Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: 6 mal svchost.exe, 2 mal avp.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 20.06.2008, 19:18   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
6 mal svchost.exe, 2 mal avp.exe - Daumen hoch

6 mal svchost.exe, 2 mal avp.exe



Das ist schon so okay mit dem Avenger - nochmal zur Überprüfung, ob auch wirklich nix neues hinzugekommen ist, bitte mal neue Logfiles posten mit

- DSS
- silentrunners

Und am besten wieder bei file-upload.net hoch und hier verlinken.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.06.2008, 10:47   #17
andi34875
 
6 mal svchost.exe, 2 mal avp.exe - Standard

6 mal svchost.exe, 2 mal avp.exe



also arbeiten tut mein computer wieder normal, ob noch was im hintergrund läuft wirst du mir hoffentlich sagen^^


[edit]
bitte editiere zukünftig deine links, wie es dir u.a. hier angezeigt wird:
http://www.trojaner-board.de/22771-a...tml#post171958

danke
GUA
[/edit]
__________________


Alt 21.06.2008, 12:57   #18
andi34875
 
6 mal svchost.exe, 2 mal avp.exe - Standard

6 mal svchost.exe, 2 mal avp.exe



also arbeiten tut mein computer wieder normal, ob noch was im hintergrund läuft wirst du mir hoffentlich sagen^^


Deckard's System Scanner v20071014.68
Run by Andi on 2008-06-21 13:41:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as .exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:27, on 21.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\Razer\Krait\razerhid.exe
C:\Programme\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe
C:\Programme\Lexmark 2300 Series\ezprint.exe
C:\Programme\Yahoo!\Search Protection\SearchProtection.exe
C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Razer\Krait\razerofa.exe
C:\Programme\NETGEAR\WG111T\wlan111t.exe
C:\Programme\Symantec\Norton AntiBot\agent\bin\NABMonitor.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\iTunes\iTunes.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Dokumente und Einstellungen\\Desktop\dss.exe
C:\DOKUME~1\\Desktop\.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w*w.die-staemme.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\1355\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\1355\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\1355\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Krait] C:\Programme\Razer\Krait\razerhid.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [NortonAntiBot] "C:\Programme\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Programme\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Programme\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programme\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [YSearchProtection] "C:\Programme\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [YSearchProtection] C:\Programme\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: Download Using &BitSpirit - C:\Programme\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programme\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - htt://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - htp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - htp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - htp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - htp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Personal Security Suite V (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:\Programme\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Programme\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe

--
End of file - 10482 bytes

-- Files created between 2008-05-21 and 2008-06-21 -----------------------------

2008-06-18 19:16:28 93632 --a------ C:\WINDOWS\system32\gmwettnw.dll
2008-06-17 17:58:25 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-17 17:58:25 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-17 17:58:25 86016 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-17 17:58:25 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-17 17:58:25 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-17 17:58:25 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-17 17:58:25 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-17 17:01:14 0 d-------- C:\WINDOWS\pss
2008-06-17 16:05:16 0 d-------- C:\DVDVideoSoft
2008-06-17 16:03:34 0 d-------- C:\Programme\\DVDVideoSoft
2008-06-17 16:03:34 0 d-------- C:\Programme\DVDVideoSoft
2008-06-17 15:44:32 0 d-------- C:\Programme\Sunbelt Software
2008-05-25 11:12:34 0 d-------- C:\Programme\Yahoo!
2008-05-23 16:30:07 0 d-------- C:\Programme\PC Connectivity Solution
2008-05-23 16:26:15 0 d-------- C:\Programme\DIFX
2008-05-23 16:24:55 0 d-------- C:\Programme\\PCSuite
2008-05-23 16:24:54 0 d-------- C:\Programme\\Nokia


-- Find3M Report ---------------------------------------------------------------

2008-06-21 13:31:58 0 d-------- C:\Programme\Cossacks - Back To War <COSSAC~1>
2008-06-17 20:23:34 0 d-------- C:\Dokumente und Einstellungen\\Anwendungsdaten\ICQ
2008-06-17 16:07:05 0 d-------- C:\Dokumente und Einstellungen\\Anwendungsdaten\Adobe
2008-06-17 16:05:02 0 d-------- C:\Programme\\Adobe
2008-06-17 16:03:34 0 d-------- C:\Programme\
2008-06-17 15:45:13 0 d-------- C:\Dokumente und Einstellungen\\Anwendungsdaten\Sunbelt Software
2008-06-14 17:35:01 3166 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-11 19:56:40 0 d-------- C:\Dokumente und Einstellungen\\Anwendungsdaten\dvdcss
2008-05-30 21:40:33 0 d-------- C:\Programme\Symantec Shared
2008-05-30 15:00:00 0 d-------- C:\Programme\Norton Security Scan
2008-05-25 11:14:30 0 d-------- C:\Dokumente und Einstellungen\Anwendungsdaten\Yahoo!
2008-05-23 17:01:21 0 d-------- C:\Dokumente und Einstellungen\\Anwendungsdaten\Nokia Multimedia Player
2008-05-23 16:24:54 0 d-------- C:\Programme\Nokia
2008-05-13 15:59:47 0 d-------- C:\Dokumente und Einstellungen\\Anwendungsdaten\AdobeUM
2008-05-11 21:29:32 0 d-------- C:\Programme\MSN Messenger
2008-05-11 20:11:58 0 d-------- C:\Dokumente und Einstellungen\\Anwendungsdaten\Hamachi
2008-05-10 20:56:02 47104 --a------ C:\WINDOWS\system32\KMVIDC32.DLL
2008-04-24 20:12:49 0 d-------- C:\Programme\BitSpirit
2008-03-30 16:07:31 405118 --a------ C:\WINDOWS\system32\perfh007.dat
2008-03-30 16:07:31 70580 --a------ C:\WINDOWS\system32\perfc007.dat
2008-03-27 16:53:06 20 --a------ C:\WINDOWS\system32\SYSTEM
2008-03-23 00:58:35 1276 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [27.10.2006 08:45 C:\WINDOWS\mixer.exe]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [25.10.2006 19:58]
"StartCCC"="C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10.11.2006 12:35]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19.07.2005 17:32]
"LogitechVideoRepair"="C:\Programme\Logitech\Video\ISStart.exe" [08.06.2005 15:24]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [13.08.2004 02:05]
"UpdateManager"="C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" [07.01.2004 02:01]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 05:25]
"Krait"="C:\Programme\Razer\Krait\razerhid.exe" [24.01.2006 11:38]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe" []
"NortonAntiBot"="C:\Programme\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe" [12.11.2007 23:59]
"lxcgmon.exe"="C:\Programme\Lexmark 2300 Series\lxcgmon.exe" [05.05.2005 01:24]
"EzPrint"="C:\Programme\Lexmark 2300 Series\ezprint.exe" [08.06.2005 18:19]
"FaxCenterServer"="C:\Programme\Lexmark Fax Solutions\fm3032.exe" [03.05.2005 20:20]
"PCSuiteTrayApplication"="C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23.03.2007 13:20]
"YSearchProtection"="C:\Programme\Yahoo!\Search Protection\SearchProtection.exe" [10.01.2008 18:41]
"AVP"="C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe" [09.03.2007 21:50]
"@"="" []
"SBCSTray"="C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe" [21.12.2007 15:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [17.08.2004 13:54]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" []
"LogitechSoftwareUpdate"="C:\Programme\Logitech\Video\ManifestEngine.exe" [08.06.2005 14:44]
"@"="" []
"MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [19.01.2007 12:55]
"ICQ"="C:\Programme\ICQ6\ICQ.exe" [16.04.2008 15:38]
"YSearchProtection"="C:\Programme\Yahoo!\Search Protection\SearchProtection.exe" [10.01.2008 18:41]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [25.04.2008 17:28]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Dokumente und Einstellungen\startmen\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.09.2005 22:05:26]
NETGEAR WG111T Smart Wizard.lnk - C:\Programme\NETGEAR\WG111T\wlan111t.exe [07.12.2007 16:20:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlJCUOec

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^s^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk]
path=C:\Dokumente und Einstellungen\\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Programme\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Programme\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide




-- End of Deckard's System Scanner: finished at 2008-06-21 13:42:07 ------------




"Silent Runners.vbs", revision 58, http://ww.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [file not found]
"LogitechSoftwareUpdate" = "C:\Programme\Logitech\Video\ManifestEngine.exe boot" ["Logitech Inc."]
"(Default)" = "(empty string)" [file not found]
"MsnMsgr" = ""C:\Programme\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"ICQ" = ""C:\Programme\ICQ6\ICQ.exe" silent" ["ICQ, Inc."]
"YSearchProtection" = "C:\Programme\Yahoo!\Search Protection\SearchProtection.exe" ["Yahoo! Inc."]
"swg" = "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"StartCCC" = "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [null data]
"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]
"LogitechVideoRepair" = "C:\Programme\Logitech\Video\ISStart.exe " ["Logitech Inc."]
"dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"]
"UpdateManager" = ""C:\Programme\\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"Krait" = "C:\Programme\Razer\Krait\razerhid.exe" [empty string]
"Adobe Photo Downloader" = ""C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe"" [file not found]
"NortonAntiBot" = ""C:\Programme\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"" ["Symantec"]
"lxcgmon.exe" = ""C:\Programme\Lexmark 2300 Series\lxcgmon.exe"" ["Lexmark International, Inc."]
"EzPrint" = ""C:\Programme\Lexmark 2300 Series\ezprint.exe"" ["Lexmark International Inc."]
"FaxCenterServer" = ""C:\Programme\Lexmark Fax Solutions\fm3032.exe" /s" [null data]
"PCSuiteTrayApplication" = "C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup" ["Nokia"]
"YSearchProtection" = ""C:\Programme\Yahoo!\Search Protection\SearchProtection.exe"" ["Yahoo! Inc."]
"AVP" = ""C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe"" ["Kaspersky Lab"]
"(Default)" = "(empty string)" [file not found]
"SBCSTray" = "C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe" ["Sunbelt Software"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{055FD26D-3A88-4e15-963D-DC8493744B1D}\(Default) = "XTTBPos00"
-> {HKLM...CLSID} = "XTTBPos00 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\1355\toolbaru.dll" ["IE Toolbar"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = "*b" (unwritable string)
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Programme\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll" ["Google Inc."]
__________________

Antwort

Themen zu 6 mal svchost.exe, 2 mal avp.exe
ausgelastet, avp.exe, browser, computer, cpu 100, desktop, downloader, google, hijack, hkus\s-1-5-18, iexplore.exe, immer wieder, installation, internet, internet explorer, kaspersky, netgear, personal security, plug-in, problem, prozess, rundll, security, security suite, software, solution, starten, svchost.exe, symantec, system, urlsearchhook, viren, windows, windows xp



Ähnliche Themen: 6 mal svchost.exe, 2 mal avp.exe


  1. svchost.exe ( Svchost Prozess Analyser)
    Log-Analyse und Auswertung - 23.09.2011 (7)
  2. 10x svchost.exe
    Log-Analyse und Auswertung - 13.04.2011 (1)
  3. svchost Virus ! C:\Benutzer\Windows\Install\svchost.exe - WORM/Rebhip.A.318
    Plagegeister aller Art und deren Bekämpfung - 20.01.2011 (1)
  4. svchost.bat? Was ist das?
    Plagegeister aller Art und deren Bekämpfung - 19.01.2011 (43)
  5. svchost.exe
    Log-Analyse und Auswertung - 07.12.2010 (1)
  6. svchost.exe 100%
    Plagegeister aller Art und deren Bekämpfung - 15.09.2010 (13)
  7. Svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 30.06.2010 (2)
  8. TR/Crypt.ZPACK.Gen in C:\Temp\bcot.tmp\svchost.exe , C:\Temp\qmub.tmp\svchost.exe usw
    Plagegeister aller Art und deren Bekämpfung - 12.04.2010 (1)
  9. Svchost.exe
    Log-Analyse und Auswertung - 25.02.2009 (3)
  10. Svchost.exe ca 20 mal
    Alles rund um Windows - 05.01.2008 (2)
  11. svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 26.12.2007 (3)
  12. svchost
    Log-Analyse und Auswertung - 14.12.2007 (8)
  13. svchost.exe
    Mülltonne - 21.10.2007 (1)
  14. Svchost.exe
    Log-Analyse und Auswertung - 25.09.2007 (11)
  15. svchost.exe??
    Plagegeister aller Art und deren Bekämpfung - 22.12.2005 (3)
  16. 5 svchost.exe!?
    Log-Analyse und Auswertung - 03.04.2005 (5)
  17. svchost.exe
    Log-Analyse und Auswertung - 27.02.2005 (1)

Zum Thema 6 mal svchost.exe, 2 mal avp.exe - Das ist schon so okay mit dem Avenger - nochmal zur Überprüfung, ob auch wirklich nix neues hinzugekommen ist, bitte mal neue Logfiles posten mit - DSS - silentrunners Und - 6 mal svchost.exe, 2 mal avp.exe...
Archiv
Du betrachtest: 6 mal svchost.exe, 2 mal avp.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.