Rechner braucht ewig zum Hochfahren - svchost 99% |
||
---|---|---|
#0
| ||
23.01.2010, 22:06
Member
Beiträge: 17 |
||
|
||
24.01.2010, 13:29
Member
Themenstarter Beiträge: 17 |
#2
so habe alles abgearbeitet:
1) Rechner fährt hoch, scheint sich aber eine zeitlang aufzuhängen. Dabei blockiert die Anwendung svchost die CPU mit 99%. Sobald sich die Auslastung der CPU verringert läuft dann der Rechner ohne Probleme. 2) Temporäre Dateien beseitigt 3) Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3624 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 24.01.2010 11:56:52 mbam-log-2010-01-24 (11-56-52).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 115923 Laufzeit: 8 minute(s), 24 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 2 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 7 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\WINDOWS\system32\nmklo.dll (Spyware.Zbot) -> Delete on reboot. c:\WINDOWS\system32\termsrv.dll (Packed.Krap) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\termservice (Packed.Krap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-100005000004} (Rogue.Installer) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\appiept_dlls (Spyware.Agent.H) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\nmklo.dll (Spyware.Agent.H) -> Delete on reboot. c:\WINDOWS\system32\termsrv.dll (Packed.Krap) -> Delete on reboot. C:\WINDOWS\system32\cooper.mine (Packed.Krap) -> Quarantined and deleted successfully. C:\WINDOWS\system32\2346g.4e (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bbri.few (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\few46dx.4e (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wef6.gy (Malware.Trace) -> Quarantined and deleted successfully. 4) GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-24 13:24:08 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOKUME~1\Freddy\LOKALE~1\Temp\pxldypow.sys ---- System - GMER 1.0.15 ---- SSDT 8601AF90 ZwAlertResumeThread SSDT 8608FF90 ZwAlertThread SSDT 85F20870 ZwAllocateVirtualMemory SSDT 861A6AC8 ZwConnectPort SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA6F7020] SSDT 8601F328 ZwCreateMutant SSDT 861B6EE0 ZwCreateThread SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA6F72A0] SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA6F7800] SSDT sptd.sys ZwEnumerateKey [0xF7517A92] SSDT sptd.sys ZwEnumerateValueKey [0xF7517E20] SSDT 85F17870 ZwFreeVirtualMemory SSDT 8601E220 ZwImpersonateAnonymousToken SSDT 8601E2A0 ZwImpersonateThread SSDT 861E8508 ZwMapViewOfSection SSDT 86047B68 ZwOpenEvent SSDT sptd.sys ZwOpenKey [0xF7512090] SSDT 860401D8 ZwOpenProcessToken SSDT 8607E180 ZwOpenThreadToken SSDT sptd.sys ZwQueryKey [0xF7517EF8] SSDT sptd.sys ZwQueryValueKey [0xF7517D78] SSDT 86157418 ZwResumeThread SSDT 860282C0 ZwSetContextThread SSDT 8611E3D0 ZwSetInformationProcess SSDT 85F487B8 ZwSetInformationThread SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA6F7A50] SSDT 86047AA8 ZwSuspendProcess SSDT 86030690 ZwSuspendThread SSDT 85F54418 ZwTerminateProcess SSDT 8610D4A0 ZwTerminateThread SSDT 8602B2C0 ZwUnmapViewOfSection SSDT 85F1C870 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- ? pyisuvbr.sys Das System kann die angegebene Datei nicht finden. ! ? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. .text USBPORT.SYS!DllUnload F673C8AC 5 Bytes JMP 863D01C8 ? System32\Drivers\aas5wp41.SYS Das System kann den angegebenen Pfad nicht finden. ! .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA9BFF400, 0x7960C, 0xE8000020] .protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA9CA1420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA9CA1420] .protectÿÿÿÿhardlockunknown last code section [0xA9CA1200, 0x5049, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA9CA1200, 0x5049, 0xE0000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Programme\Internet Explorer\iexplore.exe[1436] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411956E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1436] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1436] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125D189 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1436] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1436] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D48CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1436] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 413643AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1436] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 413642E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1436] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 4136434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1436] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 413641B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1436] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41364214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1436] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 41364412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1436] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41364276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1436] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 4126D9C0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1436] ole32.dll!OleLoadFromStream 774F9C85 5 Bytes JMP 41364717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1724] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411956E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1724] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1724] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125D189 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1724] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1724] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D48CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1724] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 413643AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1724] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 413642E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1724] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 4136434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1724] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 413641B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1724] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41364214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1724] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 41364412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1724] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41364276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1724] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 4126D9C0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[1724] ole32.dll!OleLoadFromStream 774F9C85 5 Bytes JMP 41364717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2252] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411956E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2252] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2252] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 413643AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2252] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 413642E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2252] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 4136434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2252] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 413641B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2252] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41364214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2252] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 41364412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2252] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41364276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F752697E] sptd.sys IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F752692A] sptd.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7541B4E] sptd.sys IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F752697E] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7512AB4] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7512BFA] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7512B7C] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7513728] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F75135FE] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7525C5A] sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Programme\Internet Explorer\iexplore.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Programme\Internet Explorer\iexplore.exe[1724] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 863621E8 Device \FileSystem\Fastfat \FatCdrom 86096980 AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\usbuhci \Device\USBPDO-0 861A61E8 Device \Driver\usbuhci \Device\USBPDO-1 861A61E8 Device \Driver\usbuhci \Device\USBPDO-2 861A61E8 Device \Driver\usbuhci \Device\USBPDO-3 861A61E8 Device \Driver\usbehci \Device\USBPDO-4 861791E8 AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\Ftdisk \Device\HarddiskVolume1 863D21E8 Device \Driver\Cdrom \Device\CdRom0 860FB548 Device \Driver\PCI_NTPNP6758 \Device\00000059 sptd.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{4DF8AF40-FD45-45CD-A8C5-6430859FC044} 86056500 Device \Driver\atapi \Device\Ide\IdePort0 [F746DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F746DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F746DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 86056500 Device \Driver\NetBT \Device\NetbiosSmb 86056500 AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\usbuhci \Device\USBFDO-0 861A61E8 Device \Driver\usbuhci \Device\USBFDO-1 861A61E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86043510 Device \Driver\usbuhci \Device\USBFDO-2 861A61E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 86043510 Device \Driver\usbuhci \Device\USBFDO-3 861A61E8 Device \Driver\Ftdisk \Device\FtControl 863D21E8 Device \Driver\usbehci \Device\USBFDO-4 861791E8 Device \Driver\aas5wp41 \Device\Scsi\aas5wp411 860E6750 Device \FileSystem\Fastfat \Fat 86096980 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 861274E8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0000f08c0ea2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1088461716 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1163029529 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x08 0x9F 0xE6 0x84 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA1 0xB3 0x1D 0xCA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x71 0x5A 0x7A 0x58 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0000f08c0ea2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x08 0x9F 0xE6 0x84 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA1 0xB3 0x1D 0xCA ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x71 0x5A 0x7A 0x58 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x08 0x9F 0xE6 0x84 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA1 0xB3 0x1D 0xCA ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x83 0x54 0xEC 0x0D ... 5) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:15:22, on 24.01.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe C:\Programme\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Programme\Symantec\LiveUpdate\luall.exe C:\Programme\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Dokumente und Einstellungen\Freddy\Eigene Dateien\Progs\System\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.gmx.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Freddy's Zugang zur Außenwelt R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.147.134.5:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: In &neuem Fenster öffnen - C:\Dokumente und Einstellungen\Freddy\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm O8 - Extra context menu item: Mit &Google suchen - C:\Dokumente und Einstellungen\Freddy\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsearch.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Übersetzen mit &dict.leo.org - C:\Dokumente und Einstellungen\Freddy\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tutrans.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4943/mcfscan.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodata Limited License Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- End of file - 8697 bytes Wie gehts jetzt weiter? Quelle: http://board.protecus.de/t38879.htm#ixzz0dX3xsdZP |
|
|
seit kurzem braucht mein Rechner extrem lange zum Hochfahren (>5 min). Dabei fällt mir auf, dass der Prozess svchost die ganze Zeit auf 99% steht!
Kann mir jemand helfen? Meine bisherigen "Heilungsversuche" waren erfolglos...
Log von HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 21:52:16, on 23.01.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Freddy\Eigene Dateien\Progs\System\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.gmx.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Freddy's Zugang zur Außenwelt
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.147.134.5:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: In &neuem Fenster öffnen - C:\Dokumente und Einstellungen\Freddy\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
O8 - Extra context menu item: Mit &Google suchen - C:\Dokumente und Einstellungen\Freddy\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Übersetzen mit &dict.leo.org - C:\Dokumente und Einstellungen\Freddy\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tutrans.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4943/mcfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
Quelle: http://board.protecus.de/t38879.htm#ixzz0dTJXLVxV