Mein Laptop hängt wegen hoher CPU Auslastung |
||
---|---|---|
#0
| ||
09.04.2009, 21:35
...neu hier
Beiträge: 4 |
||
|
||
09.04.2009, 22:23
Moderator
Beiträge: 5694 |
#2
Zitat Seit einigen Tagen ist mein Antivirus-Programm Mc-Affee abgeloffen doch ich habe noch Avira AntiVir PersonalVerstehe ich Dich richtig, dass du beide Programme miteinander laufen hast? Gemäss HJT Log sind beide am laufen... Also zwei Kapitäne können auch kein Schiff steuern. Also nur ein Antivirenprogramm benutzen. Avira sollte sicherlich genügen und ist gratis. >> Askbar entfernen Start -> Einstellungen -> Systemsteuerung -> Software > Schau ob AskSBar,SrchAstt oder Ask Search Assistant dazwischen steht,entfernen >> Lösche die temp Dateien mit CCleaner >> Schliesse alle Fenster und starte Hijack This Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Einträgen bei: (falls diese noch vorhanden sind) Zitat O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)und wähle fix checked. Starte den Rechner neu. >> Scanne mit Malwarebytes, lass das gefundene löschen und poste das Log: (Vor der Anwendung Update nicht vergessen) http://virus-protect.org/artikel/tools/malwarebytes.html >> Wende Combofix an und poste das Log: http://www.virus-protect.org/artikel/tools/combofix.html Gruss Swiss |
|
|
||
09.04.2009, 23:36
...neu hier
Themenstarter Beiträge: 4 |
#3
Malwarebytes' Anti-Malware 1.36
Datenbank Version: 1959 Windows 6.0.6001 Service Pack 1 09.04.2009 23:35:32 mbam-log-2009-04-09 (23-35-32).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 62365 Laufzeit: 9 minute(s), 29 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\kt_bho.KettleBho (Trojan.BHO) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
|
||
10.04.2009, 18:07
Moderator
Beiträge: 5694 |
||
|
||
10.04.2009, 19:14
...neu hier
Themenstarter Beiträge: 4 |
#5
Ich habe Combofix benutzt doch ich weis nicht wie ich den Bericht lesen kann
|
|
|
||
10.04.2009, 20:43
Moderator
Beiträge: 5694 |
||
|
||
10.04.2009, 22:23
...neu hier
Themenstarter Beiträge: 4 |
#7
ComboFix 09-04-04.01 - Cheng 2009-04-10 22:06:25.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.3293.2143 [GMT 2:00] ausgeführt von:: c:\users\Cheng\Downloads\ComboFix.exe * Resident AV is active . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Cheng\AppData\Roaming\.# c:\windows\system32\winio.vxd . ((((((((((((((((((((((( Dateien erstellt von 2009-03-10 bis 2009-04-10 )))))))))))))))))))))))))))))) . 2009-04-10 22:02 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe 2009-04-10 18:28 . 2009-04-10 18:28 0 --a------ c:\windows\System32\msexcr.ini 2009-04-10 15:46 . 2009-04-10 15:46 <DIR> d-------- c:\program files\NEXON 2009-04-09 23:59 . 2009-04-10 00:00 343,435,407 --a------ c:\windows\MEMORY.DMP 2009-04-09 22:45 . 2009-04-09 22:45 <DIR> d-------- c:\users\Cheng\AppData\Roaming\Malwarebytes 2009-04-09 22:45 . 2009-04-09 22:45 <DIR> d-------- c:\users\All Users\Malwarebytes 2009-04-09 22:45 . 2009-04-09 22:45 <DIR> d-------- c:\programdata\Malwarebytes 2009-04-09 22:45 . 2009-04-09 22:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-04-09 22:45 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-04-09 22:45 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-04-09 22:34 . 2009-04-09 22:34 <DIR> d-------- c:\program files\CCleaner 2009-04-09 21:20 . 2009-04-09 21:20 <DIR> d-------- c:\program files\Trend Micro 2009-04-08 13:23 . 2009-04-08 13:23 <DIR> d-------- c:\users\Cheng\Neuer Ordner 2009-04-08 13:11 . 1996-12-11 12:22 69,632 --a------ c:\windows\UNINSTCC.EXE 2009-04-08 13:10 . 2009-04-08 13:12 <DIR> d-------- C:\WESTWOOD 2009-04-08 13:09 . 1997-04-08 20:08 299,520 --a------ c:\windows\uninst.exe 2009-04-06 22:21 . 2009-04-06 22:21 <DIR> d-------- c:\program files\GpotatoEu 2009-04-03 12:07 . 2009-04-03 12:07 <DIR> d-------- c:\program files\alaplaya 2009-04-02 20:43 . 2009-04-02 20:43 <DIR> d-------- c:\program files\Gamigo Games 2009-03-24 22:19 . 2009-03-24 22:24 <DIR> d-------- c:\program files\Movavi Video Converter 6 2009-03-24 21:31 . 2009-03-24 22:12 <DIR> d-------- c:\program files\MediaCoder 2009-03-24 21:30 . 2009-03-24 21:30 <DIR> d-------- c:\program files\Free Offers from Freeze.com 2009-03-22 17:17 . 2009-03-22 17:17 <DIR> d-------- c:\users\All Users\Adobe Systems 2009-03-22 17:17 . 2009-03-22 17:17 <DIR> d-------- c:\programdata\Adobe Systems 2009-03-22 17:15 . 2009-03-22 17:15 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared 2009-03-22 17:12 . 2009-03-22 17:12 <DIR> d-------- C:\InDesign CS2 Tryout 2009-03-21 12:27 . 2009-03-21 12:27 <DIR> d-------- c:\program files\VirtualDJ 2009-03-14 19:18 . 2009-03-24 18:59 <DIR> d-------- c:\users\Cheng\AppData\Roaming\DivX 2009-03-14 12:17 . 2009-03-14 12:18 <DIR> d-------- c:\program files\DivX 2009-03-14 12:17 . 2009-03-14 12:17 <DIR> d-------- c:\program files\Common Files\PX Storage Engine 2009-03-14 12:17 . 2009-03-14 12:17 <DIR> d-------- c:\program files\Common Files\DivX Shared 2009-03-11 18:28 . 2009-03-11 18:28 55 --a------ c:\windows\SpeedGear.INI 2009-03-11 18:27 . 2009-03-11 18:30 <DIR> d-------- c:\program files\Speed Gear 2009-03-11 14:09 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-03-11 14:09 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-11 14:09 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll 2009-03-11 14:09 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll 2009-03-11 14:09 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-03-11 14:09 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-10 11:23 --------- d-----w c:\users\Cheng\AppData\Roaming\Skype 2009-04-10 10:24 --------- d-----w c:\users\Cheng\AppData\Roaming\skypePM 2009-04-07 07:54 --------- d-----w c:\program files\d-lusion 2009-04-06 19:29 --------- d-----w c:\program files\Gpotato 2009-04-03 10:07 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-26 21:37 --------- d-----w c:\program files\McAfee 2009-03-26 14:06 43,520 ----a-w c:\windows\System32\CmdLineExt03.dll 2009-03-22 15:15 --------- d-----w c:\program files\Common Files\Adobe 2009-03-20 13:38 201,816 ----a-w c:\windows\System32\PnkBstrB.exe 2009-03-20 13:38 137,992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-03-12 16:08 --------- d-----w c:\program files\Windows Mail 2009-03-11 11:59 --------- d-----w c:\program files\Google 2009-03-09 10:21 --------- d-----w c:\program files\ICQ6.5 2009-03-08 12:02 --------- d-----w c:\users\Cheng\AppData\Roaming\NCH Swift Sound 2009-03-08 12:02 --------- d-----w c:\programdata\NCH Swift Sound 2009-03-08 12:02 --------- d-----w c:\program files\NCH Swift Sound 2009-03-08 12:01 --------- d-----w c:\program files\NCH Software 2009-03-08 11:28 --------- d-----w c:\program files\Fly For Hero Client v.3 2009-03-08 09:56 --------- d-----w c:\programdata\McAfee 2009-02-22 19:55 --------- d-----w c:\program files\AviSynth 2.5 2009-02-22 19:54 --------- d-----w c:\program files\eRightSoft 2009-02-19 19:52 --------- d-----w c:\program files\foobar2000 2009-02-18 13:46 --------- d-----w c:\program files\AbiSuite2 2009-02-16 14:17 421,888 ----a-w c:\windows\NEXON_EU_DownloaderUpdater.exe 2009-02-15 11:58 --------- d-----w c:\program files\My Video Downloader 2009-02-15 11:21 --------- d-----w c:\program files\DVDVideoSoft 2009-02-15 11:21 --------- d-----w c:\program files\Common Files\DVDVideoSoft 2009-02-12 16:01 --------- d-----w c:\programdata\CyberLink 2009-02-10 12:01 --------- d-----w c:\programdata\Microsoft Help 2009-02-10 11:56 --------- d-----w c:\program files\Microsoft Works 2009-01-27 01:34 90,112 ----a-w c:\windows\System32\dpl100.dll 2009-01-27 01:34 823,296 ----a-w c:\windows\System32\divx_xx0c.dll 2009-01-27 01:34 823,296 ----a-w c:\windows\System32\divx_xx07.dll 2009-01-27 01:34 815,104 ----a-w c:\windows\System32\divx_xx0a.dll 2009-01-27 01:34 802,816 ----a-w c:\windows\System32\divx_xx11.dll 2009-01-27 01:34 684,032 ----a-w c:\windows\System32\DivX.dll 2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll 2008-11-27 17:51 56 ---ha-w c:\users\All Users\ezsidmv.dat 2008-11-27 17:51 56 ---ha-w c:\programdata\ezsidmv.dat 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini 2009-01-27 01:34 1,044,480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll 2009-01-27 01:34 200,704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2008-11-26 19:19 157168 --a------ c:\programdata\Partner\partner.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 23:38 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-09 397312] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-05-27 850440] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744] "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 c:\windows\RtHDVCpl.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DelayShred"="c:\progra~1\mcafee\mshr\ShrCL.EXE" [2009-01-09 113168] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i420vfw.dll "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] SetupExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{0942DABE-5997-42B7-9CB3-F892F476E9D3}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent "{463DDD33-3EA5-4A68-8255-95D3A00718BD}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{E829CE93-107B-4CEA-96D5-7E94E0CDAD9E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{957512EE-4688-470F-86D8-6C2353D8ED56}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{24DC5CB8-203B-407E-B201-F1546FEC58DA}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{70776BD7-A543-477E-A80B-847500D0180D}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{0FBDCDB9-F380-4520-A8CB-C034C7CA4A63}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{E0A303B7-4CBC-4EF4-9BAA-50A2EDD00E82}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{13DE1542-C1CE-4DFF-94F0-BD704E111E66}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{CB2E9942-304A-47DA-81ED-BAD46CCB22BF}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{5A0B40C7-2E0F-4C07-9276-1980836A3852}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{F2FD47BD-6877-47AF-94AC-7D77B7B250A9}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie "{9B85A0E9-8B14-44A4-B779-99E0B3394276}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program "{6C462C38-5DA6-4A25-A713-C7BB1151D57B}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia "TCP Query User{AAE1C8D2-08C8-4B40-B4AD-C8AE6EAD0E0A}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library "UDP Query User{E6C58335-E427-4C77-9399-E22B110355DB}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library "{215BA139-406F-4E6E-90AF-42FF150BEE29}"= c:\program files\Skype\Phone\Skype.exe:Skype "{0E9B6F86-A6B9-4E0E-B982-5E639B1A2CC0}"= UDP:c:\program files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142 "{EE8FCE1F-4C04-4570-8018-F7E1084B51F2}"= TCP:c:\program files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142 "TCP Query User{BC075711-56EB-4894-8D7E-BF792A4860F6}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine "UDP Query User{5698761B-1F8A-4907-B9FD-A1C7C67D5B7F}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine "TCP Query User{8A950A9C-4E2F-4F3E-A10B-0B2979CFCC85}c:\\users\\cheng\\temp\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\users\cheng\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe "UDP Query User{4465F763-7070-4620-BB1E-23149238F504}c:\\users\\cheng\\temp\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\users\cheng\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe "TCP Query User{AED12E78-062F-4599-80ED-687A0AA18756}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood "UDP Query User{9DD1A1E0-68D8-40DD-94B3-5951FBE1FE20}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood "TCP Query User{3BDE053C-3F84-470C-B736-5AB891745A6A}c:\\program files\\zattoo\\zattoo.exe"= UDP:c:\program files\zattoo\zattoo.exe: "UDP Query User{C52E71A1-3575-4D50-9642-821254D82159}c:\\program files\\zattoo\\zattoo.exe"= TCP:c:\program files\zattoo\zattoo.exe: "TCP Query User{D205666C-84E1-490D-BCA0-4F6C881005BC}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= UDP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine "UDP Query User{51BCD685-F61E-4C84-981D-1DD5AC798650}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= TCP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine "{1736D37E-E5EF-4A68-8B6C-A4E134198BA8}"= UDP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager "{CC97B749-7386-458D-B5A9-97806F8B5189}"= TCP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager "{C92E8911-5F90-48FA-8518-1ADC98B7132C}"= UDP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core "{972C6E20-27DF-44BB-A9B6-8ADFCABE75A7}"= TCP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core "TCP Query User{60FBF24B-5DD0-4094-A25A-5337DCDB7BC8}c:\\program files\\sierra\\empire earth ii\\ee2.exe"= UDP:c:\program files\sierra\empire earth ii\ee2.exe:Empire Earth II "UDP Query User{CECCE8E3-E030-4B7F-A077-A29FD49695E9}c:\\program files\\sierra\\empire earth ii\\ee2.exe"= TCP:c:\program files\sierra\empire earth ii\ee2.exe:Empire Earth II [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-09-29 03:35:29 61424] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-09-29 81504] R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-05-20 24576] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-11-27 210216] R2 Nomad;Connection Manager;c:\program files\BVRP Connection Manager\NomadSvr.exe [2009-02-03 65536] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056] R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-09-29 122368] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-05-21 210432] R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-05-21 54784] R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [2008-09-29 22072] S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-05-20 93968] S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2008-11-27 17536] --- Andere Dienste/Treiber im Speicher --- *Deregistered* - dump_wmimmc . Inhalt des "geplante Tasks" Ordners 2009-04-10 c:\windows\Tasks\AUfräumen.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 11:53] 2008-05-20 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 11:53] 2009-01-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 11:53] . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-Run-eRecoveryService - (no file) HKU-Default-Run-Connection Manager - c:\program files\BVRP Connection Manager\Nomad.exe . ------- Zusätzlicher Suchlauf ------- . mStart Page = hxxp://de.intl.acer.yahoo.com IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe FF - ProfilePath - c:\users\Cheng\AppData\Roaming\Mozilla\Firefox\Profiles\tfacd3yz.default\ FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-10 22:13:27 Windows 6.0.6001 Service Pack 1 NTFS detected NTDLL code modification: ZwQuerySystemInformation Scanne versteckte Prozesse... ? [872] ? [5164] Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2009-04-10 22:18:27 ComboFix-quarantined-files.txt 2009-04-10 20:18:20 Vor Suchlauf: 25 Verzeichnis(se), 97,675,747,328 Bytes frei Nach Suchlauf: 25 Verzeichnis(se), 97,641,070,592 Bytes frei 231 --- E O F --- 2009-04-07 08:01:02 |
|
|
||
12.04.2009, 23:45
Moderator
Beiträge: 5694 |
#8
>>
Combofix entfernen: Windows Taste + R drücken Kopiere rein: Combofix /U - klicke "OK" (oder, wenn es nicht funktioniert: C:\QooBox löschen) >> Scanne mit GMER und poste das Log: http://virus-protect.org/artikel/tools/gmer.html >> scanne mit smitfraudfix (option 1 und 2) - poste beide scanreporte http://virus-protect.org/artikel/tools/smitfrautfix.html Gruss Swiss |
|
|
||
ich habe ein Acer Aspire 5530G Laptop,
mein Problem ist das mein CPU (AMD Turionx2 64) dauernd ueberlastet ist.
Seit einigen Tagen ist mein Antivirus-Programm Mc-Affee abgeloffen doch ich habe noch Avira AntiVir Personal.Aber ich glaube das dieser Programm nicht sicher ist könnt ihr mir helfen ein am besten kostenloses Antivirusprogramm zusuchen?Nun zu dem Hauptthema ich habe mein Laptop mit HijackThis untersuchen lassen:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:15, on 09.04.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Cheng\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Cheng\AppData\Local\Temp\Rar$EX00.290\procexp.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_5530
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13166&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Connection Manager (Nomad) - Unknown owner - C:\Program Files\BVRP Connection Manager\NomadSvr.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12382 bytes
____________________________________________________________
Ich hoffe ihr könnt mir helfen.
Mit freundlich grüßen
Shinox