|
Pc langsam seltsame dateien logauswertung also der pc startet irrsinnig langsam und es sind sonderbare dateien wenn man mim taskmanager schaut. zb: iexplorerupdt.exe log: Logfile of HijackThis v1.98.2 Scan saved at 14:06:37, on 12.12.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\windows\system32\sys32\Office.exe C:\Programme\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\WINDOWS\System32\servicelog.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ps2.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\ATI Multimedia\RemCtrl\ATIX10.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\System32\iexplorerupdt.exe C:\Programme\Registry Clean Expert\RCScheduler.exe C:\WINDOWS\System32\rundll32.exe C:\Programme\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\WINDOWS\System32\hpoipm07.exe C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\Programme\1&1 Programme\cFos\cFosDNT.exe C:\WINDOWS\System32\taskmgr.exe C:\Dokumente und Einstellungen\Ulrich\Eigene Dateien\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de7.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de7.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll O2 - BHO: BHO Class - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\ELITES~1\ELITES~1.DLL O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [codfxrun] "C:\Programme\ATI Multimedia\codfx.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WebCam Autolaunch] webc3lch O4 - HKLM\..\Run: [USB2 Divice] servicelog.exe O4 - HKLM\..\Run: [WinSrv] C:\windows\system32\sys32\sys32.bat O4 - HKLM\..\Run: [Start Upping] iexplorerupdt.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programme\Gemeinsame Dateien\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [cFosDNT] C:\Programme\1&1 Programme\cFos\cFosDNT.exe O4 - HKLM\..\RunServices: [Windows Compliant] ivdmwc.exe O4 - HKLM\..\RunServices: [USB2 Divice] servicelog.exe O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe O4 - HKLM\..\RunServices: [Start Upping] iexplorerupdt.exe O4 - HKLM\..\RunOnce: [USB2 Divice] servicelog.exe O4 - HKCU\..\Run: [ATI Remote Control] C:\Programme\ATI Multimedia\RemCtrl\ATIX10.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [USB2 Divice] servicelog.exe O4 - HKCU\..\Run: [Start Upping] iexplorerupdt.exe O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Programme\Registry Clean Expert\RCScheduler.exe" /startup O4 - HKCU\..\Run: [cFos - Tip of the Day] C:\Programme\1&1 Programme\cFos\setup.exe -tipoftheday 0 -type5 O4 - HKCU\..\RunOnce: [USB2 Divice] servicelog.exe O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Programme\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\TV\EXPLBAR.DLL O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .png: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab O16 - DPF: {4BC54967-CD56-4191-9DD7-086CA61F2691} (VacPro.czeck1_ver3) - http://advnt01.com/dialer/czeck1_ver3.CAB O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://^www.hlucin.dsflash.cz/WebCamPlayerOCX.cab O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/signup/de/wowbeta/Si.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.camera.dsflash.cz/AxisCamControl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0B965C2B-BFA1-4BAF-BADF-8AD8DBC0DC91}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{BC1E8B4B-4EEE-4257-8F2E-139A8B9E99F8}: NameServer = 217.237.151.97 217.237.150.33 O17 - HKLM\System\CS1\Services\Tcpip\..\{0B965C2B-BFA1-4BAF-BADF-8AD8DBC0DC91}: NameServer = 192.168.1.1 O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Haufe\HaufeReader\HRInstmon.dll |
Zitat:
z.B. O4 - HKLM\..\RunServices: [Windows Compliant] ivdmwc.exe -> http://www.sophos.de/virusinfo/analyses/w32rbotir.html O4 - HKLM\..\RunServices: [USB2 Divice] servicelog.exe -> http://computercops.biz/startuplist-5351.html O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe -> http://computercops.biz/startuplist-6290.html O4 - HKLM\..\RunServices: [Start Upping] iexplorerupdt.exe -> http://ae.trendmicro-europe.com/ente...=WORM_RBOT.ADJ daher lautet meine Empfehlung formatieren und neu aufsetzen Lutz über Datensicherung Pflichtlektüre Entfernung von Schädlingen |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 03:22 Uhr. |
Copyright ©2000-2025, Trojaner-Board