| |
| |||||||
Log-Analyse und Auswertung: Internet sehr langsam / PC hängt sich auf / ProzesseWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
27.10.2009, 21:51
| #1 |
| |  Internet sehr langsam / PC hängt sich auf / Prozesse Hallo an alle, ich hoffe ihr könnt mir weiterhelfen  Ich habe folgendes Problem, und zwar das mein Internet in unregelmäßigen Abständen extrem langsam wird, obwohl ich nichts weiteres anhabe. Dann habe ich ab und zu einfach so POP Ups von Werbung, und das sind dann 8 Stück aufeinmal. Neuerdings habe ich folgendes Problem, wenn ich STEAM geöffnet habe, und zocke, und mich dann wieder ausloggen will, geht STEAM nicht mehr zu, oder hängt sich komplett auf. Der Prozess lässt sich auch nie beenden. Die einzigste Möglichkeit die ich dann habe, ist den PC neuzu starten. So anbei mein HijackThis LOGFILE Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:48:31, on 27.10.2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.lge.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ESL Wire] "C:\Program Files\EslWire\wire.exe" --tray O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O13 - Gopher Prefix: O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - h**p://www.images.adobe.com/w**.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - h**p://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O18 - Filter hijack: application/octet-stream - (no CLSID) - (no file) O18 - Filter hijack: application/x-complus - (no CLSID) - (no file) O18 - Filter hijack: application/x-msdownload - (no CLSID) - (no file) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9a105bad1f71) (gupdate1c9a105bad1f71) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: Evil Driver Daemon (NishService) - Unknown owner - C:\Program Files\LG Software\System Control Manager\edd.exe O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\S P I E L E\NFSU\PB\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 7414 bytes |
|
28.10.2009, 20:49
| #3 |
| | Internet sehr langsam / PC hängt sich auf / Prozesse Hallo undoreal,
__________________vielen Dank für deine Hilfe anbei die Auswertung nach einem 45 Minuten Scan von GMER! Code:
ATTFilter GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-28 20:43:01
Windows 6.0.6002 Service Pack 2
Running: f9pxsyst.exe; Driver: C:\Users\REN~1\AppData\Local\Temp\kxldrpog.sys
---- System - GMER 1.0.15 ----
INT 0x52 ? 85A31BF8
INT 0x62 ? 85A31BF8
INT 0x92 ? 85A31BF8
INT 0xA2 ? 8561CBF8
INT 0xB2 ? 8561CBF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spze.sys Das System kann den angegebenen Pfad nicht finden. !
PAGE ataport.SYS!DllUnload 83359B2E 5 Bytes JMP 8561C1D8
.text USBPORT.SYS!DllUnload 889C141B 5 Bytes JMP 85A311D8
.text ali4ilge.SYS 8D004000 22 Bytes [82, 83, 9C, 82, 6C, 82, 9C, ...]
.text ali4ilge.SYS 8D004017 159 Bytes [00, 32, B7, 19, 83, 3D, B5, ...]
.text ali4ilge.SYS 8D0040B7 22 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ali4ilge.SYS 8D0040CE 80 Bytes [00, 00, 27, 00, 00, 00, E0, ...]
.text ali4ilge.SYS 8D00411F 194 Bytes [7E, 38, 40, 39, 82, 3B, C4, ...]
.text ... ---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [830956D2] \SystemRoot\System32\Drivers\spze.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [83095040] \SystemRoot\System32\Drivers\spze.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [830957FC] \SystemRoot\System32\Drivers\spze.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [830950BE] \SystemRoot\System32\Drivers\spze.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8309513C] \SystemRoot\System32\Drivers\spze.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [830A4D92] \SystemRoot\System32\Drivers\spze.sys
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortNotification] F73BFF33
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortWritePortUchar] B85F0B75
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortWritePortUlong] FFFFFFFE
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 08C25D5E
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 5D8B5300
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortGetScatterGatherList] 74DF3B0C
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortReadPortUchar] 01FB8311
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortStallExecution] 5F5B0C74
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortGetParentBusType] FFFFFEB8
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortRequestCallback] C25D5EFF
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 7E390008
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortGetUnCachedExtension] C7077524
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortCompleteRequest] 21642446
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortMoveMemory] 7E398D01
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] C7077528
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 21902846
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 468B8D01
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortReadPortUshort] 244E8B2C
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7468016A
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortInitialize] 500000FA
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortGetDeviceBase] C73BD1FF
IAT \SystemRoot\System32\Drivers\ali4ilge.SYS[ataport.SYS!AtaPortDeviceStateChange] 5F5B0C75
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74457817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [744AA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7445BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7444F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7444E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74488395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7445DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7444FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7444FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [744DCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7447C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7444D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74446853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7444687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74452AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 856211F8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 8561E1F8
Device \Driver\usbohci \Device\USBPDO-0 85A321F8
Device \Driver\usbohci \Device\USBPDO-1 85A321F8
Device \Driver\usbehci \Device\USBPDO-2 85A331F8
Device \Driver\volmgr \Device\HarddiskVolume1 8561E1F8
Device \Driver\PCI_PNP0535 \Device\00000058 spze.sys
Device \Driver\volmgr \Device\HarddiskVolume2 8561E1F8
Device \Driver\cdrom \Device\CdRom0 859D5500
Device \Driver\volmgr \Device\HarddiskVolume3 8561E1F8
Device \Driver\cdrom \Device\CdRom1 859D5500
Device \Driver\atapi \Device\Ide\IdePort0 856201F8
Device \Driver\atapi \Device\Ide\IdePort1 856201F8
Device \Driver\atapi \Device\Ide\IdePort2 856201F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 856201F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-1 856201F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8618B500
Device \Driver\sptd \Device\3842852542 spze.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{083BF409-CA63-4362-AC3E-0F9CAAD274A2} 8618B500
Device \Driver\Smb \Device\NetbiosSmb 862581F8
Device \Driver\netbt \Device\NetBT_Tcpip_{6F6253B5-BCED-4C28-9705-FFB977CB9B96} 8618B500
Device \Driver\iScsiPrt \Device\RaidPort0 85A791F8
Device \Driver\usbohci \Device\USBFDO-0 85A321F8
Device \Driver\usbohci \Device\USBFDO-1 85A321F8
Device \Driver\usbehci \Device\USBFDO-2 85A331F8
Device \Driver\netbt \Device\NetBT_Tcpip_{03C85A23-8D81-4767-B39E-239153330EB4} 8618B500
Device \Driver\ali4ilge \Device\Scsi\ali4ilge1 85A651F8
Device \Driver\ali4ilge \Device\Scsi\ali4ilge1Port6Path0Target0Lun0 85A651F8
Device \FileSystem\cdfs \Cdfs 867F41F8
---- Services - GMER 1.0.15 ----
Service system32\drivers\msqpdxylancxkr.sys (*** hidden *** ) [SYSTEM] msqpdxserv.sys <-- ROOTKIT !!!
|
|
28.10.2009, 20:50
| #4 |
| | Internet sehr langsam / PC hängt sich auf / ProzesseCode:
ATTFilter
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df04e397f
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxylancxkr.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA1 0xCD 0x0E 0x73 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEA 0xE4 0x46 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x1C 0x91 0x3C 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000df04e397f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxylancxkr.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA1 0xCD 0x0E 0x73 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEA 0xE4 0x46 0xC2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x1C 0x91 0x3C 0xA6 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION E866C00898C5A66F9AF6C855C230B728A3F5747DE998C31EA8E6687E2FB265675CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667BA7FD869164D6794A2D97226D213B555B23AB69D4EE83E8665B5F301D719FA36311517CEDB7B55C8B209E0C99101325BB15C1631F74CB6556793206FEFF87276D75BB808572E922F41CD2B5B41912A50907E20C1B0F6898571DB7FE8746C22A563615A8B8312FE4A6A176E76F243493EC262B15B738F623B32A4EF76EA0106F6DAAFFB828FB605F9AD836BFC204C0953615CEA3D2413E912F99812D33D981990E768DCC38D839392B0472506243768B029562F5A854F5317C076CBF13B665F0EDABB865EF5B11D5BBA2B615A4063ED6A7C4DA65B436953CB201046F517745DFE27F2C014A3CD1991B60B2C7A18821E8B5E533F9AE9D921A755CA6DB6E59F9BE561E71A59D7BC01E4B5585598B51D870EF78CA628EA6BFA92C2A2F2C1A397A93A450C65D833315479EA956E9A838CB665973353479B3EA0EDED24CD58AD629865B360B86E3E3615662FDBCE9A530042F52C147B703545D68802F2B3ED4757FDC8AC7DECACE52ACAB8FC5813E7D77ABF184C901C4E55C965A94AC3A52C1625F2B6D98E225AF7BDFEEEF4499984ABD24B99AF1EF4C07D669B8BBA63E16EA5CA9
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E44EBCB9-FBFE-7106-3D32-3DBC5BF99E12}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E44EBCB9-FBFE-7106-3D32-3DBC5BF99E12}@maonohchegglnfeaagbbmgdphc 0x6F 0x61 0x6E 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E44EBCB9-FBFE-7106-3D32-3DBC5BF99E12}@abnndiafbmkccminfiegofoebmoopnlibk 0x69 0x61 0x6D 0x6B ...
---- EOF - GMER 1.0.15 ----
Was kann ich nun tun?   im Voraus |
|
29.10.2009, 14:17
| #5 |
| /// AVZ-Toolkit Guru   | Internet sehr langsam / PC hängt sich auf / Prozesse Erstelle bitte zwei AVZ logfiles nach dieser Anleitung: http://freenet-homepage.de/rene-gad/...Anleitung.html (Das HijackThis log brauchst du nicht zu erstellen.) Ich brauche nur beide AVZ logs. virusinfo_syscure.zip virusinfo_syscheck.zip
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
|
| Themen zu Internet sehr langsam / PC hängt sich auf / Prozesse |
| ad-aware, agere systems, antivir, antivir guard, avira, bho, computer, desktop, excel, extrem langsam, firefox, gupdate, hijack, hijackthis, hängt, hängt sich auf, internet sehr langsam, langsam, malwarebytes' anti-malware, mozilla, object, plug-in, pop ups, problem, prozess, realtek, sehr langsam, software, solution, starten., symantec, system, tuneup.defrag, vista, werbung, windows |
Hybrid-Darstellung
