooglet, aber das, was ich zum Ezula-Toptext-Entfernen gefunden habe, klappt nicht. Auch Abxtoolbar klappt nicht.
Hab Ad-Aware, Spybot, SpySweeper und PestPatrol auch drüber laufen lassen. Die finden jetzt nichts mehr.
Aber irgendwas muss ja sein, und das Ergebnis von Escan deutet m. E. darauf hin.
Kann ich da was mit HijackThis machen? Ich hab mit Hijackthis ein Log gemacht und das auf der entsprechenden Seite überprüft. Da finde ich leider auch nichts, was mir hilft.
Wer weiß Rat? Wie kriege ich die CPU-Auslastung wieder in den "grünen Bereich"? Und vor allem: Wie werde ich die Viecher wieder los???
Danke schon mal für Eure Hilfe und liebe Grüße,
Eijeijei