Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win 7 läuft plötzlich langsamer und Antivir findet keinen Virus -hijackthis vorhanden (https://www.trojaner-board.de/83465-win-7-laeuft-ploetzlich-langsamer-antivir-findet-keinen-virus-hijackthis-vorhanden.html)

flxh2o 03.03.2010 15:00
Win 7 läuft plötzlich langsamer und Antivir findet keinen Virus -hijackthis vorhanden
 
hey,

ich habe einen Win 7 Laptop, der plötzlich langsamer wird.

Zum einen dauert es mind 10 minuten bis win komplett hochgefahren ist und dann scheint zwar die Prozessorauslastung bei 50-70 % (viel zu hoch) zu bleiben, aber alle Programme stürzen regelmäßig ab.
Es kann auch nicht an altersschwäche liegen, da der Laptop noch keine 5 Monate alt ist

wie gesagt habe ich bereits Anitvir und auch ad-aware drüberlaufen lassen ...

hier ist erstmal das hijackthis file

Code:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 14:39:05, on 03.03.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\avp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\klwtblfs.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\werfault.exe
C:\Programme\HiJackThis\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HiJackThis\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\klwtbbho.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\avp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Games\GTAIV\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent minimized loginmode=3
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Locate32 Autorun.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\ie_banner_deny.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\klwtbbho.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Kaspersky Security Suite CBE Win7 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\avp.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

--
End of file - 10140 bytes
Ich danke euch schonmal im Vorraus!!

merci

Flx

TXL 03.03.2010 15:35
:hallo:

Bitte mal ein KomplettScan mit Malwarebytes Anti-Malware machen.
Logfile bitte dann posten.

mfg,TXL

flxh2o 03.03.2010 16:41
hmm danke erstmal...


aber das program schmiert immer wieder ab (nach ca 30 sek..):headbang:

was ich vorhin vergessen habe mein pc fährt auch meistens nicht runter...
also er zeigt an "windows wird heruntergefahren" aber ausschalten tut er sich nicht (hab schonmal über 12 h gewartet)

allses irgendwie total beschissen

... hmm

Flx

flxh2o 03.03.2010 21:40
so hello again

ich habe jetzt nen virenscan mit a2 gemacht

Da hat er mir dashier ausgespuckt

Code:
a-squared Anti-Malware - Version 4.0
Letztes Update: 03.03.2010 17:23:19

Scan Einstellungen:

Objekte: Speicher, Traces, Cookies, C:\
Archiv Scan: An
Heuristik: Aus
ADS Scan: An

Scan Beginn:        03.03.2010 17:23:32

c:\program files\relevantknowledge\        gefunden: Trace.Directory.FileSubmit.A!A2
c:\program files\kc softwares\sumo\        gefunden: Trace.Directory.SUMo!A2
c:\programdata\microsoft\windows\start menu\programs\kc softwares\sumo\        gefunden: Trace.Directory.SUMo!A2
c:\programdata\microsoft\windows\start menu\programs\kc softwares\sumo\sumo.lnk        gefunden: Trace.File.SUMo!A2
c:\programdata\microsoft\windows\start menu\programs\kc softwares\sumo\uninstall.lnk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_0000041f.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_00000402.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_00000403.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_00000404.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_00000406.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_00000407.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_00000409.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_00000410.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_00000413.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_00000415.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_00000416.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_00000418.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_00000419.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_00000422.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_00000424.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_00000436.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_00000804.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_00000816.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_original.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\unins000.dat        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\unins000.exe        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\uninstall.ico        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\bl.klm        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo.exe        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_00000c0a.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_00003c01.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_0000040b.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_0000040c.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_0000040d.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_0000040e.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_0000041b.spk        gefunden: Trace.File.SUMo!A2
c:\program files\kc softwares\sumo\sumo_0000041d.spk        gefunden: Trace.File.SUMo!A2
C:\Downloads\Software\dreamgirl-gen.exe        gefunden: Virus.Win32.Trojan!IK
C:\Program Files\ElsterFormular\bin\update.exe        gefunden: Riskware.FraudTool.Win32.AntiSpywareShield.l!A2
C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\42aa7c82-77ad7fe4/________vload.class        gefunden: Exploit.Java.CVE-2008-5353!IK
C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\42aa7c82-77ad7fe4/vlocal.class        gefunden: Trojan.Java.Selace!IK
C:\Users\Felix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\42aa7c82-77ad7fe4/vmain.class        gefunden: Trojan.Java.Selace!IK

Gescannt

Dateien:        559977
Traces:        567631
Cookies:        28
Prozesse:        74

Gefunden

Dateien:        5
Traces:        37
Cookies:        0
Prozesse:        0
Registry Keys:        0

Scan Ende:        03.03.2010 21:24:18
Scan Zeit:        4:00:46
ich lösche die jetzt einfach über den löschenbutton und dann systemwiederherstellung aus und neustarten, richtig?

flx


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58