Computer extrem langsam, obwohl nicht immer auf 100 % Systemauslastung |
||
---|---|---|
#0
| ||
16.04.2007, 23:16
...neu hier
Beiträge: 2 |
||
|
||
17.04.2007, 08:29
Member
Beiträge: 694 |
#2
Hi,
da hängt einiges rum, besser neu aufsetzten (Vundo) Zitat 04/16/2007 08:28 PM 123,972 edprbprw.dllWenn gewünscht können wir versuchen zu reinigen... Chris |
|
|
||
17.04.2007, 09:45
Member
Beiträge: 694 |
#3
Falls Du die Reinigung probieren willst,
wie folgt vorgehen: virustotal: Zitat C:\WINDOWS\SYSTEM32\WRLogonNTF.dllFalls eine der Dateien erkannt wird, in das Avengerscript unter "Files to delete" einfügen! Also: Avenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten Hijackthis, fixen: öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat
Chris |
|
|
||
19.04.2007, 07:17
...neu hier
Themenstarter Beiträge: 2 |
#4
Danke erstmal, daß Du dich meiner Sache annimmst....
Complete scanning result of "WRLogonNtf.dll", received in VirusTotal at 04.19.2007, 05:59:15 (CET). Antivirus Version Update Result AhnLab-V3 2007.4.19.0 04.18.2007 no virus found AntiVir 7.3.1.53 04.18.2007 no virus found Authentium 4.93.8 04.18.2007 no virus found Avast 4.7.981.0 04.18.2007 no virus found AVG 7.5.0.447 04.18.2007 no virus found BitDefender 7.2 04.19.2007 no virus found CAT-QuickHeal 9.00 04.18.2007 no virus found ClamAV devel-20070416 04.18.2007 no virus found DrWeb 4.33 04.18.2007 no virus found eSafe 7.0.15.0 04.18.2007 no virus found eTrust-Vet 30.7.3578 04.19.2007 no virus found Ewido 4.0 04.18.2007 no virus found FileAdvisor 1 04.19.2007 no virus found Fortinet 2.85.0.0 04.19.2007 no virus found F-Prot 4.3.2.48 04.18.2007 no virus found F-Secure 6.70.13030.0 04.19.2007 no virus found Ikarus T3.1.1.5 04.18.2007 no virus found Kaspersky 4.0.2.24 04.19.2007 no virus found McAfee 5012 04.18.2007 no virus found Microsoft 1.2405 04.18.2007 no virus found NOD32v2 2202 04.18.2007 no virus found Norman 5.80.02 04.18.2007 no virus found Panda 9.0.0.4 04.18.2007 no virus found Prevx1 V2 04.19.2007 no virus found Sophos 4.16.0 04.17.2007 no virus found Sunbelt 2.2.907.0 04.14.2007 no virus found Symantec 10 04.19.2007 no virus found TheHacker 6.1.6.095 04.15.2007 no virus found VBA32 3.11.3 04.18.2007 no virus found VirusBuster 4.3.7:9 04.18.2007 no virus found Webwasher-Gateway 6.0.1 04.18.2007 no virus found Aditional Information File size: 492544 bytes MD5: 288b36afe9bb4b5bb913fc3e418b7691 SHA1: 96516b06c0febd3c35e85e3e384167f8efefb5c7 ___________________________________________________________________ Complete scanning result of "cpavpcto.dll", received in VirusTotal at 04.19.2007, 06:04:54 (CET). Antivirus Version Update Result AhnLab-V3 2007.4.19.0 04.18.2007 no virus found AntiVir 7.3.1.53 04.18.2007 HEUR/Crypted Authentium 4.93.8 04.18.2007 no virus found Avast 4.7.981.0 04.18.2007 no virus found AVG 7.5.0.447 04.18.2007 no virus found BitDefender 7.2 04.19.2007 no virus found CAT-QuickHeal 9.00 04.18.2007 no virus found ClamAV devel-20070416 04.18.2007 no virus found DrWeb 4.33 04.18.2007 no virus found eSafe 7.0.15.0 04.18.2007 Suspicious Trojan/Worm eTrust-Vet 30.7.3578 04.19.2007 no virus found Ewido 4.0 04.18.2007 no virus found FileAdvisor 1 04.19.2007 no virus found Fortinet 2.85.0.0 04.19.2007 no virus found F-Prot 4.3.2.48 04.18.2007 no virus found F-Secure 6.70.13030.0 04.19.2007 no virus found Ikarus T3.1.1.5 04.18.2007 MalwareScope.Trojan-Spy.BZub.1 Kaspersky 4.0.2.24 04.19.2007 no virus found McAfee 5012 04.18.2007 no virus found Microsoft 1.2405 04.18.2007 no virus found NOD32v2 2202 04.18.2007 no virus found Norman 5.80.02 04.18.2007 no virus found Panda 9.0.0.4 04.18.2007 Suspicious file Prevx1 V2 04.19.2007 no virus found Sophos 4.16.0 04.17.2007 no virus found Sunbelt 2.2.907.0 04.14.2007 no virus found Symantec 10 04.19.2007 no virus found TheHacker 6.1.6.095 04.15.2007 no virus found VBA32 3.11.3 04.18.2007 no virus found VirusBuster 4.3.7:9 04.18.2007 no virus found Webwasher-Gateway 6.0.1 04.18.2007 Heuristic.Crypted Aditional Information File size: 125460 bytes MD5: 11acf8b5865096a7db8981022fbc3bc8 SHA1: 16d60f2ba6320ef731aa588449d036a039e97764 packers: MORPHINE ___________________________________________________________________ C:\WINDOWS\system32\xsoipgem.dll ist aus mir nicht ersichtlichen Gründen nicht mehr auf der Festplatte ___________________________________________________________________ Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\jtxlktib ******************* Script file located at: \??\C:\WINDOWS\ixfatfye.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\edprbprw.dll deleted successfully. File C:\WINDOWS\system32\qomlkhh.dll not found! Deletion of file C:\WINDOWS\system32\qomlkhh.dll failed! Could not process line: C:\WINDOWS\system32\qomlkhh.dll Status: 0xc0000034 File C:\WINDOWS\system32\cthikigt.dll deleted successfully. File C:\WINDOWS\system32\xshhpruo.dll deleted successfully. File C:\WINDOWS\system32\vstpxrts.dll not found! Deletion of file C:\WINDOWS\system32\vstpxrts.dll failed! Could not process line: C:\WINDOWS\system32\vstpxrts.dll Status: 0xc0000034 File C:\WINDOWS\system32\ylwhwdmg.dll deleted successfully. File C:\WINDOWS\system32\qellboyh.dll deleted successfully. File C:\WINDOWS\system32\hwdcexyo.dll deleted successfully. File C:\WINDOWS\system32\xfufkyja.dll deleted successfully. File C:\WINDOWS\system32\yvyiyajs.dll deleted successfully. File C:\WINDOWS\system32\vyadd.ini deleted successfully. File C:\WINDOWS\system32\vyadd.tmp deleted successfully. File C:\WINDOWS\system32\kfgdjxtv.dll deleted successfully. File C:\WINDOWS\system32\fljvrist.dll deleted successfully. File C:\WINDOWS\system32\oobappyk.dll deleted successfully. File C:\WINDOWS\system32\rskmxgiy.dll deleted successfully. File C:\WINDOWS\system32\vyadd.bak1 deleted successfully. File C:\WINDOWS\system32\ddayv.dll deleted successfully. File C:\WINDOWS\system32\cpavpcto.dll deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomlkhh deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayv deleted successfully. Completed script processing. ******************* Finished! Terminate. ___________________________________________________________________ Hijackthis: Es waren nur mehr 1 der 4 von dir zu fixenden Dateien vorhanden, möglicherweise hab ich inzwischen einen Scanner drüberlaufen lassen. Hab ich in letzter Zeit so oft gemacht, kann mich gar nicht mehr erinnern...... Dafür ist mir ein neuer Eintrag aufgefallen, der bis auf den Dateinamen gleich aussieht wie deine von mir nicht gefundene, zu fixende Datei: Neu: O2 - BHO: (no name) - {18FB77CC-8FB8-484E-A135-F7EE864EE2E6} - C:\WINDOWS\system32\ibitlhit.dll Alt (Dein Fix-Tipp): O2 - BHO: (no name) - {18FB77CC-8FB8-484E-A135-F7EE864EE2E6} - C:\WINDOWS\system32\cpavpcto.dll ___________________________________________________________________ Logfile of HijackThis v1.99.1 Scan saved at 6:31:11 AM, on 4/19/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\Programme\Spyware Doctor\sdhelp.exe C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Java\jre1.5.0_08\bin\jusched.exe C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.surething.com/swlinks/stcd4/links.asp?promo=stcdx_sonic&base=order&version=2.0 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {18FB77CC-8FB8-484E-A135-F7EE864EE2E6} - C:\WINDOWS\system32\ibitlhit.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll O2 - BHO: (no name) - {6DB38642-A70F-4C98-B82F-80D80E29E1E0} - (no file) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O2 - BHO: (no name) - {D002BA9B-0C2B-4F3E-883C-C429E68E9AFF} - C:\WINDOWS\system32\ddayv.dll (file missing) O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hp\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe" /Start O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" O4 - HKLM\..\Run: [kis] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [SBCSTray] C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\npjpi150_08.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\npjpi150_08.dll O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe ___________________________________________________________________ Verbesserung spüre ich derzeit nur dass ich Mozilla wieder ohne Fehlermeldung (Fehlerbericht senden oder nicht senden) öffnen lässt. IE geht auch wieder. Weiterhin vorhanden ist die hohe Systemauslastung. Speziell fällt es mir bei Explorer Anwendungen (Kopieren z.B), und beim Abspielen von Audio-Dateien auf. Die lahmen den rechner total, die Geschwindigkeit der anderen Anwendungen kommt mir jetzt eigtl. ganz passabel vor. ___________________________________________________________________ Danke für deine Hilfe ! P.S. In dem Moment kommt ein Fenster dass ich noch nie gesehen hab: Datenausführungsverhinderung - Microsoft Windows Dieses Programm wurde aus Sicherheitsgründen geschlossen. Name: Windows Explorer Herausgeber: Microsoft Corporation (Meldung schliessen) Komisch! |
|
|
||
19.04.2007, 08:07
Member
Beiträge: 694 |
#5
Hi,
Dateiausführungsverhinderung kommt von MS und ist neu (SP2) Zitat Schuld ist die Data Execution Prevention (DEP), die mit SP2 installiert wurde.Das kann jetzt mehrere Gründe haben (die vielen Virenscanner) oder wieder was neues... Das gilt auch für das kopieren (wenn alle Scanner die Dateien untersuchen), letztendlich stören sich verschiedene Scanner untereinander... Unbedingt sofort fixen soltest Du den neue Eintrag, bevor er neue Trojaner nachlädt... Zitat
Avenger: Zitat Files to delete:Gruß, Chris |
|
|
||
ich habe seit längerer Zeit ärgste Probleme mit meinem Computer. Folgende
Probleme traten in der Reihenfolge auf:
*Problem CD-Laufwerk: Startet immer wieder neu (tut so als ob ich gerade
neue CD eingelegt habe), obwohl ich keinen CD Zugriff mache
*Internet wird immer langsamer und zwar vor allem der Zeitraum zwischen
Eingabetaste nach Adresseingabe und Laden der Internetseite
*Hacker beim Abspielen von MP3s (immer öfters)
*Plötzlich ist der Computer teilweise komplett lahm und dann können viele
Anwendungen nur mit extrem langer Wartezeit ausgeführt werden.
Komischerweise ist die CPU-Auslastung nicht immer voll, teilweise sogar
ganz normal; größte Problem: Abspielen von MP3 und Videos ist so langsam,
dass man nichts mehr hört und sieht; auch Signaltöne vom Windows sind
total verzerrt bzw. in die Lange gezogen
Versuch jetzt schon längere Zeit alle existierenden Virenscanner, etc. zu
installieren und drüberlaufen zu lassen. Tweise finden die auch was;
ändert leider aber nichts an dem Problem.
Hoffentlich könnt ihr mir helfen:
Logfile of HijackThis v1.99.1
Scan saved at 9:55:07 PM, on 4/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\jre1.5.0_08\bin\jusched.exe
C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programme\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Winamp\Winamp.exe
C:\HijackThis.exe
C:\WINDOWS\system32\dwwin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.surething.com/swlinks/stcd4/links.asp?promo=stcdx_sonic&base=or
der&version=2.0
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18FB77CC-8FB8-484E-A135-F7EE864EE2E6} -
C:\WINDOWS\system32\cpavpcto.dll
O2 - BHO: (no name) - {2EDD3070-4DC4-49E2-9C5B-810816829EF9} -
C:\WINDOWS\system32\ddayv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} -
C:\WINDOWS\system32\vstpxrts.dll
O2 - BHO: (no name) - {6DB38642-A70F-4C98-B82F-80D80E29E1E0} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC}
- C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control
Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Programme\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hp\HP Software
Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Programme\HPQ\Quick Launch
Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Programme\hpq\HP Wireless
Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [kis] "C:\Programme\Kaspersky Lab\Kaspersky Internet
Security 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy
Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk =
C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google-Suche -
res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen -
res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner -
C:\Programme\Kaspersky Lab\Kaspersky Internet Security
6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite -
res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth -
C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verweisseiten -
res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten -
res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programme\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programme\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
- C:\Programme\Kaspersky Lab\Kaspersky Internet Security
6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
- C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file
missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner
3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: ddayv - C:\WINDOWS\system32\ddayv.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: qomlkhh - qomlkhh.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner -
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r
(file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. -
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. -
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Programme\Gemeinsame
Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. -
C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame
Dateien\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty
Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software,
Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
__________________________________________________________________________
Hijackthis hatte zum schluss des scans übrigens immer einen Abbruch mit
der Meldung(...Problembericht senden,nicht senden, usw.) hervorgerufen.
Ich konnte das file allerdings noch nebenbei speichern, komisch!
__________________________________________________________________________
Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: 6E7B-32AA
Verzeichnis von C:\WINDOWS\system32
04/16/2007 10:48 PM 466,425 vyadd.ini2
04/16/2007 10:47 PM 380,684 perfh009.dat
04/16/2007 10:47 PM 53,098 perfc009.dat
04/16/2007 10:47 PM 391,574 perfh007.dat
04/16/2007 10:47 PM 63,976 perfc007.dat
04/16/2007 10:47 PM 897,778 PerfStringBackup.INI
04/16/2007 10:44 PM 125,460 vquaocjr.dll
04/16/2007 10:44 PM 123,972 pupmirbg.dll
04/16/2007 10:44 PM 1,158 wpa.dbl
04/16/2007 10:44 PM 76,412 njixalpu.dll
04/16/2007 10:40 PM 185,016 FNTCACHE.DAT
04/16/2007 10:40 PM 5,542,631 ikhcore.log
04/16/2007 10:12 PM 0 SBFC.dat
04/16/2007 10:12 PM 0 SBRC.dat
04/16/2007 08:28 PM 123,972 edprbprw.dll
04/16/2007 08:28 PM 125,460 cpavpcto.dll
04/16/2007 08:19 PM 125,460 cthikigt.dll
04/16/2007 08:19 PM 123,972 xshhpruo.dll
04/16/2007 08:18 PM 76,412 xsoipgem.dll
04/16/2007 12:38 AM 48,708 vstpxrts.dll
04/16/2007 12:38 AM 123,972 ylwhwdmg.dll
04/16/2007 12:37 AM 125,460 qellboyh.dll
04/15/2007 10:07 PM 48,708 hwdcexyo.dll
04/15/2007 10:07 PM 123,972 xfufkyja.dll
04/15/2007 10:25 AM 123,972 yvyiyajs.dll
04/15/2007 01:17 AM 143 mcrh.tmp
04/14/2007 10:38 AM 464,899 vyadd.ini
04/14/2007 10:38 AM 464,899 vyadd.tmp
04/14/2007 10:29 AM 48,708 kfgdjxtv.dll
04/14/2007 10:25 AM 48,708 fljvrist.dll
04/14/2007 10:25 AM 125,460 oobappyk.dll
04/14/2007 10:25 AM 123,972 rskmxgiy.dll
04/14/2007 10:25 AM 463,930 vyadd.bak1
04/14/2007 10:24 AM 280,676 ddayv.dll
04/03/2007 10:48 PM 13,511,640 MRT.exe
03/29/2007 12:03 AM 2,550 Uninstall.ico
03/29/2007 12:03 AM 1,406 Help.ico
03/29/2007 12:03 AM 30,590 pavas.ico
03/20/2007 09:40 PM 47,610 interceptor.sys
03/20/2007 09:40 PM 45,056 WNASPI32.DLL
03/20/2007 09:40 PM 1,219 cdrecord.exe.stackdump
03/17/2007 03:44 PM 293,376 winsrv.dll
03/15/2007 06:19 PM 1,476,992 LegitCheckControl.dll
03/15/2007 06:17 PM 337,280 WgaTray.exe
03/15/2007 06:16 PM 236,928 WgaLogon.dll
03/09/2007 12:24 PM 123,392 xpsp3res.dll
03/09/2007 09:57 AM 27,376 SBBD.exe
03/08/2007 05:36 PM 579,072 user32.dll
03/08/2007 05:36 PM 40,960 mf3216.dll
03/08/2007 05:36 PM 281,600 gdi32.dll
03/08/2007 05:32 PM 1,843,712 win32k.sys
02/28/2007 06:06 PM 2,061,696 ntkrnlpa.exe
02/28/2007 06:06 PM 2,184,448 ntoskrnl.exe
02/17/2007 07:34 PM 0 asfiles.txt
02/17/2007 06:42 PM 122,142 TZLog.log
02/05/2007 10:18 PM 185,856 upnphost.dll
02/02/2007 06:37 PM 81,920 ElbyCDIO.dll
01/29/2007 10:58 AM 60,416 tzchange.exe
01/25/2007 02:52 PM 617,472 urlmon.dll
01/23/2007 09:30 PM 546,304 hhctrl.ocx
01/13/2007 11:39 AM 34,308 BASSMOD.dll
01/05/2007 12:08 AM 16,832 amcompat.tlb
01/05/2007 12:08 AM 23,392 nscompat.tlb
01/04/2007 03:41 PM 664,576 wininet.dll
01/04/2007 03:41 PM 474,624 shlwapi.dll
01/04/2007 03:41 PM 1,494,528 shdocvw.dll
01/04/2007 03:41 PM 39,424 pngfilt.dll
01/04/2007 03:41 PM 532,480 mstime.dll
01/04/2007 03:40 PM 146,432 msrating.dll
01/04/2007 03:40 PM 448,512 mshtmled.dll
01/04/2007 03:40 PM 3,077,632 mshtml.dll
01/04/2007 03:40 PM 96,768 inseng.dll
01/04/2007 03:40 PM 16,384 jsproxy.dll
01/04/2007 03:40 PM 251,392 iepeers.dll
01/04/2007 03:40 PM 1,056,256 danim.dll
01/04/2007 03:40 PM 55,808 extmgr.dll
01/04/2007 03:40 PM 205,312 dxtrans.dll
01/04/2007 03:40 PM 357,888 dxtmsft.dll
01/04/2007 03:40 PM 152,064 cdfview.dll
01/04/2007 03:40 PM 1,023,488 browseui.dll
__________________________________________________________________________
Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: 6E7B-32AA
Verzeichnis von C:\DOKUME~1\Initio\LOKALE~1\Temp
04/16/2007 10:48 PM 289 datFind.zip
04/16/2007 10:46 PM 170 jusched.log
04/16/2007 10:43 PM 16,384 ~DF7678.tmp
04/16/2007 10:37 PM 108 e66b_appcompat.txt
4 Datei(en) 16,951 Bytes
0 Verzeichnis(se), 52,395,126,784 Bytes frei
__________________________________________________________________________
Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: 6E7B-32AA
Verzeichnis von C:\WINDOWS
04/16/2007 10:42 PM 0 0.log
04/16/2007 10:42 PM 1,904,929 WindowsUpdate.log
04/16/2007 10:40 PM 2,048 bootstat.dat
04/16/2007 08:36 PM 250 gmer.ini
04/16/2007 08:34 PM 573,503 gmer.dll
04/16/2007 08:34 PM 80 gmer_uninstall.cmd
04/16/2007 08:25 PM 32,562 SchedLgU.Txt
04/15/2007 10:28 PM 306,186 ntbtlog.txt
04/15/2007 09:59 PM 172 OEWABLog.txt
04/15/2007 09:59 PM 33,171 setupapi.log
04/15/2007 02:07 AM 216 wiadebug.log
04/14/2007 03:07 PM 116 NeroDigital.ini
04/14/2007 11:07 AM 50 wiaservc.log
04/14/2007 11:07 AM 0 Sti_Trace.log
04/13/2007 10:36 PM 6,315 ntdtcsetup.log
04/13/2007 10:36 PM 11,795 tsoc.log
04/13/2007 10:36 PM 10,430 comsetup.log
04/13/2007 10:36 PM 1,374 imsins.log
04/13/2007 10:36 PM 4,985 iis6.log
04/13/2007 10:36 PM 1,710 ocmsn.log
04/13/2007 10:36 PM 21,982 KB931784.log
04/13/2007 10:36 PM 14,146 ocgen.log
04/13/2007 10:36 PM 1,545 msgsocm.log
04/13/2007 10:36 PM 30,914 FaxSetup.log
04/13/2007 10:34 PM 1,374 imsins.BAK
04/13/2007 10:34 PM 14,906 KB931261.log
04/13/2007 10:34 PM 2,550 updspapi.log
04/13/2007 10:32 PM 14,647 KB925902.log
04/13/2007 10:30 PM 13,020 KB930178.log
04/13/2007 10:28 PM 12,876 KB932168.log
04/13/2007 10:27 PM 0 setupact.log
04/13/2007 10:27 PM 0 setuperr.log
04/12/2007 05:04 PM 577,536 gmer.exe
04/02/2007 07:53 PM 798 wmsetup.log
03/30/2007 11:10 PM 74 WININIT.INI
03/29/2007 12:05 AM 32 pavsig.txt
03/07/2007 06:23 PM 277 system.ini
02/18/2007 07:47 PM 849 orun32.ini
02/17/2007 07:34 PM 871 win.ini
02/02/2007 08:35 AM 2,087,863 Nike Rematch Screensaver.exe
02/02/2007 08:35 AM 401,184 Nike Rematch Screensaver.scr
02/02/2007 08:35 AM 18,192 Nike Rematch Screensaver.dat
02/02/2007 08:35 AM 40,960 Nike Rematch Screensaver.dll
01/05/2007 12:07 AM 316,640 WMSysPr9.prx
__________________________________________________________________________
Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: 6E7B-32AA
Verzeichnis von C:\WINDOWS\Temp
04/16/2007 10:43 PM 409 WGANotify.settings
04/16/2007 10:41 PM 255 WGAErrLog.txt
04/16/2007 10:41 PM 16,384 ~DF24B1.tmp
04/16/2007 10:37 PM 23,695,360 PR206.tmp
04/16/2007 10:37 PM 32,780 PR205.tmp
5 Datei(en) 23,745,188 Bytes
0 Verzeichnis(se), 52,395,376,640 Bytes frei
__________________________________________________________________________
Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: 6E7B-32AA
Verzeichnis von C:\WINDOWS\Downloaded Program Files
03/31/2007 07:01 PM 88,136 HPGetDownloadManager.ocx
__________________________________________________________________________
Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: 6E7B-32AA
Verzeichnis von C:\
04/16/2007 10:58 PM 0 sys.txt
04/16/2007 10:57 PM 1,426 down.txt
04/16/2007 10:57 PM 481 tmp.txt
04/16/2007 10:55 PM 5,796 system.txt
04/16/2007 10:50 PM 448 systemtemp.txt
04/16/2007 10:48 PM 107,506 system32.txt
04/16/2007 10:42 PM 344 SBCSTray.log
04/16/2007 10:40 PM 1,071,894,528 hiberfil.sys
04/16/2007 10:40 PM 1,610,612,736 pagefile.sys
04/16/2007 10:36 PM 10,099 virusproblem.txt
04/16/2007 09:55 PM 8,568 hijackthis.log
03/29/2007 12:38 AM 704,299,008 140B.tmp
03/28/2007 11:44 PM 1,891 hpqp.ini
03/28/2007 11:44 PM 40 XP_TV.ini
03/25/2007 05:47 PM 981 resolve.log
02/18/2007 01:18 AM 34,394 bericht.html
01/06/2007 06:06 PM 217,329 gspot221.exe
01/06/2007 05:49 PM 25,746,475 SUPERsetup_Build19.exe
__________________________________________________________________________