Home » Viren, Trojaner & Malware Forum » PC braucht ca. 10 min. damit er lädt.... » Themenansicht

PC braucht ca. 10 min. damit er lädt....
#0
16.06.2007, 11:04
luv
Member

Beiträge: 39
#1 Also ComboFix hat irgendwie nichts gefunden...

Zitat

Logfile of HijackThis v1.99.1
Scan saved at 10:50, on 2007-06-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Emrah\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/service/redir/ie_t-online.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.t-online.de;localhost;<local>
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MSWORD~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MSWORD~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MSWORD~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MSWORD~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MSWORD~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de/service/redir/ie_t-online.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145106904621
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MSWORD~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
AntiVir PersonalEdition Classic hatte ich gestern gelöscht...., dafür allerdings AVG 7.5 Anti-Spyware mir geholt. Aber er lud (lädte? ;)) schon seit mehreren Tagen/Wochen so langsam....

datfind.bat:

Zitat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 74B1-F2F5

Verzeichnis von C:\WINDOWS\system32

2007-06-16 10:24 54,112 vsconfig.xml
2007-06-16 10:21 2,206 wpa.dbl
2007-06-11 19:12 1,197 lvcoinst.log
2007-06-09 21:28 313,968 FNTCACHE.DAT
2007-06-09 15:43 383,254 perfh009.dat
2007-06-09 15:43 394,510 perfh007.dat
2007-06-09 15:43 53,608 perfc009.dat
2007-06-09 15:43 64,590 perfc007.dat
2007-06-09 15:43 880,624 PerfStringBackup.INI
2007-06-06 08:38 15,747,032 MRT.exe
2007-05-16 17:11 683,520 inetcomm.dll
2007-05-04 14:27 3,079,680 mshtml.dll
2007-04-30 11:53 10,752 BASSMOD.dll
2007-04-25 16:22 144,896 schannel.dll
2007-04-18 18:13 2,854,400 msi.dll
2007-04-18 14:31 617,472 urlmon.dll
2007-04-18 14:31 664,576 wininet.dll
2007-04-18 14:31 1,494,528 shdocvw.dll
2007-04-18 14:31 474,624 shlwapi.dll
2007-04-18 14:31 532,480 mstime.dll
2007-04-18 14:31 39,424 pngfilt.dll
2007-04-18 14:31 449,024 mshtmled.dll
2007-04-18 14:31 146,432 msrating.dll
2007-04-18 14:31 1,023,488 browseui.dll
2007-04-18 14:31 1,056,256 danim.dll
2007-04-18 14:31 16,384 jsproxy.dll
2007-04-18 14:31 357,888 dxtmsft.dll
2007-04-18 14:31 96,768 inseng.dll
2007-04-18 14:31 152,064 cdfview.dll
2007-04-18 14:31 251,392 iepeers.dll
2007-04-18 14:31 205,312 dxtrans.dll
2007-04-18 14:31 55,808 extmgr.dll
2007-04-18 12:27 123,392 xpsp3res.dll
2007-04-16 17:53 1,058,304 kernel32.dll
2007-04-02 14:21 428,032 swreg.exe
2007-03-17 15:44 293,376 winsrv.dll
2007-03-08 17:36 281,600 gdi32.dll
2007-03-08 17:36 579,072 user32.dll
2007-03-08 17:36 40,960 mf3216.dll
2007-03-08 17:32 1,843,712 win32k.sys
2007-02-28 18:02 2,182,656 ntoskrnl.exe
2007-02-28 18:02 2,059,904 ntkrnlpa.exe
2007-02-17 14:05 122,142 TZLog.log
2007-02-11 23:21 16 servdat.slm
2007-02-11 23:21 87 ssprs.tgz
2007-02-11 23:21 219 lsprst7.tgz
2007-02-11 23:21 205 lsprst7.dll
2007-02-05 22:18 185,856 upnphost.dll

Zitat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 74B1-F2F5

Verzeichnis von C:\DOKUME~1\Emrah\LOKALE~1\Temp

2007-06-16 10:22 256 ZLT03bf6.TMP
2007-06-16 10:21 256 ZLT03b9d.TMP
2 Datei(en) 512 Bytes
0 Verzeichnis(se), 6,312,882,176 Bytes frei

Zitat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 74B1-F2F5

Verzeichnis von C:\WINDOWS

2007-06-16 10:20 0 0.log
2007-06-16 10:20 2,064,161 WindowsUpdate.log
2007-06-16 10:19 50 wiaservc.log
2007-06-16 10:19 159 wiadebug.log
2007-06-16 10:19 2,048 bootstat.dat
2007-06-16 02:06 32,642 SchedLgU.Txt
2007-06-15 18:20 1,142 win.ini
2007-06-15 18:20 227 system.ini
2007-06-15 15:52 69 NeroDigital.ini
2007-06-13 18:55 544 Ulead32.ini
2007-06-13 16:23 52 Pex.INI
2007-06-13 13:06 5,896 iis6.log
2007-06-13 13:06 7,733 ntdtcsetup.log
2007-06-13 13:06 1,374 imsins.log
2007-06-13 13:06 15,719 tsoc.log
2007-06-13 13:06 12,394 comsetup.log
2007-06-13 13:06 2,135 ocmsn.log
2007-06-13 13:06 19,267 KB933566.log
2007-06-13 13:06 19,167 ocgen.log
2007-06-13 13:06 1,975 msgsocm.log
2007-06-13 13:06 37,671 FaxSetup.log
2007-06-13 13:06 26,167 setupapi.log
2007-06-13 13:05 3,120 updspapi.log
2007-06-13 13:05 1,374 imsins.BAK
2007-06-13 13:05 12,635 KB929123.log
2007-06-13 13:05 11,135 KB935840.log
2007-06-13 13:02 11,146 KB935839.log
2007-06-11 14:36 159 Directx.log
2007-06-09 17:21 1,452 COM+.log
2007-06-05 05:24 87,552 catchme.exe
2007-06-04 11:17 5,632 Thumbs.db
2007-05-24 00:36 1,171 ie7_main.log
2007-05-23 13:02 7,549 KB927891.log
2007-05-23 13:01 0 setuperr.log
2007-05-23 13:01 0 setupact.log
2007-04-30 19:48 99 (null)toolkit.ini
2007-04-30 17:06 101 CMMIXER.INI
2007-04-24 00:38 415 cdplayer.ini
2007-02-23 15:58 562 wininit.ini
2007-02-11 16:13 720,896 iun6002.exe

Zitat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 74B1-F2F5

Verzeichnis von C:\

2007-06-16 11:00 0 sys.txt
2007-06-16 11:00 6,221 system.txt
2007-06-16 11:00 343 systemtemp.txt
2007-06-16 10:59 101,843 system32.txt
2007-06-16 10:50 64 ComboFix.txt.bat
2007-06-16 10:19 402,653,184 pagefile.sys
2007-06-15 18:20 211 boot.ini
2007-06-13 20:13 149,830 hpfr3740.log
2007-06-11 14:54 102 log.txt
2007-06-05 18:31 268 sqmdata17.sqm
2007-06-05 18:31 244 sqmnoopt17.sqm
2007-06-05 15:19 268 sqmdata16.sqm
2007-06-05 15:19 244 sqmnoopt16.sqm
2007-06-05 08:38 268 sqmdata15.sqm
2007-06-05 08:38 244 sqmnoopt15.sqm
2007-05-20 00:37 268 sqmdata14.sqm
2007-05-20 00:37 244 sqmnoopt14.sqm
2007-05-17 22:43 268 sqmdata13.sqm
2007-05-17 22:43 244 sqmnoopt13.sqm
2007-04-25 12:44 232 sqmdata12.sqm
2007-04-25 12:44 244 sqmnoopt12.sqm
2007-04-22 16:12 268 sqmdata11.sqm
2007-04-22 16:12 244 sqmnoopt11.sqm
2007-04-22 15:08 268 sqmdata10.sqm
2007-04-22 15:08 244 sqmnoopt10.sqm
2007-04-14 15:32 268 sqmdata09.sqm
2007-04-14 15:32 244 sqmnoopt09.sqm
2007-04-09 19:56 268 sqmdata08.sqm
2007-04-09 19:56 244 sqmnoopt08.sqm
2007-04-06 13:14 268 sqmdata07.sqm
2007-04-06 13:14 244 sqmnoopt07.sqm
2007-03-15 10:21 268 sqmdata05.sqm
2007-03-15 10:21 244 sqmnoopt05.sqm
2007-03-10 22:35 268 sqmdata04.sqm
2007-03-10 22:35 244 sqmnoopt04.sqm
2007-03-05 18:46 268 sqmdata06.sqm
2007-03-05 18:46 244 sqmnoopt06.sqm
2007-03-02 17:11 268 sqmdata03.sqm
2007-03-02 17:11 244 sqmnoopt03.sqm
2007-02-27 18:57 2,684 avenger.txt
2007-02-23 12:57 232 sqmdata02.sqm
2007-02-23 12:57 244 sqmnoopt02.sqm
2007-02-23 12:30 268 sqmdata01.sqm
2007-02-23 12:30 244 sqmnoopt01.sqm
2007-02-20 22:06 268 sqmdata00.sqm
2007-02-20 22:06 244 sqmnoopt00.sqm
2007-02-17 21:08 268 sqmdata19.sqm
2007-02-17 21:08 244 sqmnoopt19.sqm
2007-02-11 18:52 268 sqmdata18.sqm
2007-02-11 18:52 244 sqmnoopt18.sqm
2007-01-28 22:44 79 find.txt
2007-01-28 16:24 0 Dokumente
2007-01-27 12:27 11,699 ComboFix2.txt
Läuft da irgendwas im Hintergrund, was beim Systemstart zum Laden sehr viel Zeit verbraucht oder ist irgendetwas schädliches oben.... Bis er nämlich alles mal geladen hat, braucht er nahezu 10 min.... in der Zeit geh ich mittlerweile immer Kaffee machen *rolleyes*....
Seitenanfang Seitenende
16.06.2007, 22:40
felix1
Member

Beiträge: 500
#2 Ich weiss ja nicht wirklich, was Du getan hast. Das HJT-Log bezeugt, dass zwei Antivirenprogramme laufen. Mit Löschen ist hier nix getan. Das Zauberwort heisst: Deinstallation:
Weiterhin sollte für XP der IE7 Pflicht sein.

Felix
__________
Keine Anfragen per E-Mail und PN!
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1