| |
| |||||||
Log-Analyse und Auswertung: Internet -Browser sehr langsamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.04.2014, 22:50
| #11 |
 |  Internet -Browser sehr langsamCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by wessel at 2014-04-05 17:44:48 Run:1
Running from C:\Users\wessel\Desktop\sicherheit
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
Task: {2873001C-656F-47BB-8EEA-98D893C62998} - \Software Updater Ui No Task File
Task: {34894FF1-76F6-43DC-A150-08AACFDF0DB3} - System32\Tasks\Freemium1ClickMaint => C:\Users\wessel\Desktop\1Click.exe
Task: {3CB0BEAA-A6B7-4192-ABA3-DE62F7446A90} - \Software Updater No Task File
C:\Users\wessel\Desktop\1Click.exe
Task: {728775DB-7038-47E9-9796-035AE6A8B757} - \DealPlyUpdate No Task File
Task: {75C3E469-D599-4532-804E-96F1FE5768EB} - \DSite No Task File
Task: {A7767FA7-45C0-46D9-A3CB-D28687AAF9BB} - \Dealply No Task File
Task: {BC421944-B73D-4F6F-B917-694A0ACC4381} - \BrowserDefendert No Task File
end
*****************
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2873001C-656F-47BB-8EEA-98D893C62998} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2873001C-656F-47BB-8EEA-98D893C62998} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater Ui => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34894FF1-76F6-43DC-A150-08AACFDF0DB3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34894FF1-76F6-43DC-A150-08AACFDF0DB3} => Key deleted successfully.
C:\Windows\System32\Tasks\Freemium1ClickMaint => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Freemium1ClickMaint => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3CB0BEAA-A6B7-4192-ABA3-DE62F7446A90} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CB0BEAA-A6B7-4192-ABA3-DE62F7446A90} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater => Key deleted successfully.
"C:\Users\wessel\Desktop\1Click.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{728775DB-7038-47E9-9796-035AE6A8B757} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{728775DB-7038-47E9-9796-035AE6A8B757} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75C3E469-D599-4532-804E-96F1FE5768EB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75C3E469-D599-4532-804E-96F1FE5768EB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7767FA7-45C0-46D9-A3CB-D28687AAF9BB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7767FA7-45C0-46D9-A3CB-D28687AAF9BB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC421944-B73D-4F6F-B917-694A0ACC4381} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC421944-B73D-4F6F-B917-694A0ACC4381} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert => Key deleted successfully.
==== End of Fixlog ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a001615d5595c64ca4ab53769add56f1
# engine=14986
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-02 06:14:06
# local_time=2013-09-02 08:14:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 298245 129775496 0 0
# scanned=303676
# found=1
# cleaned=0
# scan_time=3292
sh=F721A9E1AC3EA08C6EBE5309FA84315080D4D8D8 ft=1 fh=17fe8b2a6c886bfd vn="a variant of Win32/SpeedingUpMyPC.B application" ac=I fn="C:\Users\wessel\AppData\Local\Temp\OptimizerPro.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a001615d5595c64ca4ab53769add56f1
# engine=17567
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-23 07:54:35
# local_time=2014-03-23 08:54:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 14615364 147234325 0 0
# scanned=304751
# found=0
# cleaned=0
# scan_time=4113
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a001615d5595c64ca4ab53769add56f1
# engine=17766
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-05 07:04:39
# local_time=2014-04-05 09:04:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 20163 3407015 12942 0
# compatibility_mode=5893 16776573 100 94 5763 148354529 0 0
# scanned=42795
# found=0
# cleaned=0
# scan_time=4245
ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a001615d5595c64ca4ab53769add56f1
# engine=17769
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-05 09:27:06
# local_time=2014-04-05 11:27:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 28710 3415562 21489 0
# compatibility_mode=5893 16776573 100 94 14310 148363076 0 0
# scanned=309250
# found=0
# cleaned=0
# scan_time=7276
Code:
ATTFilter HitmanPro 3.7.9.216
www.hitmanpro.com
Computer name . . . . : WESSEL-PC
Windows . . . . . . . : 6.1.1.7601.X64/8
User name . . . . . . : wessel-PC\wessel
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2014-04-05 17:47:58
Scan mode . . . . . . : Normal
Scan duration . . . . : 2m 39s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes
Threats . . . . . . . : 0
Traces . . . . . . . : 58
Objects scanned . . . : 2.270.723
Files scanned . . . . : 40.068
Remnants scanned . . : 625.596 files / 1.605.059 keys
Suspicious files ____________________________________________________________
C:\Users\wessel\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
Size . . . . . . . : 951.497 bytes
Age . . . . . . . : 181.2 days (2013-10-06 13:45:08)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 43358BBCEC1EBE7927CA3B0A3DCA0597D5E8584F0FCBE987B8126A0C12D73A2B
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\wessel\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
Size . . . . . . . : 140.072 bytes
Age . . . . . . . : 181.2 days (2013-10-06 13:45:20)
Entropy . . . . . : 7.7
SHA-256 . . . . . : CC3F4E453FC246B64C09E81BB73741CECC897C805C13815336647E986A60301E
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
C:\Users\wessel\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
Size . . . . . . . : 953.886 bytes
Age . . . . . . . : 116.9 days (2013-12-09 19:20:17)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\wessel\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
Size . . . . . . . : 138.032 bytes
Age . . . . . . . : 116.9 days (2013-12-09 19:20:29)
Entropy . . . . . : 7.8
SHA-256 . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TBNotifier_RASAPI32\ (AskBar) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TBNotifier_RASMANCS\ (AskBar) -> Deleted
HKU\.DEFAULT\Software\AskPartnerNetwork\ (AskBar) -> Deleted
HKU\S-1-5-18\Software\AskPartnerNetwork\ (AskBar) -> PendingDelete
HKU\S-1-5-21-3477562969-2480981767-1781961833-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) -> Deleted
HKU\S-1-5-21-3477562969-2480981767-1781961833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find) -> Deleted
HKU\S-1-5-21-3477562969-2480981767-1781961833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find) -> Deleted
Cookies _____________________________________________________________________
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\0K7LYTXV.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\0PYNXUQ9.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\487XEOFN.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\A9K2S6RF.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\AVTWWDLG.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\BB53QUJ9.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\CY3ZIV7X.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\E0OT5FVV.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\HXWEAKAZ.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\JU389HLR.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\N6G0QEGT.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\O1FPM4F1.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\QYJUAX99.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\TDVY6T32.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\XLD7CVIR.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\XVZFGNRB.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\ZDF46GQG.txt
C:\Users\wessel\AppData\Roaming\Microsoft\Windows\Cookies\ZLFWOXMR.txt
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:2o7.net
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ad.360yield.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ad.ad-srv.net
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ad.dyntracker.de
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ad.movad.net
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ad.zanox.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ads.creative-serving.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ads.escinteractive.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ads.p161.net
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ads.pubmatic.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ads.stickyadstv.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ads.yahoo.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:adtech.de
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:adtechus.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:atdmt.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:deutschepostag.112.2o7.net
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:fl01.ct2.comclick.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:kontera.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:media6degrees.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:revsci.net
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:ru4.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:serving-sys.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:smartadserver.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:statcounter.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:track.adform.net
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:track.effiliation.com
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:track.tnm.de
C:\Users\wessel\AppData\Roaming\Mozilla\Firefox\Profiles\gpieaic0.default\cookies.sqlite:xiti.com
Code:
ATTFilter Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spyder4Pro
Java 7 Update 51
Adobe Flash Player 12.0.0.77
Mozilla Firefox (27.0.1)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
| Themen zu Internet -Browser sehr langsam |
| ad-aware, avg, avira, browser langsam, canon, desktop, flash player, google, homepage, internet, langsam, realtek, registry, sekunden, services.exe, spyware, svchost.exe, temp, tr/wysotot.gen, up.optional.lyrics.a, usb, winlogon.exe |
Baum-Darstellung