| |
| |||||||
Log-Analyse und Auswertung: Problem mit svchost.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
25.04.2009, 13:50
| #1 |
 |  Problem mit svchost.exe Silentrunners: http://www.speedshare.org/download.php?id=CDA10B3212 TCPView: Code:
ATTFilter [System Process]:0 TCP pcgary:1110 localhost:1670 TIME_WAIT
[System Process]:0 TCP pcgary:1052 localhost:1198 TIME_WAIT
[System Process]:0 TCP pcgary:1735 localhost:1110 TIME_WAIT
[System Process]:0 TCP pcgary:1734 207.46.198.249:http TIME_WAIT
[System Process]:0 TCP pcgary:1732 localhost:1110 TIME_WAIT
[System Process]:0 TCP pcgary:1110 localhost:1617 TIME_WAIT
[System Process]:0 TCP pcgary:1110 localhost:1739 TIME_WAIT
alg.exe:3480 TCP pcgary:1032 pcgary:0 LISTENING
avp.exe:144 TCP pcgary:1110 localhost:1748 ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1476 ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1459 ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1474 ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1473 ESTABLISHED
avp.exe:144 TCP pcgary:1479 a83-243-11-105.deploy.akamaitechnologies.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1463 ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1495 ESTABLISHED
avp.exe:144 TCP pcgary:1480 a83-243-11-105.deploy.akamaitechnologies.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1481 a83-243-11-105.deploy.akamaitechnologies.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1465 a83-243-11-105.deploy.akamaitechnologies.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1497 a83-243-11-105.deploy.akamaitechnologies.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1513 ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1593 ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1482 ESTABLISHED
avp.exe:144 TCP pcgary:1487 a83-243-11-104.deploy.akamaitechnologies.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1515 a83-243-11-105.deploy.akamaitechnologies.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1503 65.55.21.250:http ESTABLISHED
avp.exe:144 TCP pcgary:1484 a83-243-11-105.deploy.akamaitechnologies.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1485 ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1501 ESTABLISHED
avp.exe:144 TCP pcgary:1595 65.55.11.240:http ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1489 ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1744 ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1728 ESTABLISHED
avp.exe:144 TCP pcgary:1491 a83-243-11-105.deploy.akamaitechnologies.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1110 localhost:1751 ESTABLISHED
avp.exe:144 TCP pcgary:1461 a83-243-11-105.deploy.akamaitechnologies.com:http ESTABLISHED
avp.exe:144 TCP pcgary:19780 pcgary:0 LISTENING
avp.exe:144 TCP pcgary:1110 pcgary:0 LISTENING
avp.exe:144 TCP pcgary:1730 wy-in-f100.google.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1753 ww-in-f154.google.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1746 ww-in-f154.google.com:http ESTABLISHED
avp.exe:144 TCP pcgary:1750 ww-in-f154.google.com:http ESTABLISHED
firefox.exe:3384 TCP pcgary:1495 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1463 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1513 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1593 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1482 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1485 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1501 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1057 localhost:1058 ESTABLISHED
firefox.exe:3384 TCP pcgary:1058 localhost:1057 ESTABLISHED
firefox.exe:3384 TCP pcgary:1473 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1489 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1474 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1093 localhost:1092 ESTABLISHED
firefox.exe:3384 TCP pcgary:1459 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1092 localhost:1093 ESTABLISHED
firefox.exe:3384 TCP pcgary:1476 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1728 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1751 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1744 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1748 localhost:1110 ESTABLISHED
firefox.exe:3384 TCP pcgary:1788 localhost:7005 SYN_SENT
firefox.exe:3384 TCP pcgary:1789 localhost:7005 SYN_SENT
firefox.exe:3384 TCP pcgary:1790 localhost:7005 SYN_SENT
jqs.exe:272 TCP pcgary:5152 localhost:1071 CLOSE_WAIT
jqs.exe:272 TCP pcgary:5152 pcgary:0 LISTENING
LogitechDesktopMessenger.exe:1844 UDP pcgary:9370 *:*
lsass.exe:1188 UDP pcgary:isakmp *:*
lsass.exe:1188 UDP pcgary:4500 *:*
MessengerDiscovery Live.exe:2760 TCP pcgary:1031 localhost:1030 CLOSE_WAIT
MessengerDiscovery Live.exe:2760 TCP pcgary:1045 localhost:1051 ESTABLISHED
MessengerDiscovery Live.exe:2760 TCP pcgary:1053 by2msg3020308.phx.gbl:1863 ESTABLISHED
MessengerDiscovery Live.exe:2760 TCP pcgary:1030 pcgary:0 LISTENING
MessengerDiscovery Live.exe:2760 TCP pcgary:1199 pcgary:0 LISTENING
msnmsgr.exe:2188 TCP pcgary:1051 localhost:1045 ESTABLISHED
msnmsgr.exe:2188 UDP pcgary:13184 *:*
msnmsgr.exe:2188 UDP pcgary:1043 *:*
msnmsgr.exe:2188 UDP pcgary:discard *:*
msnmsgr.exe:2188 UDP pcgary:1034 *:*
msnmsgr.exe:2188 UDP pcgary:24666 *:*
svchost.exe:1524 TCP pcgary:epmap pcgary:0 LISTENING
svchost.exe:1568 UDP pcgary:ntp *:*
svchost.exe:1568 UDP pcgary:ntp *:*
svchost.exe:1780 UDP pcgary:1900 *:*
svchost.exe:1780 UDP pcgary:1900 *:*
System:4 TCP pcgary:microsoft-ds pcgary:0 LISTENING
System:4 TCP pcgary:netbios-ssn pcgary:0 LISTENING
System:4 UDP pcgary:netbios-dgm *:*
System:4 UDP pcgary:netbios-ns *:*
System:4 UDP pcgary:microsoft-ds *:*
|
|
25.04.2009, 14:47
| #2 |
| /// Helfer-Team    | Problem mit svchost.exe So, und nun noch das gelöschte Verzeichnis wiederherstellen, am besten bevor irgendeine Software darüber ins Stolpern kommt, dass das Verzeichnis für temporäre Dateien im Benutzerprofil plötzlich fehlt
__________________ |
|
25.04.2009, 15:59
| #3 |
| | Problem mit svchost.exe Soll ich den Temp Ordner jetzt wieder herstellen?
__________________Und warum sollte ich ihn dann löschen...? |
|
25.04.2009, 20:40
| #4 |
 | Problem mit svchost.exe Hi, @KarlKarl: Hmm, wenn Apps wichtige Daten in Temp-Verzeichnissen ablegen die zum Arbeiten wichtig sind, dann gehört der Entwickler... Aber vielleicht sehe ich das ja falsch... Kurz und gut ich denke nicht das es zu Beeinträchtigungen kommt! Aber Du hast natürlich recht, wir sollten das Verzeichnis leer wieder anlegen lassen (Also Core bitte im Verzeichnis "C:\DOCUME~1\Gary_\LOCALS~1" einen leeren Ordner "Temp" anlegen, wenn nicht schon eines automatisch von 'Windows angelegt wurde...) Silentrunner zeigt etwas an, was mir nicht gefällt (und von der Sig einem Wurm entspricht, nur der Ort wäre "falsch"): C:\Program Files\Samsung\Samsung PC Studio 3\Share_autoplay.exe, bitte online prüfen (kennst Du ja jetzt schon) und Ergebnis posten... Wann hast Du denn den Styler installiert (StylerTB.dll)...? Den Verbindung kann ich nichts ungewöhnliches entnehmen (TCPView)... Hat Prevx was gefunden...? Irgendwie ist nichts zu finden, aber vielleicht hat ja Karl noch eine Idee... Lade dir Lop S&D herunter. Führe Lop S&D.exe (http://eric.71.mespages.googlepages.com/LopSD.exe) per Doppelklick aus. Wähle die Sprache deiner Wahl und anschließend die Option 1 (Suche) Warte bis der Scanbericht erstellt wird (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen) (Sollte dein Desktop verschwinden, drücke bitte Ctrl + Alt + Suppr um den Taskmanager zu starten. Wähle unter Datei, neuen Task aus und gib dort explorer.exe ein) chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) Geändert von Chris4You (25.04.2009 um 21:13 Uhr) |
|
25.04.2009, 21:29
| #5 | |||||
| | Problem mit svchost.exeZitat:
Zitat:
Zitat:
 Weiß nichtmal wozu die gut sein soll. (Vielleicht Vista Style?)Zitat:
Zitat:
|
|
25.04.2009, 21:35
| #6 |
| | Problem mit svchost.exe LopR: Code:
ATTFilter --------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz )
BIOS : BIOS Date: 07/03/07 20:14:02 Ver: 08.00.12
USER : Gary_ ( Administrator )
BOOT : Normal boot
Antivirus : NOD32 antivirus system 2.51 2.51 (Activated)
Firewall : Kaspersky Security Suite CBE 7.0.1.325 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:465 Go (Free:218 Go)
D:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)
G:\ (USB) - FAT - Total:955 Mo (Free:0 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 25.04.2009|22:23 )
--------------------\\ Ordner Verzeichnis unter APPLIC~1
[01.12.2007|19:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[0|Datei(en)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bytes
[3|Verzeichnis(se),] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bytes frei
[04.03.2009|00:16] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe
[27.02.2009|15:03] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe Systems
[10.08.2008|23:35] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Age of Empires 3
[28.12.2007|14:40] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Ahead
[21.04.2009|22:07] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\AVS4YOU
[27.02.2009|15:51] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Azureus
[05.02.2009|15:21] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\DAEMON Tools Lite
[28.02.2009|14:10] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\DAEMON Tools Pro
[10.05.2008|15:12] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Firefly Studios
[04.03.2009|00:18] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FLEXnet
[29.11.2008|22:05] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FreeDownloadManager.ORG
[13.06.2008|19:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Installations
[17.02.2008|13:34] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\InstallShield
[25.04.2009|14:36] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab
[31.03.2008|21:56] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
[22.08.2008|15:56] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Logishrd
[01.09.2008|23:07] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Logitech
[21.04.2009|17:29] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Malwarebytes
[03.04.2008|13:49] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Messenger Plus!
[20.04.2009|22:48] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft
[15.03.2009|13:51] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Games
[22.04.2009|22:17] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Help
[18.01.2008|22:32] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nokia
[06.12.2007|16:06] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PC Suite
[25.04.2009|13:26] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PrevxCSI
[02.12.2007|22:31] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Skype
[28.02.2009|14:32] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sony
[21.04.2009|15:20] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
[25.04.2009|22:06] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SwiftKit
[20.06.2008|19:30] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Tages
[03.04.2009|12:45] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
[19.04.2009|20:00] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
[26.01.2008|17:44] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WinZip
[21.12.2008|00:25] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WLInstaller
[0|Datei(en)] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Bytes
[36|Verzeichnis(se),] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Bytes frei
[01.12.2007|18:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|Datei(en)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Bytes
[3|Verzeichnis(se),] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Bytes frei
[01.12.2007|21:10] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Microsoft
[0|Datei(en)] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Bytes
[3|Verzeichnis(se),] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Bytes frei
[04.03.2009|00:30] C:\DOCUME~1\Gary_\APPLIC~1\Adobe
[22.04.2009|22:29] C:\DOCUME~1\Gary_\APPLIC~1\Audacity
[21.04.2009|22:07] C:\DOCUME~1\Gary_\APPLIC~1\AVS4YOU
[27.02.2009|15:52] C:\DOCUME~1\Gary_\APPLIC~1\Azureus
[01.04.2009|13:53] C:\DOCUME~1\Gary_\APPLIC~1\BitTorrent
[31.07.2008|18:20] C:\DOCUME~1\Gary_\APPLIC~1\Codemasters
[05.02.2009|15:22] C:\DOCUME~1\Gary_\APPLIC~1\DAEMON Tools
[05.02.2009|15:17] C:\DOCUME~1\Gary_\APPLIC~1\DAEMON Tools Lite
[28.02.2009|14:10] C:\DOCUME~1\Gary_\APPLIC~1\DAEMON Tools Pro
[17.03.2009|01:11] C:\DOCUME~1\Gary_\APPLIC~1\DivX
[09.02.2009|16:28] C:\DOCUME~1\Gary_\APPLIC~1\DNA
[03.08.2008|23:14] C:\DOCUME~1\Gary_\APPLIC~1\EasyMangosHandler
[08.04.2009|14:18] C:\DOCUME~1\Gary_\APPLIC~1\FOG Downloader
[04.12.2008|23:38] C:\DOCUME~1\Gary_\APPLIC~1\Free Download Manager
[03.08.2008|02:25] C:\DOCUME~1\Gary_\APPLIC~1\GrabPro
[28.02.2009|14:05] C:\DOCUME~1\Gary_\APPLIC~1\Hamachi
[04.03.2009|22:53] C:\DOCUME~1\Gary_\APPLIC~1\HiYo
[27.10.2008|17:27] C:\DOCUME~1\Gary_\APPLIC~1\ICQ
[31.07.2008|01:32] C:\DOCUME~1\Gary_\APPLIC~1\Identities
[01.09.2008|23:05] C:\DOCUME~1\Gary_\APPLIC~1\InstallShield
[05.03.2009|14:06] C:\DOCUME~1\Gary_\APPLIC~1\InstallShield Installation Information
[22.08.2008|16:00] C:\DOCUME~1\Gary_\APPLIC~1\Leadertech
[16.04.2009|13:59] C:\DOCUME~1\Gary_\APPLIC~1\LimeWire
[01.09.2008|23:07] C:\DOCUME~1\Gary_\APPLIC~1\Logitech
[15.10.2008|18:05] C:\DOCUME~1\Gary_\APPLIC~1\Macromedia
[21.04.2009|17:29] C:\DOCUME~1\Gary_\APPLIC~1\Malwarebytes
[21.04.2009|14:38] C:\DOCUME~1\Gary_\APPLIC~1\Microsoft
[15.03.2009|13:50] C:\DOCUME~1\Gary_\APPLIC~1\Microsoft Game Studios
[09.01.2009|21:22] C:\DOCUME~1\Gary_\APPLIC~1\Mozilla
[31.07.2008|02:31] C:\DOCUME~1\Gary_\APPLIC~1\MSNInstaller
[31.07.2008|02:31] C:\DOCUME~1\Gary_\APPLIC~1\Nokia
[31.07.2008|02:31] C:\DOCUME~1\Gary_\APPLIC~1\Nokia Multimedia Player
[31.07.2008|02:31] C:\DOCUME~1\Gary_\APPLIC~1\Opera
[04.08.2008|17:17] C:\DOCUME~1\Gary_\APPLIC~1\Orbit
[31.07.2008|02:31] C:\DOCUME~1\Gary_\APPLIC~1\PC Suite
[28.02.2009|14:36] C:\DOCUME~1\Gary_\APPLIC~1\Publish Providers
[18.02.2009|21:27] C:\DOCUME~1\Gary_\APPLIC~1\Red Alert 3
[17.01.2009|21:09] C:\DOCUME~1\Gary_\APPLIC~1\Reloop
[31.07.2008|02:31] C:\DOCUME~1\Gary_\APPLIC~1\SecuROM
[13.02.2009|17:59] C:\DOCUME~1\Gary_\APPLIC~1\Sierra Entertainment
[29.12.2008|12:47] C:\DOCUME~1\Gary_\APPLIC~1\Skype
[29.12.2008|07:24] C:\DOCUME~1\Gary_\APPLIC~1\skypePM
[28.02.2009|14:41] C:\DOCUME~1\Gary_\APPLIC~1\Sony
[19.10.2008|12:25] C:\DOCUME~1\Gary_\APPLIC~1\SPORE
[31.07.2008|01:52] C:\DOCUME~1\Gary_\APPLIC~1\Styler
[31.07.2008|02:30] C:\DOCUME~1\Gary_\APPLIC~1\Sun
[31.07.2008|02:30] C:\DOCUME~1\Gary_\APPLIC~1\SystemRequirementsLab
[19.04.2009|20:09] C:\DOCUME~1\Gary_\APPLIC~1\teamspeak2
[20.12.2008|23:37] C:\DOCUME~1\Gary_\APPLIC~1\TeamViewer
[31.07.2008|02:29] C:\DOCUME~1\Gary_\APPLIC~1\Ubisoft
[16.03.2009|14:55] C:\DOCUME~1\Gary_\APPLIC~1\uTorrent
[31.07.2008|01:53] C:\DOCUME~1\Gary_\APPLIC~1\ViStart
[27.03.2009|18:33] C:\DOCUME~1\Gary_\APPLIC~1\Winamp
[31.07.2008|02:12] C:\DOCUME~1\Gary_\APPLIC~1\WinRAR
[11.02.2009|23:16] C:\DOCUME~1\Gary_\APPLIC~1\Xfire
[28.02.2009|03:10] C:\DOCUME~1\Gary_\APPLIC~1\YuLeech
[0|Datei(en)] C:\DOCUME~1\Gary_\APPLIC~1\Bytes
[58|Verzeichnis(se),] C:\DOCUME~1\Gary_\APPLIC~1\Bytes frei
[01.12.2007|18:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|Datei(en)] C:\DOCUME~1\LOCALS~1\APPLIC~1\Bytes
[3|Verzeichnis(se),] C:\DOCUME~1\LOCALS~1\APPLIC~1\Bytes frei
[01.12.2007|21:10] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Microsoft
[26.01.2008|12:32] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\TeamViewer
[0|Datei(en)] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Bytes
[4|Verzeichnis(se),] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Bytes frei
[01.12.2007|18:20] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|Datei(en)] C:\DOCUME~1\NETWOR~1\APPLIC~1\Bytes
[3|Verzeichnis(se),] C:\DOCUME~1\NETWOR~1\APPLIC~1\Bytes frei
[01.12.2007|21:10] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\Microsoft
[30.11.2008|13:41] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\Xfire
[0|Datei(en)] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\Bytes
[4|Verzeichnis(se),] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\Bytes frei
--------------------\\ Geplante Aufgaben unter C:\WINDOWS\Tasks
[25.04.2009 14:34][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04.08.2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Ordner Verzeichnis unter C:\Program Files
[21.04.2009|14:57] C:\Program Files\Acoustica Beatcraft
[17.03.2009|23:49] C:\Program Files\Acoustica Shared Effects
[04.03.2009|00:15] C:\Program Files\Adobe
[04.03.2009|00:12] C:\Program Files\Adobe Media Player
[15.03.2009|21:04] C:\Program Files\AGEIA Technologies
[08.03.2009|18:58] C:\Program Files\alaplaya
[08.02.2009|21:48] C:\Program Files\Anno 1701
[14.02.2009|16:18] C:\Program Files\ASUS
[01.12.2007|18:44] C:\Program Files\Attansic
[27.06.2008|19:13] C:\Program Files\Audacity 1.3 Beta (Unicode)
[13.03.2009|18:29] C:\Program Files\AviSynth 2.5
[21.04.2009|22:10] C:\Program Files\AVS4YOU
[12.02.2009|15:37] C:\Program Files\Bethesda Softworks
[07.02.2009|12:51] C:\Program Files\BitTorrent
[13.12.2008|16:22] C:\Program Files\Cabal Online
[17.02.2008|15:27] C:\Program Files\CAPCOM
[21.04.2009|15:15] C:\Program Files\CCleaner
[25.04.2009|14:35] C:\Program Files\cFosSpeed
[21.04.2009|22:07] C:\Program Files\Common Files
[28.02.2009|14:13] C:\Program Files\DAEMON Tools Pro
[24.01.2008|20:41] C:\Program Files\Debugging Tools for Windows
[06.12.2007|16:05] C:\Program Files\DIFX
[01.07.2008|17:22] C:\Program Files\DirectX
[13.03.2009|18:42] C:\Program Files\DivX
[08.02.2009|23:16] C:\Program Files\DNA
[08.09.2008|22:33] C:\Program Files\DsNET Corp
[05.03.2009|14:06] C:\Program Files\EA GAMES
[18.02.2009|18:54] C:\Program Files\Electronic Arts
[08.02.2008|01:34] C:\Program Files\eMule
[13.03.2009|18:27] C:\Program Files\eRightSoft
[20.04.2009|23:09] C:\Program Files\ESET
[10.05.2008|15:06] C:\Program Files\Firefly Studios
[29.11.2008|22:05] C:\Program Files\Free Download Manager
[07.07.2008|18:34] C:\Program Files\Game Cam V2
[18.12.2008|12:30] C:\Program Files\Gameforge4D
[24.12.2008|02:43] C:\Program Files\Garry's Mod 10 Dedicated Server
[22.02.2009|18:16] C:\Program Files\Hamachi
[01.03.2008|00:58] C:\Program Files\HyCam2
[16.03.2009|18:05] C:\Program Files\ICQ6
[06.04.2009|17:45] C:\Program Files\Image-Line
[06.04.2009|17:47] C:\Program Files\InstallShield Installation Information
[01.12.2007|18:32] C:\Program Files\Intel
[17.04.2009|19:03] C:\Program Files\Internet Explorer
[22.05.2008|19:17] C:\Program Files\Jasc Software Inc
[27.10.2008|22:15] C:\Program Files\Java
[20.04.2009|22:56] C:\Program Files\Kaspersky Lab
[31.03.2008|21:55] C:\Program Files\Lavasoft
[31.07.2008|16:51] C:\Program Files\LClock
[01.04.2009|15:11] C:\Program Files\LimeWire
[01.09.2008|23:05] C:\Program Files\Logitech
[21.04.2009|17:29] C:\Program Files\Malwarebytes' Anti-Malware
[17.08.2008|02:42] C:\Program Files\Messenger
[26.03.2009|14:32] C:\Program Files\Messenger Plus! Live
[12.04.2009|02:54] C:\Program Files\MessengerDiscovery
[22.04.2009|20:58] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[01.12.2007|18:20] C:\Program Files\microsoft frontpage
[15.03.2009|15:10] C:\Program Files\Microsoft Games
[10.02.2009|16:22] C:\Program Files\Microsoft Games for Windows - LIVE
[20.04.2009|22:49] C:\Program Files\Microsoft Office
[27.02.2009|14:53] C:\Program Files\Microsoft Silverlight
[18.03.2009|20:05] C:\Program Files\Microsoft SQL Server
[20.04.2009|22:49] C:\Program Files\Microsoft Visual Studio
[20.04.2009|22:46] C:\Program Files\Microsoft Visual Studio 8
[20.04.2009|22:49] C:\Program Files\Microsoft Works
[10.12.2008|19:55] C:\Program Files\Microsoft Xbox 360 Accessories
[20.04.2009|22:48] C:\Program Files\Microsoft.NET
[23.10.2008|20:35] C:\Program Files\Movie Maker
[25.04.2009|19:41] C:\Program Files\Mozilla Firefox
[20.04.2009|22:49] C:\Program Files\MSBuild
[15.02.2009|21:09] C:\Program Files\MSECache
[20.07.2008|17:26] C:\Program Files\MSN
[01.12.2007|18:17] C:\Program Files\MSN Gaming Zone
[13.11.2008|20:00] C:\Program Files\MSXML 4.0
[13.11.2008|20:01] C:\Program Files\MSXML 6.0
[21.08.2008|14:27] C:\Program Files\NetMeeting
[13.06.2008|19:28] C:\Program Files\Nokia
[01.12.2007|18:17] C:\Program Files\Online Services
[29.04.2008|23:01] C:\Program Files\Opera
[04.08.2008|17:17] C:\Program Files\Orbitdownloader
[31.07.2008|16:19] C:\Program Files\Outlook Express
[17.03.2009|15:10] C:\Program Files\Outsim
[29.08.2008|01:40] C:\Program Files\Paint.NET
[02.01.2008|15:17] C:\Program Files\PC Connectivity Solution
[27.02.2009|16:06] C:\Program Files\PowerISO
[22.04.2009|23:01] C:\Program Files\Prevx
[01.12.2007|21:23] C:\Program Files\Realtek
[08.11.2008|19:58] C:\Program Files\Reference Assemblies
[17.01.2009|21:08] C:\Program Files\Reloop Attack
[20.04.2009|17:29] C:\Program Files\Runes Of Magic
[06.11.2008|20:05] C:\Program Files\Samsung
[13.02.2009|17:51] C:\Program Files\Sierra Entertainment
[05.07.2008|18:22] C:\Program Files\Silkroad
[02.12.2007|22:31] C:\Program Files\Skype
[22.05.2008|15:14] C:\Program Files\Software Informer
[28.02.2009|14:32] C:\Program Files\Sony
[28.02.2009|14:32] C:\Program Files\Sony Setup
[05.10.2008|13:59] C:\Program Files\Spore
[23.02.2009|21:17] C:\Program Files\Spybot - Search & Destroy
[19.03.2008|11:59] C:\Program Files\Spyware Terminator
[25.04.2009|14:35] C:\Program Files\Steam
[31.07.2008|16:51] C:\Program Files\Styler
[27.10.2008|22:16] C:\Program Files\Sun
[25.04.2009|22:06] C:\Program Files\SwiftKit
[09.09.2008|00:39] C:\Program Files\SwiftSwitch
[02.09.2008|00:26] C:\Program Files\SystemRequirementsLab
[02.12.2007|00:24] C:\Program Files\Teamspeak2_RC2
[20.12.2008|23:37] C:\Program Files\TeamViewer
[24.02.2009|15:17] C:\Program Files\The Witcher
[07.02.2009|01:53] C:\Program Files\Thoosje Vista Sidebar
[22.01.2008|21:14] C:\Program Files\Trend Micro
[31.07.2008|16:51] C:\Program Files\TrueTransparency
[19.06.2008|19:43] C:\Program Files\TubeTilla
[27.06.2008|18:51] C:\Program Files\Ubisoft
[01.12.2007|18:24] C:\Program Files\Uninstall Information
[07.02.2008|19:01] C:\Program Files\Unreal Tournament 3 (LG)
[31.07.2008|16:51] C:\Program Files\ViOrb
[18.04.2009|17:00] C:\Program Files\VirtualDJ
[21.08.2008|13:46] C:\Program Files\Vista Sidebar
[31.08.2008|01:13] C:\Program Files\ViStart
[31.07.2008|16:51] C:\Program Files\VisualTooltip
[17.03.2009|16:19] C:\Program Files\VstPlugins
[03.08.2008|23:46] C:\Program Files\WarRock
[10.04.2009|14:25] C:\Program Files\Winamp
[07.02.2009|15:46] C:\Program Files\Windows Journal Viewer
[20.12.2008|22:45] C:\Program Files\Windows Live
[01.12.2007|23:56] C:\Program Files\Windows Live Favorites
[20.12.2008|22:21] C:\Program Files\Windows Live SkyDrive
[20.12.2008|22:23] C:\Program Files\Windows Live Toolbar
[13.03.2009|18:47] C:\Program Files\Windows Media Connect 2
[13.03.2009|18:47] C:\Program Files\Windows Media Player
[28.07.2008|00:02] C:\Program Files\Windows NT
[01.12.2007|18:19] C:\Program Files\WindowsUpdate
[31.07.2008|16:51] C:\Program Files\WinFlip
[26.01.2008|17:44] C:\Program Files\WinRAR
[22.03.2008|00:40] C:\Program Files\WowCartographe
[01.12.2007|18:20] C:\Program Files\xerox
[14.02.2009|14:08] C:\Program Files\Xfire
[10.04.2009|01:11] C:\Program Files\Xvid
[03.01.2008|14:01] C:\Program Files\Yusho Frogster Games
[0|Datei(en)] C:\Program Files\Bytes
[141|Verzeichnis(se),] C:\Program Files\Bytes frei
--------------------\\ Ordner Verzeichnis unter C:\Program Files\Common Files
[04.03.2009|00:22] C:\Program Files\Common Files\Adobe
[04.03.2009|00:10] C:\Program Files\Common Files\Adobe AIR
[27.02.2009|15:01] C:\Program Files\Common Files\Adobe Systems Shared
[21.04.2009|22:10] C:\Program Files\Common Files\AVSMedia
[15.09.2008|01:46] C:\Program Files\Common Files\Blizzard Entertainment
[20.04.2009|22:49] C:\Program Files\Common Files\DESIGNER
[13.03.2009|18:40] C:\Program Files\Common Files\DivX Shared
[24.08.2008|18:59] C:\Program Files\Common Files\Download Manager
[10.04.2009|00:49] C:\Program Files\Common Files\G DATA
[09.08.2008|03:31] C:\Program Files\Common Files\INCA Shared
[22.05.2008|19:11] C:\Program Files\Common Files\InstallShield
[02.12.2007|00:26] C:\Program Files\Common Files\Java
[04.01.2009|19:49] C:\Program Files\Common Files\LogiShared
[27.10.2008|21:50] C:\Program Files\Common Files\logishrd
[30.01.2009|19:37] C:\Program Files\Common Files\Logitech
[04.03.2009|00:07] C:\Program Files\Common Files\Macrovision Shared
[20.04.2009|22:53] C:\Program Files\Common Files\Microsoft Shared
[01.12.2007|18:18] C:\Program Files\Common Files\MSSoap
[28.12.2007|14:41] C:\Program Files\Common Files\Nero
[13.06.2008|19:28] C:\Program Files\Common Files\Nokia
[26.03.2009|15:08] C:\Program Files\Common Files\NSV
[01.12.2007|19:03] C:\Program Files\Common Files\ODBC
[02.01.2008|15:17] C:\Program Files\Common Files\PCSuite
[01.12.2007|18:18] C:\Program Files\Common Files\Services
[02.12.2007|22:31] C:\Program Files\Common Files\Skype
[01.12.2007|19:03] C:\Program Files\Common Files\SpeechEngines
[24.07.2008|22:59] C:\Program Files\Common Files\Symantec Shared
[20.04.2009|22:46] C:\Program Files\Common Files\System
[03.03.2008|22:41] C:\Program Files\Common Files\Thraex Software
[20.12.2008|22:12] C:\Program Files\Common Files\Windows Live
[01.12.2007|23:55] C:\Program Files\Common Files\WindowsLiveInstaller
[15.03.2009|21:04] C:\Program Files\Common Files\Wise Installation Wizard
[0|Datei(en)] C:\Program Files\Common Files\Bytes
[34|Verzeichnis(se),] C:\Program Files\Common Files\Bytes frei
--------------------\\ Process
( 38 Processes )
... OK !
--------------------\\ Ueberpruefung mit S_Lop
Kein Lop Ordner gefunden !
--------------------\\ Suche nach Lop Dateien - Ordnern
C:\Program Files\Orbitdownloader
C:\Program Files\Orbitdownloader\addons
--------------------\\ Suche innerhalb der Registry
..... OK !
--------------------\\ Ueberpruefung der Hosts Datei
Hosts Datei VERAENDERT
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD
-> 10455 [ 70 ## added by CiD ]
/!\ 3 Not 127.0.0.1 !!
--------------------\\ Suche nach verborgenen Dateien mit Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 22:29:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 26
--------------------\\ Suche nach anderen Infektionen
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Gary_\Eigene Dateien\Verlauf\Dezember 2008\crackhead1992@sms.at.html
C:\DOCUME~1\Gary_\Eigene Dateien\Verlauf\September 2008\crackhead1992@sms.at.html
C:\DOCUME~1\Gary_\My Documents\Meine empfangenen Dateien\jakdax54180455327\Verlauf\crackhead19922847965529.xml
[F:35][D:5]-> C:\DOCUME~1\Gary_\LOCALS~1\Temp
[F:4][D:0]-> C:\DOCUME~1\Gary_\Cookies
[F:9][D:6]-> C:\DOCUME~1\Gary_\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 25.04.2009|22:33 - Option : [1]
--------------------\\ Scan beendet um 22:33:53
|
|
26.04.2009, 14:19
| #7 |
| /// Helfer-Team | Problem mit svchost.exe Wichtige Dateien im Temp-Ordner sind schon ok, solange die Wichtigkeit ihre Grenze im nächsten Neustart hat. Ich kenne da einen Virenscanner, dessen Programmierer die Dateien für das Update auf die neue Version im Temp-Ordner einen Neustart lang aufbewahren wollen, das ist wirklich dumm. Es gibt ja auch Systeme, auf denen diese Ordner mit jedem Neustart automatisch geleert werden. Hier aber ist eine Software (Daemon Tools), die allerlei Geheimniskrämerei betreibt, damit z.B. ein Kopierschutz nicht mitbekommt, dass anstelle der Original-CD nur irgendein (ev. vom Esel gefallenes) Image benutzt wird. Also legt sie ihren Treiber nicht im Treiber-Verzeichnis ab, sondern schreibt ihn beim Start in den Temp-Ordner, lädt ihn von dort in den Speicher und löscht die nicht mehr benötigte und verräterische Datei sofort wieder. Für solche Zwecke ist ein Temp-Ordner gedacht. Immerhin haben die Windows-Entwickler mit solchen Foren gerechnet und ein sehr stabiles selbstreparierendes System erstellt. Den Inhalt des temp-Ordners löschen ok, aber nicht gleich den Ordner selber. |
|
| Themen zu Problem mit svchost.exe |
| bho, browser, central, components, desktop, flash player, free download, g data, helper, hijack, hijackthis, hijackthis logfile, hkus\s-1-5-18, internet, internet explorer, kaspersky, logfile, object, plug-in, problem, security, security suite, senden, service pack 1, software, studio, svchost, svchost.exe, system, usb, vista, windows, windows internet, windows internet explorer, windows xp |
Hybrid-Darstellung
