Dobrý Deň, mam problem so svojim PC.A to taky,že je dosť spomalený,stači keď chcem niečo odkopirovať,alebo presunuť s malou veľkosťou napr. 20 MB tak strašne dlho to robí.PC je na taku spomalenosť dosť vykonný.
Vkladam Log z HijackThis:
Logfile of random's system information tool 1.07 (written by random/random)
Run by Administrator at 2010-07-07 19:19:27
Microsoft Windows XP Professional Service Pack 2
System drive C: has 62 GB (27%) free of 228 GB
Total RAM: 2002 MB (38% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:23:37, on 07.07.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\xampp\apache\bin\httpd.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\Intel\AMT\atchksrv.exe
C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programme\Intel\AMT\atchk.exe
C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Programme\PDF Complete\pdfsty.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmctxth.exe
c:\Programme\Hewlett-Packard\IAM\bin\asghost.exe
C:\Programme\LogMeIn Hamachi\hamachi-2.exe
C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
C:\Programme\Intel\AMT\LMS.exe
C:\Programme\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\Programme\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\IfxPsdSv.exe
c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\AMT\UNS.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmsrvc.exe
C:\xampp\apache\bin\httpd.exe
C:\Programme\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\ctfmon.exe
C:\xampp\htdocs\Server2\TrinityRestarterr.exe
C:\xampp\htdocs\Server2\TrinityRealm.exe
C:\xampp\htdocs\Server2\TrinityCore.exe
C:\Programme\SQLyog Community\SQLyog.exe
C:\Programme\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Programme\SpeedFan\speedfan.exe
C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\RSIT.exe
C:\Programme\trend micro\Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O1 - Hosts: 80.218.120.182 twinkland.no-ip.org
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [atchk] "C:\Programme\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [PDF Complete] "C:\Programme\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SDMSSplash] "C:\Programme\HP_SDMS\SDMSSplash\launcher.exe" "launchdir=C:\Programme\HP_SDMS\SDMSSplash"
O4 - HKLM\..\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Programme\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [egui] "C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ClubCooee] "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ClubCooee\Program\cooee.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: OneCard - c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Programme\Intel\AMT\atchksrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programme\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Programme\Intel\AMT\LMS.exe
O23 - Service: MySQL - Unknown owner - C:\Programme\MySQL\MySQL.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Programme\PDF Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive service for encrypted drives (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Programme\Intel\AMT\UNS.exe
--
End of file - 9722 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Programme\Orbitdownloader\orbitcth.dll [2010-02-10 240912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Programme\Ask.com\GenericAskToolbar.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2006-11-21 71192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Programme\Ask.com\GenericAskToolbar.dll []
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Programme\Orbitdownloader\GrabPro.dll [2010-02-10 666816]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Programme\Analog Devices\Core\smax4pnp.exe [2007-04-26 1015808]
"SoundMAX"=C:\Programme\Analog Devices\SoundMAX\Smax4.exe [2007-04-27 839680]
"atchk"=C:\Programme\Intel\AMT\atchk.exe [2007-06-07 408344]
"PTHOSTTR"=c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]
"IFXSPMGT"=C:\WINDOWS\system32\ifxspmgt.exe [2007-04-18 677408]
"PDF Complete"=C:\Programme\PDF Complete\pdfsty.exe [2007-08-07 331288]
"SDMSSplash"=C:\Programme\HP_SDMS\SDMSSplash\launcher.exe [2006-03-10 86016]
"SetRefresh"=C:\Programme\Compaq\SetRefresh\SetRefresh.exe [2003-11-20 525824]
"CognizanceTS"=c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2003-12-22 17920]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2006-05-12 1138688]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-07-10 872448]
"nmctxth"=C:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmctxth.exe [2008-12-12 642856]
"Linksys Wireless Manager"=C:\Programme\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe [2009-02-16 1358384]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2006-02-28 160768]
"egui"=C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-29 2145000]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ClubCooee"=C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ClubCooee\Program\cooee.exe [2010-06-18 4437304]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Backup]
C:\Programme\LaCie\Backup Software\\LaCieBackup.exe [2007-12-03 2600960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Programme\Skype\Phone\Skype.exe [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Programme\uTorrent\uTorrent.exe [2010-02-23 319280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Orbit.lnk]
C:\PROGRA~1\ORBITD~1\orbitdm.exe [2010-02-10 1805584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="APSHook.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-05 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [2007-02-07 74240]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=SbHpNp
scecli
ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"ConsentPromptBehaviorAdmin"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Trinity Core 2 ¤ 3.2.2a\TrinityCore.exe"="C:\Trinity Core 2 ¤ 3.2.2a\TrinityCore.exe:*:Enabled:TrinityCore"
"C:\Trinity Core 2 ¤ 3.2.2a\TrinityRealm.exe"="C:\Trinity Core 2 ¤ 3.2.2a\TrinityRealm.exe:*:Enabled:TrinityRealm"
"C:\Programme\uTorrent\uTorrent.exe"="C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Programme\Orbitdownloader\orbitdm.exe"="C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Programme\Orbitdownloader\orbitnet.exe"="C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Dokumente und Einstellungen\Administrator\Desktop\Trinity Core 2 ¤ 3.2.2a\TrinityRealm.exe"="C:\Dokumente und Einstellungen\Administrator\Desktop\Trinity Core 2 ¤ 3.2.2a\TrinityRealm.exe:*:Enabled:TrinityRealm"
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\IXP000.TMP\SMPCSetup.exe"="C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\IXP000.TMP\SMPCSetup.exe:*:Enabled:SMPCSetup"
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\IXP000.TMP\smwinvnc.exe"="C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\IXP000.TMP\smwinvnc.exe:*:Enabled:TightVNC Win32 Server"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{016b2a0b-09a9-11dd-8285-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5236c59a-5a1a-11df-82ab-001e0b829119}]
shell\AutoRun\command - Installer.exe
======List of files/folders created in the last 1 months======
2010-07-07 19:19:30 ----D---- C:\Programme\trend micro
2010-07-07 19:19:27 ----D---- C:\rsit
2010-07-07 13:50:26 ----HD---- C:\tWINK
2010-06-29 18:59:20 ----D---- C:\Shadez-wowarmory-87c4b7f
2010-06-29 18:15:33 ----D---- C:\Programme\CCleaner
2010-06-28 23:34:34 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canneverbe Limited
2010-06-28 23:34:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
2010-06-28 23:34:25 ----D---- C:\Programme\CDBurnerXP
2010-06-24 22:02:12 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ClubCooee
2010-06-16 15:28:05 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-06-16 02:48:04 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-06-16 02:48:00 ----D---- C:\WINDOWS\system32\KB905474
2010-06-16 02:47:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-06-13 22:22:07 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-13 22:22:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-06-13 22:21:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-06-13 22:21:49 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-06-13 22:21:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-06-13 22:21:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-06-13 22:21:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-06-13 22:19:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-06-13 22:19:45 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-06-13 22:19:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-06-13 22:19:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-06-13 22:19:27 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-13 22:19:10 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-06-13 22:19:03 ----HDC---- C:\WINDOWS\$NtUninstallKB981350$
2010-06-13 22:18:15 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-06-13 22:18:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-06-13 22:18:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-06-13 22:17:59 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-06-13 22:17:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-06-13 22:17:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-06-13 22:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-06-13 22:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-06-13 22:17:27 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-06-13 22:17:23 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-06-13 22:17:18 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-06-13 22:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-06-13 22:17:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-06-13 22:17:02 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-06-13 22:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-06-13 22:16:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-06-13 22:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-06-13 22:16:19 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-06-13 22:16:14 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2010-06-13 22:16:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-06-13 22:16:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-06-13 22:16:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-06-13 22:15:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-06-13 22:15:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-06-13 22:15:45 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-06-13 22:15:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-06-13 22:15:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-06-13 22:15:31 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-06-13 22:15:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-06-13 22:15:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-06-13 22:15:16 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-06-13 22:15:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-06-13 22:15:07 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-13 22:15:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-06-13 22:14:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-06-13 22:14:48 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-06-13 22:14:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2010-06-13 22:14:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-06-13 22:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-06-13 22:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-06-13 22:14:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-06-13 22:14:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-06-13 22:14:04 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-06-13 22:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-06-13 22:13:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-13 22:13:52 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-13 22:13:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-06-13 22:13:41 ----D---- C:\WINDOWS\ServicePackFiles
2010-06-13 22:13:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-06-13 22:13:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-06-13 22:13:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-06-13 22:13:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-13 22:11:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-06-13 22:11:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-06-13 22:11:17 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-06-13 22:11:03 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9L$
2010-06-13 22:05:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-06-13 22:05:03 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-06-13 22:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-06-13 22:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-06-13 22:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2010-06-13 22:04:38 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2010-06-13 03:06:14 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-06-13 03:00:22 ----D---- C:\WINDOWS\system32\PreInstall
2010-06-13 03:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-06-09 20:10:58 ----D---- C:\WINDOWS\system32\SoftwareDistribution
======List of files/folders modified in the last 1 months======
2010-07-07 19:22:58 ----D---- C:\WINDOWS\Temp
2010-07-07 19:19:35 ----D---- C:\WINDOWS\Prefetch
2010-07-07 19:19:30 ----RD---- C:\Programme
2010-07-07 18:51:49 ----D---- C:\Programme\World of Warcraft
2010-07-07 18:44:51 ----RAD---- C:\xampp
2010-07-07 17:06:05 ----D---- C:\Programme\SpeedFan
2010-07-07 10:04:26 ----A---- C:\WINDOWS\WORDPAD.INI
2010-07-07 09:57:40 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SQLyog
2010-07-07 03:01:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-06 21:45:53 ----D---- C:\WINDOWS\system32
2010-07-06 21:45:24 ----A---- C:\WINDOWS\system32\log.txt
2010-07-06 21:45:18 ----D---- C:\WINDOWS\SMINST
2010-07-06 21:43:35 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype
2010-07-06 21:42:21 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skypePM
2010-07-06 09:05:39 ----D---- C:\WINDOWS
2010-07-01 20:55:23 ----D---- C:\Programme\World of Warcraft2
2010-07-01 20:34:56 ----SHD---- C:\WINDOWS\Installer
2010-07-01 20:34:52 ----SHD---- C:\Config.Msi
2010-07-01 20:34:43 ----D---- C:\WINDOWS\system32\drivers
2010-07-01 20:34:43 ----D---- C:\WINDOWS\inf
2010-07-01 20:34:28 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-01 20:32:27 ----RASH---- C:\boot.ini
2010-07-01 20:32:27 ----A---- C:\WINDOWS\win.ini
2010-07-01 20:32:27 ----A---- C:\WINDOWS\system.ini
2010-06-30 18:04:03 ----D---- C:\Programme\World of Warcraft3
2010-06-29 18:16:39 ----D---- C:\WINDOWS\Debug
2010-06-28 10:23:04 ----D---- C:\Programme\Mozilla Firefox
2010-06-26 17:58:52 ----HD---- C:\Programme\InstallShield Installation Information
2010-06-24 03:04:47 ----RSD---- C:\WINDOWS\assembly
2010-06-24 03:04:26 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-24 03:01:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-24 03:01:40 ----D---- C:\WINDOWS\WinSxS
2010-06-16 15:49:49 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-16 02:48:08 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-06-16 02:48:00 ----SD---- C:\WINDOWS\Tasks
2010-06-15 19:45:44 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-15 19:38:39 ----D---- C:\WINDOWS\system32\wbem
2010-06-15 19:38:39 ----D---- C:\WINDOWS\AppPatch
2010-06-15 19:38:38 ----D---- C:\WINDOWS\system32\Setup
2010-06-13 22:21:45 ----D---- C:\Programme\Messenger
2010-06-13 22:16:21 ----D---- C:\Programme\Movie Maker
2010-06-13 22:14:12 ----D---- C:\Programme\Outlook Express
2010-06-13 22:05:09 ----D---- C:\Programme\Internet Explorer
2010-06-09 20:11:09 ----D---- C:\WINDOWS\SoftwareDistribution
2010-06-09 20:11:06 ----D---- C:\WINDOWS\Help
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-03-29 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-03-29 95872]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-02-28 40192]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\WINDOWS\System32\drivers\psd.sys [2007-04-18 39080]
R1 RsvLock;RsvLock; C:\WINDOWS\system32\drivers\RsvLock.sys [2007-06-13 5808]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-03-29 140216]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-05-24 306688]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-05-18 94848]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-13 254872]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-05-11 45056]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-05 5761728]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-04-18 41216]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter; C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys [2008-12-04 627072]
S1 P3;Intel PentiumIII-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\p3.sys [2006-02-28 46592]
S3 ac97intc;Intel(r) 82801 Audiotreiber-Installationsdienst (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 E100B;Intel(R) PRO-Adaptertreiber; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-18 117760]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SymEvent;SymEvent; \??\C:\Programme\Symantec\SYMEVENT.SYS []
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 adpu320;adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [2002-05-08 105472]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 Symmpi;Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [2002-04-04 28416]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apache2.2;Apache2.2; C:\xampp\apache\bin\httpd.exe [2009-08-06 24640]
R2 ASBroker;Anmeldesitzungsbroker; C:\WINDOWS\System32\svchost.exe [2006-02-28 14336]
R2 ASChannel;Lokaler Verbindungskanal; C:\WINDOWS\System32\svchost.exe [2006-02-28 14336]
R2 atchksrv;Intel(R) Active Management Technology System Status Service; C:\Programme\Intel\AMT\atchksrv.exe [2007-06-07 183064]
R2 ekrn;ESET Service; C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-29 810120]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Programme\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 HpFkCryptService;Drive Encryption Service; c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-07-09 221184]
R2 hpqwmiex;hpqwmiex; C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IFXSpMgtSrv;Security Platform Management Service; C:\WINDOWS\system32\ifxspmgt.exe [2007-04-18 677408]
R2 IFXTCS;Trusted Platform Core Service; C:\WINDOWS\system32\ifxtcs.exe [2007-04-18 849440]
R2 IviRegMgr;IviRegMgr; C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 LMS;Intel(R) Active Management Technology Local Management Service; C:\Programme\Intel\AMT\LMS.exe [2007-06-07 109336]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 MySQL;MySQL; C:\Programme\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Programme\MySQL\MySQL Server 5.1\my.ini MySQL []
R2 NMSAccess;NMSAccess; C:\Programme\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 nmservice;Pure Networks Platform Service; C:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
R2 pdfcDispatcher;PDF Document Manager; C:\Programme\PDF Complete\pdfsvc.exe [2007-08-07 540184]
R2 PersonalSecureDriveService;Personal Secure Drive service for encrypted drives; C:\WINDOWS\system32\IfxPsdSv.exe [2007-04-18 140832]
R2 SQLWriter;SQL Server VSS Writer; c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 UNS;Intel(R) Active Management Technology User Notification Service; C:\Programme\Intel\AMT\UNS.exe [2007-06-07 2521880]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-06-13 364544]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-29 33560]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLBrowser;SQL Server-Browser; c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Spomalený PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Spomalený PC
zdravim
stahnete a ulozte nejlepe na plochu ComboFix
pote spustte aplikaci pod uctem s administratorskym opravnenim (nikoli pod uctem s omezenym opravnenim)
v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:
dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
stahnete a ulozte nejlepe na plochu ComboFix
pote spustte aplikaci pod uctem s administratorskym opravnenim (nikoli pod uctem s omezenym opravnenim)
v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:
dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Re: Spomalený PC
Tak tu je ComboFix Log:
ComboFix 10-07-06.05 - Administrator 07.07.2010 19:41:17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.2002.1203 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokume~1\ADMINI~1\LOKALE~1\Temp\sfamcc00001.dll
c:\dokume~1\ADMINI~1\LOKALE~1\Temp\sfareca00001.dll
c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Temp\sfamcc00001.dll
c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Temp\sfareca00001.dll
D:\Autorun.inf
.
((((((((((((((((((((((( Dateien erstellt von 2010-06-07 bis 2010-07-07 ))))))))))))))))))))))))))))))
.
2010-07-07 17:19 . 2010-07-07 17:23 -------- d-----w- c:\programme\trend micro
2010-07-07 17:19 . 2010-07-07 17:23 -------- d-----w- C:\rsit
2010-07-07 11:50 . 2010-07-07 12:11 -------- d-----w- C:\tWINK
2010-06-29 16:59 . 2010-06-29 07:42 -------- d-----w- C:\Shadez-wowarmory-87c4b7f
2010-06-29 16:15 . 2010-06-29 16:15 -------- d-----w- c:\programme\CCleaner
2010-06-28 21:34 . 2010-06-28 21:34 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Canneverbe Limited
2010-06-28 21:34 . 2010-06-28 21:34 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
2010-06-28 21:34 . 2009-11-12 12:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-06-28 21:34 . 2010-06-28 21:34 -------- d-----w- c:\programme\CDBurnerXP
2010-06-24 20:02 . 2010-07-07 15:05 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\ClubCooee
2010-06-24 20:02 . 2010-07-07 17:47 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ClubCooee
2010-06-18 19:17 . 2010-06-18 19:17 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PCHealth
2010-06-16 13:28 . 2010-06-16 13:49 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-06-16 00:48 . 2010-06-16 00:48 -------- d-----w- c:\windows\system32\KB905474
2010-06-13 20:13 . 2010-06-13 20:13 -------- d-----w- c:\windows\ServicePackFiles
2010-06-13 01:07 . 2008-06-14 17:57 273024 ------w- c:\windows\system32\drivers\bthport.sys
2010-06-13 01:07 . 2008-06-14 17:57 273024 ------w- c:\windows\system32\dllcache\bthport.sys
2010-06-13 01:07 . 2009-03-21 14:20 1059840 ------w- c:\windows\system32\dllcache\kernel32.dll
2010-06-13 01:07 . 2009-12-31 16:14 352640 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-13 01:07 . 2009-11-21 16:37 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-06-13 01:06 . 2009-10-15 17:20 82432 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-06-13 01:06 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-13 01:06 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-06-13 01:06 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-06-13 01:05 . 2008-07-07 20:30 253952 ------w- c:\windows\system32\dllcache\es.dll
2010-06-13 01:03 . 2009-11-27 17:33 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-06-13 01:03 . 2008-07-03 13:14 8495616 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-13 01:03 . 2009-11-27 16:37 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2010-06-13 01:03 . 2009-11-27 16:37 85504 ------w- c:\windows\system32\dllcache\avifil32.dll
2010-06-13 01:03 . 2009-11-27 16:37 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-06-13 01:03 . 2009-11-27 16:37 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2010-06-13 01:03 . 2009-11-27 16:37 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2010-06-13 01:03 . 2009-04-15 15:11 584192 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-06-13 01:03 . 2009-12-17 07:57 346624 ------w- c:\windows\system32\dllcache\mspaint.exe
2010-06-13 01:03 . 2010-02-05 18:38 1296896 ------w- c:\windows\system32\dllcache\quartz.dll
2010-06-13 01:02 . 2008-04-21 21:25 217600 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-06-12 21:10 . 2009-07-31 04:58 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 17:31 . 2010-02-15 10:59 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\SQLyog
2010-07-07 16:51 . 2008-11-21 08:18 -------- d-----w- c:\programme\World of Warcraft
2010-07-07 15:06 . 2010-02-21 12:48 -------- d-----w- c:\programme\SpeedFan
2010-07-06 19:43 . 2008-11-18 02:33 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Skype
2010-07-06 19:42 . 2000-02-18 17:43 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\skypePM
2010-07-01 18:55 . 2010-02-18 17:25 -------- d-----w- c:\programme\World of Warcraft2
2010-06-30 16:04 . 2010-02-17 20:49 -------- d-----w- c:\programme\World of Warcraft3
2010-06-26 15:58 . 2008-04-14 06:21 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-06-24 01:01 . 2006-05-04 20:53 519632 ----a-w- c:\windows\system32\perfh007.dat
2010-06-24 01:01 . 2006-05-04 20:53 109060 ----a-w- c:\windows\system32\perfc007.dat
2010-05-26 18:06 . 2009-04-10 14:30 -------- d-----w- c:\programme\Tibia
2010-05-21 19:47 . 2010-05-21 19:47 -------- d-----w- c:\programme\Oldgames
2010-05-16 11:10 . 2010-05-16 11:10 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\ESET
2010-05-02 07:54 . 2006-02-28 02:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:46 . 2006-02-28 02:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 15:35 . 2006-02-28 02:00 667648 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 15:35 . 2006-02-28 02:00 81920 ----a-w- c:\windows\system32\ieencode.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClubCooee"="c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ClubCooee\Program\cooee.exe" [2010-06-18 4437304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-04-26 1015808]
"atchk"="c:\programme\Intel\AMT\atchk.exe" [2007-06-07 408344]
"PTHOSTTR"="c:\programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-04-18 677408]
"PDF Complete"="c:\programme\PDF Complete\pdfsty.exe" [2007-08-07 331288]
"SDMSSplash"="c:\programme\HP_SDMS\SDMSSplash\launcher.exe" [2006-03-10 86016]
"SetRefresh"="c:\programme\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"nmctxth"="c:\programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Linksys Wireless Manager"="c:\programme\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"egui"="c:\programme\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-29 2145000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 01:30 74240 ----a-r- c:\programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Orbit.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Backup]
2007-12-03 09:31 2600960 ----a-w- c:\programme\LaCie\Backup Software\LacieBackup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\programme\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-02-23 14:15 319280 ----a-w- c:\programme\uTorrent\uTorrent.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Trinity Core 2 ¤ 3.2.2a\\TrinityCore.exe"=
"c:\\Trinity Core 2 ¤ 3.2.2a\\TrinityRealm.exe"=
"c:\\Programme\\uTorrent\\uTorrent.exe"=
"c:\\Programme\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programme\\Orbitdownloader\\orbitnet.exe"=
"c:\\Dokumente und Einstellungen\\Administrator\\Desktop\\Trinity Core 2 ¤ 3.2.2a\\TrinityRealm.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [13.06.2007 18:53 101167]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [09.10.2006 14:31 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [14.06.2007 17:22 13184]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.03.2010 17:12 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29.03.2010 17:13 95872]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [18.04.2007 20:32 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [13.06.2007 18:53 5808]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [14.02.2000 13:55 24640]
R2 ASBroker;Anmeldesitzungsbroker;c:\windows\System32\svchost.exe -k Cognizance [28.02.2006 04:00 14336]
R2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe -k Cognizance [28.02.2006 04:00 14336]
R2 ekrn;ESET Service;c:\programme\ESET\ESET NOD32 Antivirus\ekrn.exe [29.03.2010 17:12 810120]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programme\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 13:27 1074568]
R2 HpFkCryptService;Drive Encryption Service;c:\programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [09.07.2007 18:03 221184]
R2 pdfcDispatcher;PDF Document Manager;c:\programme\PDF Complete\pdfsvc.exe [08.03.2008 20:14 540184]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\programme\Intel\AMT\UNS.exe [08.03.2008 20:04 2521880]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [09.03.2008 04:46 41216]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [07.05.2010 22:53 627072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Inhalt des "geplante Tasks" Ordners
2009-11-12 c:\windows\Tasks\Symantec NetDetect.job
- c:\programme\Symantec\LiveUpdate\NDETECT.EXE [2009-11-12 10:32]
2010-07-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-16 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.orbitdownloader.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\7knhytnl.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - google.sk
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=de_EU&q=
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\programme\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\programme\Ask.com\GenericAskToolbar.dll
MSConfigStartUp-CTFMON - (no file)
AddRemove-UltraCore v7 - c:\dokumente und einstellungen\Administrator\Desktop\UltraCoree\Uninstal.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 19:48
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\programme\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\programme\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\programme\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(908)
c:\programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\programme\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\SbHpNp.DLL
c:\programme\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\programme\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\programme\Hewlett-Packard\IAM\bin\DEU\HPBrand.dll
c:\programme\Hewlett-Packard\IAM\bin\DEU\ItMsg.dll
c:\programme\Hewlett-Packard\IAM\Bin\ASChnl.dll
- - - - - - - > 'lsass.exe'(964)
c:\windows\SbHpNp.dll
- - - - - - - > 'explorer.exe'(1944)
c:\windows\system32\APSHook.dll
c:\windows\system32\msi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Intel\AMT\atchksrv.exe
c:\programme\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\ifxtcs.exe
c:\programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
c:\programme\Intel\AMT\LMS.exe
c:\programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\programme\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\IfxPsdSv.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programme\Hewlett-Packard\Shared\hpqwmiex.exe
c:\programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\System32\SCardSvr.exe
c:\programme\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-07-07 19:54:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-07-07 17:54
Vor Suchlauf: 15 Verzeichnis(se), 64.828.252.160 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 64.802.037.760 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 6420400E5A3276E17EA6CF63E81B69DC
ComboFix 10-07-06.05 - Administrator 07.07.2010 19:41:17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.2002.1203 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokume~1\ADMINI~1\LOKALE~1\Temp\sfamcc00001.dll
c:\dokume~1\ADMINI~1\LOKALE~1\Temp\sfareca00001.dll
c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Temp\sfamcc00001.dll
c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Temp\sfareca00001.dll
D:\Autorun.inf
.
((((((((((((((((((((((( Dateien erstellt von 2010-06-07 bis 2010-07-07 ))))))))))))))))))))))))))))))
.
2010-07-07 17:19 . 2010-07-07 17:23 -------- d-----w- c:\programme\trend micro
2010-07-07 17:19 . 2010-07-07 17:23 -------- d-----w- C:\rsit
2010-07-07 11:50 . 2010-07-07 12:11 -------- d-----w- C:\tWINK
2010-06-29 16:59 . 2010-06-29 07:42 -------- d-----w- C:\Shadez-wowarmory-87c4b7f
2010-06-29 16:15 . 2010-06-29 16:15 -------- d-----w- c:\programme\CCleaner
2010-06-28 21:34 . 2010-06-28 21:34 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Canneverbe Limited
2010-06-28 21:34 . 2010-06-28 21:34 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
2010-06-28 21:34 . 2009-11-12 12:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-06-28 21:34 . 2010-06-28 21:34 -------- d-----w- c:\programme\CDBurnerXP
2010-06-24 20:02 . 2010-07-07 15:05 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\ClubCooee
2010-06-24 20:02 . 2010-07-07 17:47 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ClubCooee
2010-06-18 19:17 . 2010-06-18 19:17 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PCHealth
2010-06-16 13:28 . 2010-06-16 13:49 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-06-16 00:48 . 2010-06-16 00:48 -------- d-----w- c:\windows\system32\KB905474
2010-06-13 20:13 . 2010-06-13 20:13 -------- d-----w- c:\windows\ServicePackFiles
2010-06-13 01:07 . 2008-06-14 17:57 273024 ------w- c:\windows\system32\drivers\bthport.sys
2010-06-13 01:07 . 2008-06-14 17:57 273024 ------w- c:\windows\system32\dllcache\bthport.sys
2010-06-13 01:07 . 2009-03-21 14:20 1059840 ------w- c:\windows\system32\dllcache\kernel32.dll
2010-06-13 01:07 . 2009-12-31 16:14 352640 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-13 01:07 . 2009-11-21 16:37 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-06-13 01:06 . 2009-10-15 17:20 82432 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-06-13 01:06 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-13 01:06 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-06-13 01:06 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-06-13 01:05 . 2008-07-07 20:30 253952 ------w- c:\windows\system32\dllcache\es.dll
2010-06-13 01:03 . 2009-11-27 17:33 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-06-13 01:03 . 2008-07-03 13:14 8495616 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-13 01:03 . 2009-11-27 16:37 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2010-06-13 01:03 . 2009-11-27 16:37 85504 ------w- c:\windows\system32\dllcache\avifil32.dll
2010-06-13 01:03 . 2009-11-27 16:37 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-06-13 01:03 . 2009-11-27 16:37 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2010-06-13 01:03 . 2009-11-27 16:37 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2010-06-13 01:03 . 2009-04-15 15:11 584192 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-06-13 01:03 . 2009-12-17 07:57 346624 ------w- c:\windows\system32\dllcache\mspaint.exe
2010-06-13 01:03 . 2010-02-05 18:38 1296896 ------w- c:\windows\system32\dllcache\quartz.dll
2010-06-13 01:02 . 2008-04-21 21:25 217600 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-06-12 21:10 . 2009-07-31 04:58 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 17:31 . 2010-02-15 10:59 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\SQLyog
2010-07-07 16:51 . 2008-11-21 08:18 -------- d-----w- c:\programme\World of Warcraft
2010-07-07 15:06 . 2010-02-21 12:48 -------- d-----w- c:\programme\SpeedFan
2010-07-06 19:43 . 2008-11-18 02:33 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Skype
2010-07-06 19:42 . 2000-02-18 17:43 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\skypePM
2010-07-01 18:55 . 2010-02-18 17:25 -------- d-----w- c:\programme\World of Warcraft2
2010-06-30 16:04 . 2010-02-17 20:49 -------- d-----w- c:\programme\World of Warcraft3
2010-06-26 15:58 . 2008-04-14 06:21 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-06-24 01:01 . 2006-05-04 20:53 519632 ----a-w- c:\windows\system32\perfh007.dat
2010-06-24 01:01 . 2006-05-04 20:53 109060 ----a-w- c:\windows\system32\perfc007.dat
2010-05-26 18:06 . 2009-04-10 14:30 -------- d-----w- c:\programme\Tibia
2010-05-21 19:47 . 2010-05-21 19:47 -------- d-----w- c:\programme\Oldgames
2010-05-16 11:10 . 2010-05-16 11:10 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\ESET
2010-05-02 07:54 . 2006-02-28 02:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:46 . 2006-02-28 02:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 15:35 . 2006-02-28 02:00 667648 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 15:35 . 2006-02-28 02:00 81920 ----a-w- c:\windows\system32\ieencode.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClubCooee"="c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ClubCooee\Program\cooee.exe" [2010-06-18 4437304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-04-26 1015808]
"atchk"="c:\programme\Intel\AMT\atchk.exe" [2007-06-07 408344]
"PTHOSTTR"="c:\programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-04-18 677408]
"PDF Complete"="c:\programme\PDF Complete\pdfsty.exe" [2007-08-07 331288]
"SDMSSplash"="c:\programme\HP_SDMS\SDMSSplash\launcher.exe" [2006-03-10 86016]
"SetRefresh"="c:\programme\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"nmctxth"="c:\programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Linksys Wireless Manager"="c:\programme\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"egui"="c:\programme\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-29 2145000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 01:30 74240 ----a-r- c:\programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Orbit.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Backup]
2007-12-03 09:31 2600960 ----a-w- c:\programme\LaCie\Backup Software\LacieBackup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\programme\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-02-23 14:15 319280 ----a-w- c:\programme\uTorrent\uTorrent.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Trinity Core 2 ¤ 3.2.2a\\TrinityCore.exe"=
"c:\\Trinity Core 2 ¤ 3.2.2a\\TrinityRealm.exe"=
"c:\\Programme\\uTorrent\\uTorrent.exe"=
"c:\\Programme\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programme\\Orbitdownloader\\orbitnet.exe"=
"c:\\Dokumente und Einstellungen\\Administrator\\Desktop\\Trinity Core 2 ¤ 3.2.2a\\TrinityRealm.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [13.06.2007 18:53 101167]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [09.10.2006 14:31 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [14.06.2007 17:22 13184]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.03.2010 17:12 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29.03.2010 17:13 95872]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [18.04.2007 20:32 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [13.06.2007 18:53 5808]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [14.02.2000 13:55 24640]
R2 ASBroker;Anmeldesitzungsbroker;c:\windows\System32\svchost.exe -k Cognizance [28.02.2006 04:00 14336]
R2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe -k Cognizance [28.02.2006 04:00 14336]
R2 ekrn;ESET Service;c:\programme\ESET\ESET NOD32 Antivirus\ekrn.exe [29.03.2010 17:12 810120]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programme\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 13:27 1074568]
R2 HpFkCryptService;Drive Encryption Service;c:\programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [09.07.2007 18:03 221184]
R2 pdfcDispatcher;PDF Document Manager;c:\programme\PDF Complete\pdfsvc.exe [08.03.2008 20:14 540184]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\programme\Intel\AMT\UNS.exe [08.03.2008 20:04 2521880]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [09.03.2008 04:46 41216]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [07.05.2010 22:53 627072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Inhalt des "geplante Tasks" Ordners
2009-11-12 c:\windows\Tasks\Symantec NetDetect.job
- c:\programme\Symantec\LiveUpdate\NDETECT.EXE [2009-11-12 10:32]
2010-07-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-16 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.orbitdownloader.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\7knhytnl.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - google.sk
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=de_EU&q=
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\programme\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\programme\Ask.com\GenericAskToolbar.dll
MSConfigStartUp-CTFMON - (no file)
AddRemove-UltraCore v7 - c:\dokumente und einstellungen\Administrator\Desktop\UltraCoree\Uninstal.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 19:48
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\programme\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\programme\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\programme\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(908)
c:\programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\programme\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\SbHpNp.DLL
c:\programme\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\programme\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\programme\Hewlett-Packard\IAM\bin\DEU\HPBrand.dll
c:\programme\Hewlett-Packard\IAM\bin\DEU\ItMsg.dll
c:\programme\Hewlett-Packard\IAM\Bin\ASChnl.dll
- - - - - - - > 'lsass.exe'(964)
c:\windows\SbHpNp.dll
- - - - - - - > 'explorer.exe'(1944)
c:\windows\system32\APSHook.dll
c:\windows\system32\msi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Intel\AMT\atchksrv.exe
c:\programme\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\ifxtcs.exe
c:\programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
c:\programme\Intel\AMT\LMS.exe
c:\programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\programme\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\IfxPsdSv.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programme\Hewlett-Packard\Shared\hpqwmiex.exe
c:\programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\System32\SCardSvr.exe
c:\programme\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-07-07 19:54:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-07-07 17:54
Vor Suchlauf: 15 Verzeichnis(se), 64.828.252.160 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 64.802.037.760 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 6420400E5A3276E17EA6CF63E81B69DC
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Spomalený PC
stahnete GMER , rozbalte a spustte
v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"
probehne sken, po jehoz ukonceni na vas bafnou vysledky
pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte
pote dle tohoto navodu absolvujte druhy sken a opet obsah logu sem
v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"
probehne sken, po jehoz ukonceni na vas bafnou vysledky
pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte
pote dle tohoto navodu absolvujte druhy sken a opet obsah logu sem
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Přispějete na provoz fóra?