PC sehr langsam in letzter Zeit

#0
10.06.2009, 13:31
...neu hier

Beiträge: 6
#1 Hallo

ich hoffe mir kann einer helfen. Mein PC ist sehr langsam geworden und vom Internet ganz zu schweigen.

Hier die HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:52, on 10.06.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Users\Benutzer\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\WLAN Stick\GUI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 6000 bytes


Malware Logfile:

Malwarebytes' Anti-Malware 1.37
Datenbank Version: 2256
Windows 6.0.6001 Service Pack 1

10.06.2009 14:14:25
mbam-log-2009-06-10 (14-14-25).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 72245
Laufzeit: 9 minute(s), 3 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully.


Cobofix Logfile:

ComboFix 09-06-09.06 - Benutzer 10.06.2009 14:25:04.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.49.1031.18.1982.1241 [GMT 2:00]
ausgeführt von:: C:\Users\Benutzer\Downloads\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Benutzer\FAVORI~1\Videos.url
C:\Users\Benutzer\Favorites\Videos.url
C:\Windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((( Dateien erstellt von 2009-05-10 bis 2009-06-10 ))))))))))))))))))))))))))))))
.

2009-06-10 12:09:07 . 2009-06-10 12:09:18 0 d-----w- \Qoobox
2009-06-10 12:00:14 . 2009-06-10 12:00:14 0 d-----w- C:\Users\Benutzer\AppData\Roaming\Malwarebytes
2009-06-10 12:00:06 . 2009-05-26 11:20:08 40160 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2009-06-10 12:00:02 . 2009-06-10 12:00:02 0 d-----w- C:\ProgramData\Malwarebytes
2009-06-10 12:00:02 . 2009-05-26 11:19:56 19096 ----a-w- C:\Windows\system32\drivers\mbam.sys
2009-06-10 12:00:01 . 2009-06-10 12:00:12 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-10 07:51:29 . 2009-06-10 07:48:22 404225 ----a-w- C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-06-10 07:51:29 . 2009-06-10 07:48:09 345345 ----a-w- C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-06-10 07:51:29 . 2009-05-25 15:42:33 85761 ----a-w- C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2009-06-10 07:51:29 . 2009-02-13 12:57:18 79105 ----a-w- C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2009-06-10 07:51:29 . 2008-10-20 05:38:13 126721 ----a-w- C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-06-10 06:34:43 . 2009-05-09 05:50:28 915456 ----a-w- C:\Windows\system32\wininet.dll
2009-06-10 06:34:42 . 2009-05-09 05:34:34 71680 ----a-w- C:\Windows\system32\iesetup.dll
2009-06-10 06:29:43 . 2009-04-23 12:43:04 784896 ----a-w- C:\Windows\system32\rpcrt4.dll
2009-06-10 06:29:38 . 2009-04-21 11:55:06 2033152 ----a-w- C:\Windows\system32\win32k.sys
2009-06-10 06:29:34 . 2009-04-23 12:42:53 636928 ----a-w- C:\Windows\system32\localspl.dll
2009-05-25 15:12:56 . 1999-12-07 00:03:00 73216 ----a-w- C:\Windows\ADE.DLL
2009-05-25 15:12:56 . 1999-06-15 09:31:18 96768 ----a-w- C:\Windows\SlantAdj.dll
2009-05-25 15:12:56 . 1999-04-26 22:17:00 3136 ----a-w- C:\Windows\Ade001.bin
2009-05-25 15:12:40 . 2009-05-25 15:16:30 0 d-----w- C:\Program Files\Smart Panel
2009-05-25 13:57:37 . 2009-05-25 15:42:35 96104 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2009-05-25 13:57:37 . 2009-05-25 15:42:35 55640 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2009-05-25 13:57:34 . 2009-05-25 13:57:34 0 d-----w- C:\ProgramData\Avira
2009-05-25 13:57:34 . 2009-05-25 13:57:34 0 d-----w- C:\Program Files\Avira
2009-05-19 09:01:44 . 2009-05-19 09:01:44 0 dc----w- C:\Windows\system32\DRVSTORE
2009-05-19 09:01:44 . 2009-02-06 16:08:52 55280 ----a-w- C:\Windows\system32\drivers\fssfltr.sys
2009-05-19 09:01:03 . 2009-05-19 09:01:03 0 d-----w- C:\Program Files\Microsoft Sync Framework
2009-05-19 09:00:11 . 2006-11-29 11:06:18 3426072 ----a-w- C:\Windows\system32\d3dx9_32.dll
2009-05-19 08:59:58 . 2009-05-19 08:59:58 0 d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2009-05-19 08:58:33 . 2009-05-19 08:58:33 0 d-----w- C:\Program Files\Microsoft
2009-05-19 08:58:16 . 2009-05-19 08:58:16 0 d-----w- C:\Program Files\Windows Live SkyDrive
2009-05-19 08:49:23 . 2009-05-19 08:49:23 0 d-----w- C:\Program Files\Common Files\Windows Live
2009-05-16 15:09:33 . 2008-06-20 01:14:45 105016 ----a-w- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-16 15:09:33 . 2008-06-20 01:14:34 97800 ----a-w- C:\Windows\system32\infocardapi.dll
2009-05-16 15:09:32 . 2008-06-20 01:14:45 43544 ----a-w- C:\Windows\system32\PresentationHostProxy.dll
2009-05-16 15:09:32 . 2008-06-20 01:14:34 11264 ----a-w- C:\Windows\system32\icardres.dll
2009-05-16 15:09:32 . 2008-06-20 01:14:33 622080 ----a-w- C:\Windows\system32\icardagt.exe
2009-05-16 15:09:31 . 2008-06-20 01:14:45 781344 ----a-w- C:\Windows\system32\PresentationNative_v0300.dll
2009-05-16 15:09:30 . 2008-06-20 01:14:45 326160 ----a-w- C:\Windows\system32\PresentationHost.exe
2009-05-16 15:02:26 . 2008-07-27 18:03:16 96760 ----a-w- C:\Windows\system32\dfshim.dll
2009-05-16 15:02:24 . 2008-07-27 18:03:17 282112 ----a-w- C:\Windows\system32\mscoree.dll
2009-05-16 15:02:22 . 2008-07-27 18:03:17 41984 ----a-w- C:\Windows\system32\netfxperf.dll
2009-05-16 15:02:00 . 2008-07-27 18:03:17 158720 ----a-w- C:\Windows\system32\mscorier.dll
2009-05-16 15:01:52 . 2008-07-27 18:03:17 83968 ----a-w- C:\Windows\system32\mscories.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 12:32:34 . 2008-03-17 22:48:11 2392657920 --sha-w- \pagefile.sys
2009-06-10 12:25:04 . 2006-11-02 15:38:05 618204 ----a-w- C:\Windows\system32\perfh007.dat
2009-06-10 12:25:04 . 2006-11-02 15:38:05 122442 ----a-w- C:\Windows\system32\perfc007.dat
2009-06-10 12:14:25 . 2008-03-20 18:53:43 0 d-----w- C:\Program Files\ICQToolbar
2009-06-10 07:29:48 . 2008-04-26 11:32:29 0 d-----w- C:\Users\Benutzer\AppData\Roaming\OpenOffice.org2
2009-06-10 06:30:30 . 2008-04-26 11:33:46 1 ----a-w- C:\Users\Benutzer\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-31 13:44:59 . 2009-02-09 17:48:19 0 d-----w- C:\ProgramData\Yahoo!
2009-05-31 13:44:59 . 2009-02-09 17:48:16 0 d-----w- C:\Program Files\Yahoo!
2009-05-31 13:44:00 . 2008-07-16 14:39:50 0 d-----w- C:\ProgramData\Skype
2009-05-28 14:41:36 . 2008-05-25 12:04:46 0 d-----w- C:\Program Files\ElsterFormular
2009-05-28 14:41:36 . 2008-03-17 23:09:11 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-05-25 15:29:40 . 2008-09-05 15:17:14 0 d-----w- C:\Program Files\epson
2009-05-25 14:19:37 . 2008-04-17 19:29:10 0 d-----w- C:\Program Files\MSECache
2009-05-23 19:51:02 . 2009-01-10 20:27:06 0 d-----w- C:\Users\Benutzer\AppData\Roaming\dvdcss
2009-05-19 09:01:43 . 2008-03-27 21:17:32 0 d-----w- C:\Program Files\Windows Live
2009-05-13 14:02:17 . 2006-11-02 11:18:33 0 d-----w- C:\Program Files\Windows Mail
2009-05-01 18:30:36 . 2009-05-01 18:30:36 3366912 ----a-w- C:\Windows\system32\GPhotos.scr
2009-04-29 11:04:38 . 2009-04-29 11:04:38 0 d--h--r- C:\Users\Benutzer\AppData\Roaming\SecuROM
2009-04-24 06:57:36 . 2008-03-22 09:44:00 0 d-----w- C:\Program Files\PokerStars
2009-04-17 14:58:28 . 2009-04-20 20:53:48 954368 ----a-w- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-17 14:58:28 . 2009-04-20 20:53:48 103424 ----a-w- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-17 14:58:28 . 2009-04-20 20:53:47 344064 ----a-w- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-17 14:58:26 . 2009-04-20 20:53:48 65536 ----a-w- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-17 14:58:26 . 2009-04-20 20:53:48 4579328 ----a-w- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\extensions\piclens@cooliris.com\libs\cooliris18.dll
2009-04-17 14:58:26 . 2009-04-20 20:53:48 1161626 ----a-w- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-17 14:58:26 . 2009-04-20 20:53:47 71652 ----a-w- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-17 14:58:26 . 2009-04-20 20:53:47 4534272 ----a-w- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-17 14:58:26 . 2009-04-20 20:53:47 131868 ----a-w- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-03 07:53:09 . 2009-04-03 07:53:09 33061 ----a-w- C:\Windows\king-uninstall.exe
2009-03-18 13:10:16 . 2009-03-18 13:10:16 316672 ----a-w- C:\Windows\KingComIE.dll
2009-03-17 03:38:46 . 2009-04-15 13:06:07 13824 ----a-w- C:\Windows\system32\apilogen.dll
2009-03-17 03:38:44 . 2009-04-15 13:06:07 24064 ----a-w- C:\Windows\system32\amxread.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 15:11:48 565008]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 15:15:46 2407184]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-09-17 21:55:00 13580832]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-09-17 21:55:00 92704]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader\Reader_sl.exe" [2008-10-15 00:04:34 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-09 04:19:17 148888]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 10:08:43 209153]
"RtHDVCpl"="RtHDVCpl.exe" - C:\Windows\RtHDVCpl.exe [2007-10-11 02:53:22 4702208]
"Skytel"="Skytel.exe" - C:\Windows\SkyTel.exe [2007-10-11 03:04:04 1826816]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Gigaset WLAN Adapter Monitor.lnk - C:\WLAN Stick\GUI.exe [2008-3-20 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D9B0758D-9795-4D24-973C-50F654747CCE}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{D7437905-71B7-4813-924C-AC3EBF402BA9}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{BA5D3622-9773-4711-B409-E8B25A5E5E24}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{3530BCC7-64EE-4638-8E92-11FB7C8EF5EF}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{41E80C11-FB8F-4234-A2A1-F98D4455AFDA}C:\\program files\\web.de\\web.de multimessenger\\messengr.exe"= UDP:C:\program files\web.de\web.de multimessenger\messengr.exe:WEB.DE MultiMessenger
"UDP Query User{E652EB2F-2819-471D-A37C-E0CC5276D64D}C:\\program files\\web.de\\web.de multimessenger\\messengr.exe"= TCP:C:\program files\web.de\web.de multimessenger\messengr.exe:WEB.DE MultiMessenger
"TCP Query User{86B27968-A2C6-4DBF-8D12-FDA76FA07AAA}C:\\windows\\temp\\navbrowser.exe"= UDP:C:\windows\temp\navbrowser.exe:navbrowser.exe
"UDP Query User{478E9099-0745-4C6B-A091-DD5BBF1753C7}C:\\windows\\temp\\navbrowser.exe"= TCP:C:\windows\temp\navbrowser.exe:navbrowser.exe
"{C1E1B5EB-1A9D-4908-84F0-442DED90367C}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{628EE987-AA61-4B48-825E-938B5F73949E}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{EA9BFB8C-2E7F-4541-A2F2-8093F4A155C9}"= C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files\Avira\AntiVir Desktop\sched.exe [25.05.2009 15:57:37 108289]
R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\System32\drivers\athrusb.sys [29.07.2008 04:45:00 904192]
S3 CBPSp50;CBPSp50 NDIS Protocol Driver;C:\Windows\System32\drivers\CBPSp50.sys [20.03.2008 14:00:41 20096]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [19.05.2009 11:01:44 55280]
S3 fsssvc;Windows Live Family Safety;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 18:08:58 533360]
S3 ZD1211BU(Siemens);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Siemens);C:\Windows\System32\drivers\ZD1211BU.sys [20.03.2008 20:53:43 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-LightScribe Control Panel - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe


.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
FF - ProfilePath - C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: C:\Program Files\Adobe\Reader\browser\nppdf32.dll
FF - plugin: C:\Program Files\Google\Picasa3\npPicasa2.dll
FF - plugin: C:\Program Files\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files\Media Player Classic\VLC\npvlc.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npmidas.dll
FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true.


Uninstall List:
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.5 - Deutsch
Adobe Shockwave Player
Ashampoo Burning Studio 2007
Avira AntiVir Personal - Free Antivirus
Burn My Files
Choice Guard
ElsterFormular 2008/2009
EPSON Copy Utility 3
EPSON PhotoQuicker3.5
EPSON PRINT Image Framer Tool2.1
EPSON Scan
EPSON Smart Panel
EPSON Web-To-Page
EPSON-Drucker-Software
ESCX3600 Referenzhandbuch
ESCX3600 Softwarehandbuch
FUSSBALL MANAGER 09
Gigaset USB Stick 54
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICQ6
IrfanView (remove only)
Java(TM) 6 Update 13
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
king.com (remove only)
Logitech Legacy USB Camera-Treiberpaket
Logitech QuickCam
Logitech QuickCam-Treiberpaket
Logitech Updater
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Word Viewer 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.10)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
NVIDIA Drivers
OpenOffice.org 2.4
PhotoScape
Picasa 3
PIF DESIGNER2.1
PokerStars
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
ScanToWeb
SCHLECKER Foto Digital Service
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
VLC media player 0.9.8a
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Live-Uploadtool
Windows Media Player Firefox Plugin

Habe jetzt mal auch andere Programe durchlaufen lassen, die ich hier im forum in einen Thread gefunden habe.
Danke für eure Hilfe im vorraus!
Dieser Beitrag wurde am 10.06.2009 um 14:54 Uhr von Stiviwonder editiert.
Seitenanfang Seitenende
10.06.2009, 15:46
Moderator

Beiträge: 7795
#2 Starte Combofix bitte nochmal als Administrator, rechte Maustaste auf die Combofix.exe und "Als Administrator ausfuehren" waehlen.
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
10.06.2009, 16:26
...neu hier

Themenstarter

Beiträge: 6
#3 Habe Cobofix nochmal als Administrator ausgeführt

ComboFix 09-06-09.06 - Benutzer 10.06.2009 16:09.3 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.49.1031.18.1982.1317 [GMT 2:00]
ausgeführt von:: c:\users\Benutzer\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
---- Vorheriger Suchlauf -------
.

.
((((((((((((((((((((((( Dateien erstellt von 2009-05-10 bis 2009-06-10 ))))))))))))))))))))))))))))))
.

2009-06-10 14:17 . 2009-06-10 14:17 -------- d-sh--w- \$RECYCLE.BIN
2009-06-10 14:16 . 2009-06-10 14:18 -------- d-----w- c:\users\Benutzer\AppData\Local\temp
2009-06-10 14:08 . 2009-06-10 14:18 -------- d-s---w- \ComboFix
2009-06-10 12:09 . 2009-06-10 12:40 -------- d-----w- \Qoobox
2009-06-10 12:00 . 2009-06-10 12:00 -------- d-----w- c:\users\Benutzer\AppData\Roaming\Malwarebytes
2009-06-10 12:00 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 12:00 . 2009-06-10 12:00 -------- d-----w- c:\programdata\Malwarebytes
2009-06-10 12:00 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 12:00 . 2009-06-10 12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 07:51 . 2009-06-10 07:48 404225 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-06-10 07:51 . 2009-06-10 07:48 345345 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-06-10 07:51 . 2009-05-25 15:42 85761 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2009-06-10 07:51 . 2009-02-13 12:57 79105 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2009-06-10 07:51 . 2008-10-20 05:38 126721 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-06-10 06:34 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 06:34 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-10 06:29 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-10 06:29 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 06:29 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-05-25 15:12 . 1999-12-07 00:03 73216 ----a-w- c:\windows\ADE.DLL
2009-05-25 15:12 . 1999-06-15 09:31 96768 ----a-w- c:\windows\SlantAdj.dll
2009-05-25 15:12 . 1999-04-26 22:17 3136 ----a-w- c:\windows\Ade001.bin
2009-05-25 15:12 . 2009-05-25 15:16 -------- d-----w- c:\program files\Smart Panel
2009-05-25 13:57 . 2009-05-25 15:42 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-25 13:57 . 2009-05-25 15:42 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-25 13:57 . 2009-05-25 13:57 -------- d-----w- c:\programdata\Avira
2009-05-25 13:57 . 2009-05-25 13:57 -------- d-----w- c:\program files\Avira
2009-05-19 09:01 . 2009-05-19 09:01 -------- dc----w- c:\windows\system32\DRVSTORE
2009-05-19 09:01 . 2009-02-06 16:08 55280 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-05-19 09:01 . 2009-05-19 09:01 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-05-19 09:00 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-05-19 08:59 . 2009-05-19 08:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-19 08:58 . 2009-05-19 08:58 -------- d-----w- c:\program files\Microsoft
2009-05-19 08:58 . 2009-05-19 08:58 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-19 08:49 . 2009-05-19 08:49 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-16 15:09 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-16 15:09 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-05-16 15:09 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-05-16 15:09 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-05-16 15:09 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-05-16 15:09 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-05-16 15:09 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-05-16 15:02 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-05-16 15:02 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-05-16 15:02 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-05-16 15:02 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-05-16 15:01 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 14:16 . 2008-03-17 22:48 2392657920 --sha-w- \pagefile.sys
2009-06-10 14:13 . 2006-11-02 15:38 618204 ----a-w- c:\windows\system32\perfh007.dat
2009-06-10 14:13 . 2006-11-02 15:38 122442 ----a-w- c:\windows\system32\perfc007.dat
2009-06-10 12:14 . 2008-03-20 18:53 -------- d-----w- c:\program files\ICQToolbar
2009-06-10 07:29 . 2008-04-26 11:32 -------- d-----w- c:\users\Benutzer\AppData\Roaming\OpenOffice.org2
2009-06-10 06:30 . 2008-04-26 11:33 1 ----a-w- c:\users\Benutzer\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-31 13:44 . 2009-02-09 17:48 -------- d-----w- c:\programdata\Yahoo!
2009-05-31 13:44 . 2009-02-09 17:48 -------- d-----w- c:\program files\Yahoo!
2009-05-31 13:44 . 2008-07-16 14:39 -------- d-----w- c:\programdata\Skype
2009-05-28 14:41 . 2008-05-25 12:04 -------- d-----w- c:\program files\ElsterFormular
2009-05-28 14:41 . 2008-03-17 23:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-25 15:29 . 2008-09-05 15:17 -------- d-----w- c:\program files\epson
2009-05-25 14:19 . 2008-04-17 19:29 -------- d-----w- c:\program files\MSECache
2009-05-23 19:51 . 2009-01-10 20:27 -------- d-----w- c:\users\Benutzer\AppData\Roaming\dvdcss
2009-05-19 09:01 . 2008-03-27 21:17 -------- d-----w- c:\program files\Windows Live
2009-05-13 14:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 11:04 . 2009-04-29 11:04 -------- d--h--r- c:\users\Benutzer\AppData\Roaming\SecuROM
2009-04-24 06:57 . 2008-03-22 09:44 -------- d-----w- c:\program files\PokerStars
2009-04-17 14:58 . 2009-04-20 20:53 954368 ----a-w- c:\users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-17 14:58 . 2009-04-20 20:53 103424 ----a-w- c:\users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-17 14:58 . 2009-04-20 20:53 344064 ----a-w- c:\users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-17 14:58 . 2009-04-20 20:53 65536 ----a-w- c:\users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-17 14:58 . 2009-04-20 20:53 4579328 ----a-w- c:\users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\extensions\piclens@cooliris.com\libs\cooliris18.dll
2009-04-17 14:58 . 2009-04-20 20:53 1161626 ----a-w- c:\users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-17 14:58 . 2009-04-20 20:53 71652 ----a-w- c:\users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-17 14:58 . 2009-04-20 20:53 4534272 ----a-w- c:\users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-17 14:58 . 2009-04-20 20:53 131868 ----a-w- c:\users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-03 07:53 . 2009-04-03 07:53 33061 ----a-w- c:\windows\king-uninstall.exe
2009-03-18 13:10 . 2009-03-18 13:10 316672 ----a-w- c:\windows\KingComIE.dll
2009-03-17 03:38 . 2009-04-15 13:06 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 13:06 24064 ----a-w- c:\windows\system32\amxread.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-10_12.34.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-17 23:15 . 2009-06-10 13:59 39390 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-06-10 14:08 55718 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-17 22:58 . 2009-06-10 14:08 9848 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1991273973-334745118-1647536627-1000_UserData.bin
+ 2006-11-02 10:33 . 2009-06-10 14:13 586980 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-10 12:25 586980 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-10 14:13 101052 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-06-10 12:25 101052 c:\windows\System32\perfc009.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-11 4702208]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-10-11 1826816]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Gigaset WLAN Adapter Monitor.lnk - c:\wlan stick\GUI.exe [2008-3-20 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D9B0758D-9795-4D24-973C-50F654747CCE}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{D7437905-71B7-4813-924C-AC3EBF402BA9}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{BA5D3622-9773-4711-B409-E8B25A5E5E24}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{3530BCC7-64EE-4638-8E92-11FB7C8EF5EF}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{41E80C11-FB8F-4234-A2A1-F98D4455AFDA}c:\\program files\\web.de\\web.de multimessenger\\messengr.exe"= UDP:c:\program files\web.de\web.de multimessenger\messengr.exe:WEB.DE MultiMessenger
"UDP Query User{E652EB2F-2819-471D-A37C-E0CC5276D64D}c:\\program files\\web.de\\web.de multimessenger\\messengr.exe"= TCP:c:\program files\web.de\web.de multimessenger\messengr.exe:WEB.DE MultiMessenger
"TCP Query User{86B27968-A2C6-4DBF-8D12-FDA76FA07AAA}c:\\windows\\temp\\navbrowser.exe"= UDP:c:\windows\temp\navbrowser.exe:navbrowser.exe
"UDP Query User{478E9099-0745-4C6B-A091-DD5BBF1753C7}c:\\windows\\temp\\navbrowser.exe"= TCP:c:\windows\temp\navbrowser.exe:navbrowser.exe
"{C1E1B5EB-1A9D-4908-84F0-442DED90367C}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{628EE987-AA61-4B48-825E-938B5F73949E}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{EA9BFB8C-2E7F-4541-A2F2-8093F4A155C9}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [25.05.2009 15:57 108289]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [29.07.2008 04:45 904192]
S3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\System32\drivers\CBPSp50.sys [20.03.2008 14:00 20096]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [19.05.2009 11:01 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 18:08 533360]
S3 ZD1211BU(Siemens);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Siemens);c:\windows\System32\drivers\ZD1211BU.sys [20.03.2008 20:53 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\awtqrj4z.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Adobe\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Media Player Classic\VLC\npvlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmidas.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 16:17
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1991273973-334745118-1647536627-1000\Software\SecuROM\License information*]
"datasecu"=hex:f0,7f,18,90,3e,51,a8,c6,68,3f,e7,db,3a,8e,0d,de,e4,8c,87,3a,96,
36,65,e0,4e,42,68,94,3d,9c,47,9b,32,00,a0,e4,ad,56,64,52,2d,af,80,b8,58,ed,\
"rkeysecu"=hex:d4,88,30,dd,1b,04,0d,99,2e,35,7d,7c,28,99,9a,8b
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(9996)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-06-10 16:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-06-10 14:24

Vor Suchlauf: 19 Verzeichnis(se), 71.202.258.944 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 71.121.002.496 Bytes frei

221 --- E O F --- 2009-06-10 06:41
Seitenanfang Seitenende
10.06.2009, 16:45
Moderator

Beiträge: 7795
#4 Starte bitte Hijackthis als Administrator, hake folgendes an und druecke fix checked:


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)


Dein Antivir ist aktualisiert und meldet nichts?
Nutze auch Kaspersky avptool
http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/

sollten diese beiden nichts melden, nutze den Windowsupdater um dein System auf den neusten Stand zu bringen....

Hast du sonst irgendetwas geaendert, das die Verlangsamung erklaeren koennte? Treiber installiert usw...
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
10.06.2009, 17:02
...neu hier

Themenstarter

Beiträge: 6
#5 mit hijackthis habe ich jetzt alles gefixed.

Mein Antivir meldet die ganze zeit ein trojaner mit Namen tr7trash.gen


Ich habe kurz bevor er langsamer mein Drucker neuinstalliert.
Seitenanfang Seitenende
10.06.2009, 17:20
Moderator

Beiträge: 7795
#6 Wo meldet Antivir diesen Trojaner? In welcher Datei?
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
10.06.2009, 17:21
...neu hier

Themenstarter

Beiträge: 6
#7 C:\Windows\temp\logishrd\LVPrcInj01.dll
Seitenanfang Seitenende
10.06.2009, 17:24
Moderator

Beiträge: 7795
#8 Loesche die DAtei. Es kann sein, das sie wieder neu erstellt wird. sollte auch diese neu erstellte DAtei diese Meldung ausgeben, melde dich bitte...

Brauchst du deine Webcam von Logitech ueberhaupt?

HAben die Scans mit KAspersky etwas ergeben?
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
11.06.2009, 10:51
...neu hier

Themenstarter

Beiträge: 6
#9 Morgen,

Die Scans mit Kaspersky haben nichts angezeigt.

Die Datei habe ich geloescht und kam bis jetzt nicht wieder.

Es ist ingesamt schon etwas besser geworden, aber er ist noch nicht so schnell wie vor ein paar tagen.
Seitenanfang Seitenende
11.06.2009, 11:33
Moderator

Beiträge: 7795
#10 Lade dir bitte Gmer von hier herunter

http://www.gmer.net/#files (den Download EXE Button druecken)

starte die heruntergeladene EXE Datei und druecke dann im Reiter Rootkit "scan". Sobald der Scan beendet ist, druecke "copy" und fuege so den Report hier ein.
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
11.06.2009, 16:15
...neu hier

Themenstarter

Beiträge: 6
#11 GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-11 16:14:36
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT 987D6594 ZwCreateThread
SSDT 987D6580 ZwOpenProcess
SSDT 987D6585 ZwOpenThread
SSDT 987D658F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 454 81F08A18 4 Bytes [94, 65, 7D, 98]
.text ntkrnlpa.exe!KeSetTimerEx + 624 81F08BE8 4 Bytes [80, 65, 7D, 98] {AND BYTE [EBP+0x7d], 0x98}
.text ntkrnlpa.exe!KeSetTimerEx + 640 81F08C04 4 Bytes [85, 65, 7D, 98] {TEST [EBP+0x7d], ESP; CWDE }
.text ntkrnlpa.exe!KeSetTimerEx + 854 81F08E18 4 Bytes [8F, 65, 7D, 98]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740C7BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741098C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [740CD3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [740BF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740C7599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [740BE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [740FB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [740CD68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740C012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740C0095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740B71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7414D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [740E75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [740BDAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [740B668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740B66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [740C1E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: