|
Plagegeister aller Art und deren Bekämpfung: Internetverbindung und Seitenaufbau extrem langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.07.2011, 12:24 | #1 |
| Internetverbindung und Seitenaufbau extrem langsam Hallo, liebes Trojaner-Board, seit einigen Wochen nimmt meine Downloadgeschwindigkeit immer weiter ab und Internetseiten laden länger als gewohnt. Daraufhin habe ich einige Tage lang via diverser Speedtests überprüft, wie schnell meine Downloadgeschwindkeit denn nun wirklich ist. Das Ergebnis: maximal 80 kbit/s. Ich kontaktierte dann meinen Internetanbieter, welcher jedoch erklärte, dass die 16000er-Leitung eigentlich einwandfrei laufen müsste. Ein empfohlener Neustart des Modems brachte auch nichts. Viren konnte ich mit Avast keine finden und im Internet finde ich auch keine wirkliche Lösung. Ich hoffe, dass ich hier nichts falsch mache. Ich bedanke mich schon einmal im Voraus. Antonio Hier anbei die gebrauchten Logfiles: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 11:59 on 16/07/2011 (Futures) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter OTL logfile created on: 16.07.2011 12:46:13 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Futures\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,58 Mb Total Physical Memory | 319,33 Mb Available Physical Memory | 31,23% Memory free 2,25 Gb Paging File | 1,51 Gb Available in Paging File | 67,01% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,10 Gb Total Space | 108,46 Gb Free Space | 73,24% Space Free | Partition Type: NTFS Drive D: | 73,07 Gb Total Space | 68,22 Gb Free Space | 93,37% Space Free | Partition Type: NTFS Drive K: | 3,74 Gb Total Space | 3,74 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Computer Name: ANTONS-PC | User Name: Futures | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.16 12:44:33 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Futures\Desktop\OTL.exe PRC - [2011.07.04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 00:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.04.25 14:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe ========== Modules (SafeList) ========== MOD - [2011.07.16 12:44:33 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Futures\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (RJGCQSBKS) SRV - [2011.07.04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2008.04.25 14:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.07.04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.07.04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.07.04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.26 01:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2008.02.01 16:43:22 | 000,103,720 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\camfilt2.sys -- (camfilt2) DRV - [2008.01.25 11:12:34 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2007.09.28 23:13:56 | 003,154,944 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.07.13 10:45:08 | 000,285,952 | ---- | M] (Akkord Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDvidv.sys -- (APL531) DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID) DRV - [2007.05.14 10:10:02 | 000,135,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2006.11.02 10:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 72 97 B3 7F AB CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Bing (Virtus)" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.6.7 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.07.16 01:06:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Program Files\Flock\plugins [2011.07.16 11:03:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Program Files\Flock\components [2011.07.16 11:03:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.22 00:13:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.19 21:41:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.2\extensions\\Components: C:\Program Files\SeaMonkey\components [2011.07.14 01:36:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.2\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2011.06.19 21:41:41 | 000,000,000 | ---D | M] [2011.06.22 00:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Futures\AppData\Roaming\mozilla\Extensions [2011.03.15 08:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Futures\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a} [2011.01.22 17:18:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Futures\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b} [2011.06.18 20:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Futures\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2011.07.15 08:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Futures\AppData\Roaming\mozilla\Firefox\Profiles\u2gctue8.default\extensions [2011.07.16 01:13:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Futures\AppData\Roaming\mozilla\SeaMonkey\Profiles\w1ixiadz.default\extensions [2011.04.07 03:41:37 | 000,000,000 | ---D | M] (Orbit 3+1) -- C:\Users\Futures\AppData\Roaming\mozilla\SeaMonkey\Profiles\w1ixiadz.default\extensions\orbit@miksworld.de [2011.06.25 20:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.04.22 14:16:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011.06.09 06:09:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.01.23 01:08:59 | 000,000,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.07.16 11:52:50 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Futures\Desktop\OTL.exe [2011.07.16 01:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011.07.16 01:22:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.07.15 12:07:11 | 000,000,000 | ---D | C] -- C:\Users\Futures\AppData\Roaming\Malwarebytes [2011.07.15 12:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.07.15 12:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.07.15 10:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.07.13 03:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool [2011.07.03 23:40:30 | 000,659,456 | ---- | C] (Speed Guide Inc.) -- C:\Users\Futures\Documents\TCPOptimizer.exe [2011.07.03 22:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs [2011.07.03 22:26:44 | 000,000,000 | ---D | C] -- C:\Users\Futures\AppData\Roaming\VistaCodecs [2011.07.03 22:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\VistaCodecPack [2011.07.03 22:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\VistaCodecs [2011.06.30 08:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2011.06.30 08:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan [2011.06.27 17:29:35 | 000,000,000 | ---D | C] -- C:\Users\Futures\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAM Defrag [2011.06.27 17:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAM Defrag [2011.06.27 17:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\RAM Defrag [2011.06.27 14:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\z-defrag [2011.06.24 00:29:28 | 000,000,000 | ---D | C] -- C:\Users\Futures\Desktop\JavaRa [2011.06.19 21:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011.06.18 20:20:28 | 000,000,000 | ---D | C] -- C:\Users\Futures\AppData\Roaming\Songbird2 [2011.06.18 20:20:28 | 000,000,000 | ---D | C] -- C:\Users\Futures\AppData\Local\Songbird2 [2011.06.18 19:38:28 | 000,000,000 | ---D | C] -- C:\Users\Futures\AppData\Roaming\Epic [2011.06.18 19:38:28 | 000,000,000 | ---D | C] -- C:\Users\Futures\AppData\Local\Epic [2011.06.18 19:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic [2011.06.18 19:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\Epic [2010.02.04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.16 12:47:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.07.16 12:44:33 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Futures\Desktop\OTL.exe [2011.07.16 11:59:06 | 000,000,000 | ---- | M] () -- C:\Users\Futures\defogger_reenable [2011.07.16 11:56:59 | 000,302,592 | ---- | M] () -- C:\Users\Futures\Desktop\g39z02wc.exe [2011.07.16 11:50:41 | 000,050,477 | ---- | M] () -- C:\Users\Futures\Desktop\Defogger.exe [2011.07.16 11:02:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.16 11:02:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.16 03:47:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.07.16 03:02:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.13 12:32:30 | 001,699,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.13 03:51:21 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.07.13 03:51:21 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.07.13 03:51:06 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.07.06 09:35:33 | 000,008,160 | ---- | M] () -- C:\Users\Futures\AppData\Local\d3d9caps.dat [2011.07.06 09:31:58 | 000,002,565 | ---- | M] () -- C:\Users\Futures\Desktop\Vista Shortcut Manager.lnk [2011.07.06 00:06:00 | 000,049,152 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.07.05 15:38:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011.07.04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011.07.04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011.07.04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011.07.04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011.07.04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011.07.03 23:56:23 | 000,001,496 | ---- | M] () -- C:\Users\Futures\Documents\sg_backup_2011-07-03-2356.spg [2011.07.03 23:43:42 | 000,001,496 | ---- | M] () -- C:\Users\Futures\Documents\sg_backup_2011-07-03-2343.spg [2011.07.03 23:42:42 | 000,001,511 | ---- | M] () -- C:\Users\Futures\Documents\FirstBackup.spg [2011.07.03 23:41:26 | 000,659,456 | ---- | M] (Speed Guide Inc.) -- C:\Users\Futures\Documents\TCPOptimizer.exe [2011.07.03 23:02:00 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [2011.07.01 03:58:51 | 000,003,913 | ---- | M] () -- C:\Users\Futures\.recently-used.xbel [2011.06.30 08:24:12 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [2011.06.28 05:49:24 | 000,000,850 | ---- | M] () -- C:\Users\Futures\Desktop\RAM Defrag starten.lnk [2011.06.27 14:43:54 | 000,003,584 | ---- | M] () -- C:\Users\Futures\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.26 02:05:59 | 000,001,158 | ---- | M] () -- C:\Users\Futures\AppData\Roaming\wklnhst.dat [2011.06.26 02:05:58 | 000,008,704 | ---- | M] () -- C:\Users\Futures\Untitled.wps [2011.06.22 00:13:42 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.06.19 21:41:41 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.16 11:59:06 | 000,000,000 | ---- | C] () -- C:\Users\Futures\defogger_reenable [2011.07.16 11:56:32 | 000,302,592 | ---- | C] () -- C:\Users\Futures\Desktop\g39z02wc.exe [2011.07.16 11:50:37 | 000,050,477 | ---- | C] () -- C:\Users\Futures\Desktop\Defogger.exe [2011.07.13 03:51:06 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.07.03 23:56:23 | 000,001,496 | ---- | C] () -- C:\Users\Futures\Documents\sg_backup_2011-07-03-2356.spg [2011.07.03 23:43:23 | 000,001,496 | ---- | C] () -- C:\Users\Futures\Documents\sg_backup_2011-07-03-2343.spg [2011.07.03 23:42:42 | 000,001,511 | ---- | C] () -- C:\Users\Futures\Documents\FirstBackup.spg [2011.07.03 23:01:59 | 000,000,629 | ---- | C] () -- C:\Windows\System32\mapisvc.inf [2011.07.01 03:58:51 | 000,003,913 | ---- | C] () -- C:\Users\Futures\.recently-used.xbel [2011.06.28 05:49:24 | 000,000,850 | ---- | C] () -- C:\Users\Futures\Desktop\RAM Defrag starten.lnk [2011.06.27 17:29:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE [2011.06.27 14:43:53 | 000,003,584 | ---- | C] () -- C:\Users\Futures\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.26 01:57:06 | 000,008,704 | ---- | C] () -- C:\Users\Futures\Untitled.wps [2011.06.22 00:13:42 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.06.22 00:13:42 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.06.19 21:41:41 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.06.19 21:41:41 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.04.27 11:21:38 | 003,268,096 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2011.04.27 00:08:34 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.04.12 02:19:07 | 000,000,138 | -H-- | C] () -- C:\Users\Futures\AppData\Roaming\xpy.ini [2011.03.30 11:49:20 | 000,001,158 | ---- | C] () -- C:\Users\Futures\AppData\Roaming\wklnhst.dat [2011.03.19 11:06:02 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.03.04 02:39:57 | 000,008,160 | ---- | C] () -- C:\Users\Futures\AppData\Local\d3d9caps.dat [2011.02.10 09:18:27 | 001,699,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2011.01.16 08:46:48 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat [2011.01.08 22:12:39 | 000,019,456 | ---- | C] () -- C:\Users\Futures\AppData\Local\WebpageIcons.db [2010.12.30 14:46:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.12.30 14:45:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.12.30 14:45:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.07.16 06:43:37 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.03.28 19:13:51 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2010.03.28 19:12:15 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.03.28 19:11:46 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.03.15 05:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.12.28 06:50:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\VistaInfo32.dll [2009.12.28 06:50:18 | 000,000,068 | ---- | C] () -- C:\Windows\MyProg.ini [2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2008.12.23 08:07:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.09.24 17:05:52 | 003,600,384 | ---- | C] () -- C:\Windows\ffmpeg.exe [2008.09.01 10:56:14 | 000,111,104 | ---- | C] () -- C:\Windows\System32\uharc.exe [2008.08.16 13:20:00 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe [2008.08.16 13:20:00 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe [2008.08.16 13:20:00 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2008.08.16 13:19:59 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe [2008.08.16 13:19:59 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe [2008.07.18 12:41:06 | 000,118,784 | ---- | C] () -- C:\Windows\GREUninstall.exe [2008.07.18 12:41:00 | 000,007,752 | ---- | C] () -- C:\Windows\mozver.dat [2008.01.12 13:42:16 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2007.11.07 19:01:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2007.11.07 18:33:03 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.11.07 18:33:03 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.11.07 18:33:02 | 000,154,206 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.11.07 18:33:02 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2007.11.07 18:33:02 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 17:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2006.05.03 00:38:24 | 000,072,444 | ---- | C] () -- C:\Windows\SetBrowser.exe [2006.05.03 00:38:24 | 000,000,748 | ---- | C] () -- C:\Windows\SetBrowser.ini [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2011.06.26 04:56:34 | 000,000,000 | ---D | M] -- C:\Users\Futures\AppData\Roaming\Epic [2011.06.25 18:27:40 | 000,000,000 | ---D | M] -- C:\Users\Futures\AppData\Roaming\Flock [2011.02.13 20:08:01 | 000,000,000 | ---D | M] -- C:\Users\Futures\AppData\Roaming\FreeAudioPack [2011.06.04 19:47:50 | 000,000,000 | ---D | M] -- C:\Users\Futures\AppData\Roaming\GetRightToGo [2011.07.01 03:58:51 | 000,000,000 | ---D | M] -- C:\Users\Futures\AppData\Roaming\gtk-2.0 [2011.06.01 07:00:57 | 000,000,000 | ---D | M] -- C:\Users\Futures\AppData\Roaming\JGsoft [2011.04.05 17:08:39 | 000,000,000 | ---D | M] -- C:\Users\Futures\AppData\Roaming\Jumping Bytes [2011.05.22 11:00:59 | 000,000,000 | ---D | M] -- C:\Users\Futures\AppData\Roaming\K-Meleon [2011.03.15 10:50:24 | 000,000,000 | ---D | M] -- C:\Users\Futures\AppData\Roaming\Lunascape [2011.04.03 21:52:16 | 000,000,000 | ---D | M] -- C:\Users\Futures\AppData\Roaming\Miranda [2011.06.10 11:14:57 | 000,000,000 | ---D | M] -- C:\Users\Futures\AppData\Roaming\NCH Swift Sound [2011.01.22 17:35:01 | 000,000,000 | ---D | M] -- C:\Users\Futures\AppData\Roaming\Opera [2011.03.02 20:03:38 | 000,000,000 | ---D | M] -- C:\Users\Futures\AppData\Roaming\Registry Mechanic [2011.06.18 20:20:28 | 000,000,000 | ---D | M] -- C:\Users\Futures\AppData\Roaming\Songbird2 [2011.03.30 11:49:30 | 000,000,000 | ---D | M] -- C:\Users\Futures\AppData\Roaming\Template [2011.07.05 21:43:33 | 000,000,000 | ---D | M] -- C:\Users\Futures\AppData\Roaming\TuneUp Software [2011.07.16 11:03:55 | 000,000,000 | ---D | M] -- C:\Users\Futures\AppData\Roaming\VistaCodecs [2011.07.16 03:01:49 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > OTL ExtrasOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.07.2011 12:46:13 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Futures\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,58 Mb Total Physical Memory | 319,33 Mb Available Physical Memory | 31,23% Memory free 2,25 Gb Paging File | 1,51 Gb Available in Paging File | 67,01% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,10 Gb Total Space | 108,46 Gb Free Space | 73,24% Space Free | Partition Type: NTFS Drive D: | 73,07 Gb Total Space | 68,22 Gb Free Space | 93,37% Space Free | Partition Type: NTFS Drive K: | 3,74 Gb Total Space | 3,74 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Computer Name: ANTONS-PC | User Name: Futures | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found .txt [@ = txtfile] -- C:\Program Files\Just Great Software\EditPadLite7\EditPadLite7.exe (Just Great Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08836364-D684-4ABD-8258-1990D38EC149}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{CF4A271D-BEA0-4BA5-9FD8-3CEC79C1D92C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{DC8443A0-D6E1-4593-BB25-5BFC5214287D}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B8C7753-EB92-4412-9796-A4BABE5D58A1}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | "{2AD810F1-07CF-404D-916B-B8A36EB24771}" = protocol=6 | dir=in | app=c:\program files\windows defender\mpcmdrun.exe | "{3B6C5A82-1D40-4098-A891-E4F131035715}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{3DDA37BA-8EF3-47A4-961B-AF4BBC6EF6F5}" = protocol=58 | dir=in | app=system | "{501AFC97-5D40-46A5-A7FA-04AE95F1468B}" = dir=in | app=c:\program files\itunes\itunes.exe | "{54D70686-E279-40AA-A717-02F9401E8025}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{7F74B00B-7F2E-4A6D-9539-68193476D949}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 | "{8CE7AE48-0FC7-4A3C-9902-0ECE79FA7509}" = protocol=6 | dir=out | app=system | "{A9AF940D-E0FC-40E5-AF2A-38F4026AED28}" = protocol=17 | dir=in | app=c:\program files\windows defender\mpcmdrun.exe | "{D9EA2DF0-8690-490F-95FD-A538552FA1AF}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{E5D3E0A6-6426-4205-AEBA-AEFB74542B8C}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "TCP Query User{5255487C-0FFD-4EEB-A8AB-44CFF99A378C}C:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\script-fu.exe" = protocol=6 | dir=in | app=c:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\script-fu.exe | "TCP Query User{8A98CE0F-D290-4CC1-AE1A-625AEF176863}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2011 11.0.0.232\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2011 11.0.0.232\german\setup.exe | "TCP Query User{C4F15BAD-CF03-49C9-8A1D-BC48FDB7B6F8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{CE2D65AA-EA6B-42DC-9B2B-C5E213D1C08A}C:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\script-fu.exe" = protocol=6 | dir=in | app=c:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\script-fu.exe | "TCP Query User{F293BA66-3984-4604-83B8-8293ED906563}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{FDB8BF48-90F7-4362-B519-BBBF359FFF03}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{024BCBCD-2F38-445C-88D7-7426541F4BCD}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{61C17243-4C88-461C-BBF1-F63A6B1E3CB7}C:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\script-fu.exe" = protocol=17 | dir=in | app=c:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\script-fu.exe | "UDP Query User{64DCEC00-4001-42E6-A2F1-49F3779038BD}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2011 11.0.0.232\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2011 11.0.0.232\german\setup.exe | "UDP Query User{6649FE14-03AD-48B0-A176-EAD0972EA115}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{925B1E3C-F36F-43DC-897A-BDA77382D8D4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{96EA84FD-8B89-4DB5-92B1-A591D3D0CAD2}C:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\script-fu.exe" = protocol=17 | dir=in | app=c:\program files\gimp-2.0\lib\gimp\2.0\plug-ins\script-fu.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar) "{03C557DA-96C3-BAE7-A54C-F99CA28524A5}" = Catalyst Control Center Graphics Previews Vista "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{067F5812-AB7E-00B8-9178-B6F328F6DC87}" = Catalyst Control Center Localization Swedish "{125401F2-4747-5808-D715-57907628D23F}" = Catalyst Control Center Localization Japanese "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool "{1C0C1C20-27FA-0458-6F3C-79CC4FBD6DA4}" = Catalyst Control Center Localization Dutch "{1E47482F-C8D0-2FDC-D45E-750E1ED66807}" = CCC Help Dutch "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar) "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 26 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar) "{2F04C9DA-94DA-4361-8B34-02CD8187861F}" = SystemDiagnostics "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32D695E9-1E53-3AC1-7050-FE651545C473}" = Catalyst Control Center Localization Spanish "{361B714A-9433-BBF2-D166-3EA0BD357D30}" = Skins "{36F6AA65-2CFC-AB7C-24E4-C2FC1EE8EF54}" = CCC Help Norwegian "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{4518CC5F-2C8D-8CB9-33F4-49594CD3035E}" = Catalyst Control Center Localization Norwegian "{47609E69-4C5E-48B1-A889-24C6B82B5C04}" = Vista Shortcut Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5BEAB48C-1BF6-578C-00F1-09F81AFA493E}" = ccc-utility "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{641F5176-6B1E-C4B5-9A73-61AD4DD347E3}" = Catalyst Control Center Graphics Light "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{670BBA6D-D8D9-23C3-674C-CEC1EC3FBB68}" = CCC Help Danish "{683690FE-8689-597B-F134-671934B05C85}" = CCC Help Finnish "{69EB5A2E-E3BC-C6D2-6593-CE4F795F9BC5}" = ccc-core-static "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A224AFF-F6A8-2361-552D-11F8BD80D340}" = Catalyst Control Center Localization French "{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7946F1DB-A71C-1818-F2A6-064F0631BAB4}" = CCC Help Japanese "{86A8EC0E-4957-FB46-6BEA-60BA626B51B4}" = Catalyst Control Center Localization Italian "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95774351-6087-3A3B-8CA8-70BEE49D2BD5}" = Google Gears "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAEA2AF2-4E6C-9F0F-93D7-9287BA8A5AEE}" = CCC Help English "{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup "{AB05A7E7-EC92-16EB-BC47-D007447045AE}" = Catalyst Control Center Core Implementation "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD766001-4586-A2C4-179C-5B632F043E44}" = CCC Help French "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C335F03A-F084-0C34-74F9-F031FE4FC86E}" = CCC Help Italian "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C74A23FE-8E05-A138-F230-5446D74334F6}" = CCC Help Spanish "{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes "{CA551972-1433-7D7F-D02C-6EED974095D6}" = Catalyst Control Center Graphics Full Existing "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CBC82AAC-FEEE-4EC4-B118-1454A5ADBFE2}" = Catalyst Control Center - Branding "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF359E12-83DF-4401-D67E-BE59928A86A1}" = Catalyst Control Center Localization Danish "{D1CF23F4-B892-5981-1DBB-17781D3D5BAB}" = Catalyst Control Center Graphics Full New "{DA80FFD5-610D-744F-5A2C-EF87ADA174DE}" = CCC Help German "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E0CAD33E-E403-FE3E-F1C7-1300F30B5357}" = Catalyst Control Center Localization German "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F468B6EA-3123-F37A-4B50-E226A42F6580}" = CCC Help Swedish "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FD734AC4-D7DE-8039-71BD-5A1C7C83FB80}" = Catalyst Control Center Localization Finnish "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI "7-Zip" = 7-Zip 4.57 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Audacity_is1" = Audacity 1.2.6 "avast" = avast! Free Antivirus "CCleaner" = CCleaner "Clavier+_is1" = Clavier+ 10.6.1 "EditPad Lite" = Just Great Software EditPad Lite 7.0.2 "Google Chrome" = Google Chrome "HijackThis" = HijackThis 2.0.2 "MediaMonkey_is1" = MediaMonkey 3.2 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Miranda IM" = Miranda IM 0.9.20 "Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de) "Opera 11.50.1074" = Opera 11.50 "RAM Defrag" = RAM Defrag "SeaMonkey (2.2)" = SeaMonkey (2.2) "SimpleScreenshot" = SimpleScreenshot 1.30 "Unlocker" = Unlocker 1.9.1 "VLC media player" = VLC media player 1.1.9 "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Gmer.zip Geändert von Glam (16.07.2011 um 13:17 Uhr) |
16.07.2011, 17:00 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetverbindung und Seitenaufbau extrem langsam Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
16.07.2011, 23:00 | #3 |
| Internetverbindung und Seitenaufbau extrem langsam Hey,
__________________hier das Logfile von Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7161 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 16.07.2011 23:57:58 mbam-log-2011-07-16 (23-57-42).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 297723 Laufzeit: 57 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe (Security.Hijack) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Geändert von Glam (16.07.2011 um 23:08 Uhr) |
17.07.2011, 17:53 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetverbindung und Seitenaufbau extrem langsam Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
17.07.2011, 17:59 | #5 |
| Internetverbindung und Seitenaufbau extrem langsam Nein, keine weiteren. |
17.07.2011, 18:28 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetverbindung und Seitenaufbau extrem langsam Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Internetverbindung und Seitenaufbau extrem langsam |
17.07.2011, 18:56 | #7 |
| Internetverbindung und Seitenaufbau extrem langsam Hier das Logfile: |
17.07.2011, 19:19 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetverbindung und Seitenaufbau extrem langsam Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
17.07.2011, 20:26 | #9 |
| Internetverbindung und Seitenaufbau extrem langsam Das ComboFix-Log: |
17.07.2011, 20:29 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetverbindung und Seitenaufbau extrem langsam Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
18.07.2011, 02:14 | #11 |
| Internetverbindung und Seitenaufbau extrem langsam Hier alle drei Logfiles: |
18.07.2011, 09:55 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetverbindung und Seitenaufbau extrem langsam Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
18.07.2011, 15:44 | #13 |
| Internetverbindung und Seitenaufbau extrem langsam Hey, zwei Scans sind schon durch. Der ESET Online Scanner lädt seit gefühlten zwei Stunden Signaturen im Schneckentempo runter und stürzt auch aufgrund dessen, vermute ich mal, immer wieder ab... Ich poste daher schon mal die ersten Ergebnisse. Malwarebytes' Anti-Malware-Logfile: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7189 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 18.07.2011 12:47:45 mbam-log-2011-07-18 (12-47-45).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 306574 Laufzeit: 1 Stunde(n), 1 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 07/18/2011 at 03:54 PM Application Version : 4.55.1000 Core Rules Database Version : 7419 Trace Rules Database Version: 5231 Scan type : Complete Scan Total Scan Time : 01:35:10 Memory items scanned : 704 Memory threats detected : 0 Registry items scanned : 11634 Registry threats detected : 0 File items scanned : 114888 File threats detected : 2 Adware.Tracking Cookie media.mtvnservices.com [ C:\Users\Futures\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6FJ7RM4N ] secure-us.imrworldwide.com [ C:\Users\Futures\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6FJ7RM4N ] |
18.07.2011, 15:52 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetverbindung und Seitenaufbau extrem langsam Bislang nur Cookies. Kommt ESET noch?
__________________ Logfiles bitte immer in CODE-Tags posten |
18.07.2011, 15:56 | #15 |
| Internetverbindung und Seitenaufbau extrem langsam Ich bezweifle es. Vom Balken her ist er erst bei circa 30 % und dürfte demnach in Kürze wieder abstürzen. Wenn es bis 18 Uhr immer noch nicht klappt, sage ich Bescheid, okay? Edit: Na gut, ich gebe es auf, er ist wieder abgestürzt. Was nun? :wein: Geändert von Glam (18.07.2011 um 16:07 Uhr) |
Themen zu Internetverbindung und Seitenaufbau extrem langsam |
7-zip, adobe, alternate, antivirus, audacity, avira, bho, bonjour, defender, downloadgeschwindigkeit, error, feedback, firefox, flash player, format, google chrome, hijack, hijackthis, home, kaspersky, langs, langsam, locker, maximal, microsoft office word, plug-in, plug-ins, realtek, registry, rundll, scan, security, shark, shell32.dll, shortcut, software, start menu, svchost.exe, trojaner-board, udp, version=1.0, vista |