fortsetzung info.txt:
Code:
Alles auswählen Aufklappen ATTFilter
=====HijackThis Backups=====
O4 - HKCU\..\Run: [C:\Dokumente und Einstellungen\Micha\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0TCDQBW5\PokerEV%20Installer[1].exe] C:\Dokumente und Einstellungen\Micha\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0TCDQBW5\PokerEV%20Installer[1].exe [2008-04-26]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime [2008-04-26]
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [2008-04-26]
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe [2008-04-26]
O14 - IERESET.INF: START_PAGE_URL=http://www.csl-computer.com [2008-04-26]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe [2008-04-26]
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-04-26]
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-04-26]
O15 - Trusted Zone: http://www.kaspersky.com [2008-04-26]
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe [2008-04-26]
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (file missing) [2008-05-01]
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-05-01]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de [2008-05-02]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG [2008-05-02]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de [2008-05-02]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de [2008-05-02]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de [2008-05-02]
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [2008-05-02]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de [2008-05-02]
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2008-06-22]
O4 - HKCU\..\Run: [ukoyuie] "c:\dokumente und einstellungen\micha\lokale einstellungen\anwendungsdaten\ukoyuie.exe" ukoyuie [2009-04-17]
O4 - HKCU\..\Run: [FlashGet 3] "C:\Programme\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize [2009-09-14]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe [2009-09-14]
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2009-09-14]
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe [2009-09-14]
======Hosts File======
127.0.0.1 localhost
======Security center information======
AV: AntiVir Desktop (disabled) (outdated)
======System event log======
Computer Name: M1
Event Code: 7036
Message: Dienst "SQL Server (SQLEXPRESS)" befindet sich jetzt im Status "Ausgeführt".
Record Number: 27544
Source Name: Service Control Manager
Time Written: 20090616040109.000000+120
Event Type: Informationen
User:
Computer Name: M1
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "SQL Server (SQLEXPRESS)" gesendet.
Record Number: 27543
Source Name: Service Control Manager
Time Written: 20090616040105.000000+120
Event Type: Informationen
User: M1\Micha
Computer Name: M1
Event Code: 7034
Message: Dienst "SQL Server (SQLEXPRESS)" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.
Record Number: 27542
Source Name: Service Control Manager
Time Written: 20090614170119.000000+120
Event Type: Fehler
User:
Computer Name: M1
Event Code: 7024
Message: Der Dienst "SQL Server VSS Writer" wurde mit folgendem dienstspezifischem Fehler beendet: 2147549183 (0x8000FFFF).
Record Number: 27541
Source Name: Service Control Manager
Time Written: 20090614163740.000000+120
Event Type: Fehler
User:
Computer Name: M1
Event Code: 7036
Message: Dienst "SQL Server VSS Writer" befindet sich jetzt im Status "Beendet".
Record Number: 27540
Source Name: Service Control Manager
Time Written: 20090614163740.000000+120
Event Type: Informationen
User:
=====Application event log=====
Computer Name: M1
Event Code: 17104
Message: Server process ID is 656.
Record Number: 5
Source Name: MSSQL$SQLEXPRESS
Time Written: 20090912104714.000000+120
Event Type: Informationen
User:
Computer Name: M1
Event Code: 17103
Message: All rights reserved.
Record Number: 4
Source Name: MSSQL$SQLEXPRESS
Time Written: 20090912104714.000000+120
Event Type: Informationen
User:
Computer Name: M1
Event Code: 17101
Message: (c) 2005 Microsoft Corporation.
Record Number: 3
Source Name: MSSQL$SQLEXPRESS
Time Written: 20090912104714.000000+120
Event Type: Informationen
User:
Computer Name: M1
Event Code: 17069
Message: Microsoft SQL Server 2008 (SP1) - 10.0.2531.0 (Intel X86)
Mar 29 2009 10:27:29
Copyright (c) 1988-2008 Microsoft Corporation
Express Edition on Windows NT 5.1 <X86> (Build 2600: Service Pack 3)
Record Number: 2
Source Name: MSSQL$SQLEXPRESS
Time Written: 20090912104714.000000+120
Event Type: Informationen
User:
Computer Name: M1
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!
Record Number: 1
Source Name: Avira AntiVir
Time Written: 20090912104710.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Programme\Microsoft SQL Server\90\Tools\binn\;C:\Programme\Microsoft SQL Server\100\Tools\Binn\;C:\Programme\Microsoft SQL Server\100\DTS\Binn\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=5f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
ok, hab versucht, alles nach bestem wissen zu tun. wäre für jede hilfe sehr dankbar :-)
13.10.2009, 07:03
Baum-Darstellung