Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Rechner unnormal langsam

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 24.10.2010, 19:04   #1
Rednexx
 
Rechner unnormal langsam - Standard

Rechner unnormal langsam



Guten Abend zusammen.

Seit ungefähr 3 Tagen läuft mein Rechner wie eine Schnecke und Microsoft Security Essentials meckert bei jedem Neustart das es nicht gestartet worden wäre obwohl es im Autostart ausgewählt ist... im Folgenden die Hijack This logfile:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:50:16, on 24.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\RENE\My Documents\Downloads\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [GAINWARD] D:\NVidia\Expert Tool\TBPanel.exe /A
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - hxxp://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255349887050
O17 - HKLM\System\CCS\Services\Tcpip\..\{98DD4E7B-0A9E-4BAE-BD17-FFED7A87C9DF}: NameServer = 192.168.120.252,192.168.120.253
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Program Files\Common Files\AVM\de_serv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4645 bytes

Ich hoffe auf eure Hilfe

Alt 24.10.2010, 21:10   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rechner unnormal langsam - Standard

Rechner unnormal langsam



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 25.10.2010, 10:38   #3
Rednexx
 
Rechner unnormal langsam - Standard

Rechner unnormal langsam



So, gestern Abend Malwarebytes draufgeschmissen und laufen gelassen..... 3 std später hat er mir ausgespuckt, das die antiwpa.dll schuld wäre (i.stole.windows), sonst nichts. Da ich bisschen voreilig war hab ich den ganzen antiwpa Ordner gelöscht und komme nun nurnoch selten den Rechner gebootet womit ich nicht an die mbam logfiles komme. (windows wäre angeblich nicht lizensiert.... hab aber die mitgelieferte windows cd neben meinem pc liegen ) Hab ein bisschen im Forum gesucht nach der antiwpa und wie es ausschaut wäre das nicht unbedingt eine file bei der ihr mir helfen wollt weil es eigentlich indiz für ein gecracktes windows ist was es aber mit ziemlicher sicherheit nicht ist.... aber bleibt mir was anderes als die kiste formatieren?


mit freundlichen grüßen, rednexx
__________________

Alt 25.10.2010, 13:23   #4
Rednexx
 
Rechner unnormal langsam - Standard

Rechner unnormal langsam



So, nachdem ich im abgesichertem Modus die antiwpa.dll gelöscht habe und die systemwiederherstellung bemüht habe konnte ich den rechner wieder im normalen modus booten und mbam und otl laufen lassen:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4941

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25.10.2010 14:07:09
mbam-log-2010-10-25 (14-07-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|H:\|)
Durchsuchte Objekte: 231197
Laufzeit: 55 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> No action taken.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> No action taken.
         
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.10.2010 14:10:47 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Documents and Settings\RENE\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,96 Gb Total Space | 22,74 Gb Free Space | 56,89% Space Free | Partition Type: NTFS
Drive H: | 34,56 Gb Total Space | 13,35 Gb Free Space | 38,64% Space Free | Partition Type: NTFS
 
Computer Name: MAMAMIAJOANNARE | User Name: RENE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\RENE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
PRC - C:\Program Files\Deutsche Telekom\SurfUSB\divamon.exe ()
PRC - C:\Program Files\Deutsche Telekom\SurfUSB\watch.exe (Eicon Networks Corporation)
PRC - C:\Program Files\Deutsche Telekom\SurfUSB\CGServer.exe (Eicon Networks Corporation)
PRC - C:\Program Files\Deutsche Telekom\SurfUSB\DITASK.EXE (Eicon Networks Corporation)
PRC - C:\Program Files\Deutsche Telekom\SurfUSB\DiInfo.exe (Eicon Networks)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\RENE\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (de_serv) -- C:\Program Files\Common Files\AVM\de_serv.exe File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NETFRITZ) -- C:\WINDOWS\System32\DRIVERS\NETFRITZ.SYS File not found
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtHDMI.sys (Realtek Semiconductor Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (TBPanel) -- C:\WINDOWS\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (d347prt) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (d347bus) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (AVMPORT) -- C:\WINDOWS\System32\drivers\avmport.sys (AVM Berlin)
DRV - (WDMCAPI) -- C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys (ISDN Company)
DRV - (fpcibase) -- C:\WINDOWS\system32\drivers\fpcibase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\WINDOWS\system32\drivers\avmcowan.sys (AVM GmbH)
DRV - (DiPort) -- C:\WINDOWS\system32\drivers\disdn\diport40.sys (Eicon Networks)
DRV - (WDMWANMP) -- C:\WINDOWS\system32\drivers\wdmwanmp.sys (ISDN Company)
DRV - (DiWan) -- C:\WINDOWS\system32\drivers\disdn\Diwan.sys (Eicon Networks)
DRV - (DiCapi) -- C:\WINDOWS\system32\drivers\disdn\capi202k.sys (Eicon Networks)
DRV - (DiMaint) -- C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys (Eicon Networks)
DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.teltarif.de/db/res-inet.html?von=Analoganschluss&ziel=Internet&kurz=ja&zugang=03&spalten=8&dauer=3600&rec=grundgeb%3D-1%26format%3D%40format_profil_lang&profilwt=0&profilwt=24&profilwe=0&profilwe=24&verbdauer=18000"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://192.168.105.1/"
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 192.168.105.1"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.25 11:24:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.25 11:24:06 | 000,000,000 | ---D | M]
 
[2009.10.14 05:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RENE\Application Data\Mozilla\Extensions
[2010.10.25 13:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RENE\Application Data\Mozilla\Firefox\Profiles\camu3e0c.default\extensions
[2010.05.26 23:47:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\RENE\Application Data\Mozilla\Firefox\Profiles\camu3e0c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.18 12:57:39 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\RENE\Application Data\Mozilla\Firefox\Profiles\camu3e0c.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.06.04 01:41:26 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\RENE\Application Data\Mozilla\Firefox\Profiles\camu3e0c.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010.06.01 16:01:05 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\RENE\Application Data\Mozilla\Firefox\Profiles\camu3e0c.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.10.25 11:21:22 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Documents and Settings\RENE\Application Data\Mozilla\Firefox\Profiles\camu3e0c.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}(2)
[2009.10.14 05:06:37 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\RENE\Application Data\Mozilla\Firefox\Profiles\camu3e0c.default\searchplugins\icq-search.xml
[2009.10.29 23:47:01 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\RENE\Application Data\Mozilla\Firefox\Profiles\camu3e0c.default\searchplugins\icqplugin.xml
[2010.10.25 14:07:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.08.24 21:25:19 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 21:25:19 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.24 21:25:19 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.08.24 21:25:19 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.24 21:25:19 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CGServer] C:\Program Files\Deutsche Telekom\SurfUSB\cgserver.exe (Eicon Networks Corporation)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [DiTask.exe] C:\Program Files\Deutsche Telekom\SurfUSB\DiTask.exe (Eicon Networks Corporation)
O4 - HKLM..\Run: [Divamon.exe] C:\Program Files\Deutsche Telekom\SurfUSB\Divamon.exe ()
O4 - HKLM..\Run: [Eicon TechnologyLAN_DAEMON] C:\Program Files\Deutsche Telekom\SurfUSB\watch.exe (Eicon Networks Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [GAINWARD] D:\NVidia\Expert Tool\TBPanel.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255349887050 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Antiwpa: DllName - antiwpa.dll - C:\WINDOWS\System32\antiwpa.dll ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\RENE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\RENE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.12 05:34:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7ed37bd8-bcda-11de-8e02-001d7da3aba9}\Shell\AutoRun\command - "" = H:\ -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.25 14:10:07 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\RENE\Desktop\OTL.exe
[2010.10.25 13:07:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.10.25 13:07:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.10.24 21:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RENE\Application Data\Malwarebytes
[2010.10.24 21:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.10.24 21:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.10.24 18:47:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010.10.01 21:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RENE\Application Data\dvdcss
[2009.10.12 15:08:30 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2009.10.12 15:08:30 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.25 14:05:01 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1563985344-839522115-1003Core.job
[2010.10.25 14:05:00 | 000,001,184 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1563985344-839522115-1003UA.job
[2010.10.25 13:08:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RENE\Desktop\OTL.exe
[2010.10.25 13:08:00 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.25 12:18:09 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.10.25 12:12:42 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.10.25 12:12:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.25 11:31:44 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.19 22:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010.10.12 21:39:05 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010.10.07 22:56:09 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.25 13:08:00 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.25 11:52:54 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\antiwpa.dll
[2010.09.22 18:54:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010.09.22 18:53:11 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.09.09 16:45:44 | 000,000,184 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2010.03.27 15:17:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.02.24 21:40:37 | 000,000,030 | ---- | C] () -- C:\WINDOWS\LineMon.INI
[2009.12.15 22:06:30 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\RENE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.20 07:55:25 | 000,042,267 | ---- | C] () -- C:\WINDOWS\System32\isdncoin.dll
[2009.10.12 17:12:45 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.10.12 17:12:45 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.10.12 14:07:42 | 000,000,090 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.10.12 06:17:12 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009.10.11 21:50:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009.07.03 05:11:18 | 000,007,756 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2004.08.23 02:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003.05.27 10:54:18 | 000,070,084 | ---- | C] () -- C:\WINDOWS\System32\DIVAprop.dll
[2003.05.27 10:52:30 | 000,053,331 | ---- | C] () -- C:\WINDOWS\System32\divasu.dll
[2003.05.27 10:50:42 | 000,021,816 | ---- | C] () -- C:\WINDOWS\System32\divaci.dll

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 25.10.2010 14:10:47 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Documents and Settings\RENE\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,96 Gb Total Space | 22,74 Gb Free Space | 56,89% Space Free | Partition Type: NTFS
Drive H: | 34,56 Gb Total Space | 13,35 Gb Free Space | 38,64% Space Free | Partition Type: NTFS
 
Computer Name: MAMAMIAJOANNARE | User Name: RENE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Games\Mass Effect\Binaries\MassEffect.exe" = D:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- File not found
"D:\Games\Mass Effect\MassEffectLauncher.exe" = D:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- File not found
"C:\Program Files\Deutsche Telekom\SurfUSB\watch.exe" = C:\Program Files\Deutsche Telekom\SurfUSB\watch.exe:*:Disabled:Syslog Daemon -- (Eicon Networks Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2B9CF693-1084-11D4-B515-00C04F05FF36}" = Management System
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A62467DE-4312-47ED-8705-60BD6C7E3DEC}" = Teledat Surf USB Tools
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{ED1390DC-6910-4C77-97E2-579CAFE82F5B}" = Moorhuhn 4 Teile
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F689C6F7-504E-4373-BE43-0404AFCE049B}" = Samsung PC Studio 3
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"AVM ISDN CAPI Port" = AVM ISDN CAPI Port
"CCleaner" = CCleaner
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EXPERTool_is1" = EXPERTool 7.5
"Guild Wars" = GUILD WARS
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13)
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd" = Total Commander (Remove or Repair)
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.10.2010 14:12:45 | Computer Name = MAMAMIAJOANNARE | Source = Userenv | ID = 1081
Description = Windows cannot impersonate the user. (The handle is invalid. ). Group
 Policy processing aborted. 
 
Error - 23.10.2010 15:53:46 | Computer Name = MAMAMIAJOANNARE | Source = Userenv | ID = 1081
Description = Windows cannot impersonate the user. (The handle is invalid. ). Group
 Policy processing aborted. 
 
Error - 23.10.2010 17:33:05 | Computer Name = MAMAMIAJOANNARE | Source = Userenv | ID = 1081
Description = Windows cannot impersonate the user. (The handle is invalid. ). Group
 Policy processing aborted. 
 
Error - 23.10.2010 19:06:06 | Computer Name = MAMAMIAJOANNARE | Source = Userenv | ID = 1081
Description = Windows cannot impersonate the user. (The handle is invalid. ). Group
 Policy processing aborted. 
 
Error - 23.10.2010 21:00:18 | Computer Name = MAMAMIAJOANNARE | Source = Userenv | ID = 1081
Description = Windows cannot impersonate the user. (The handle is invalid. ). Group
 Policy processing aborted. 
 
Error - 23.10.2010 22:50:18 | Computer Name = MAMAMIAJOANNARE | Source = Userenv | ID = 1081
Description = Windows cannot impersonate the user. (The handle is invalid. ). Group
 Policy processing aborted. 
 
Error - 24.10.2010 00:20:18 | Computer Name = MAMAMIAJOANNARE | Source = Userenv | ID = 1081
Description = Windows cannot impersonate the user. (The handle is invalid. ). Group
 Policy processing aborted. 
 
Error - 24.10.2010 07:49:28 | Computer Name = MAMAMIAJOANNARE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This operation returned because the timeout period expired.  
 
Error - 24.10.2010 17:49:31 | Computer Name = MAMAMIAJOANNARE | Source = Windows Product Activation | ID = 1009
Description = You have not activated Windows within the grace period. To activate
 Windows, contact a customer service representative by telephone.  
 
Error - 25.10.2010 05:31:53 | Computer Name = MAMAMIAJOANNARE | Source = Windows Product Activation | ID = 1009
Description = You have not activated Windows within the grace period. To activate
 Windows, contact a customer service representative by telephone.  
 
[ System Events ]
Error - 25.10.2010 05:51:47 | Computer Name = MAMAMIAJOANNARE | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service 
which failed to start because of the following error:   %%31
 
Error - 25.10.2010 05:51:47 | Computer Name = MAMAMIAJOANNARE | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
 which failed to start because of the following error:   %%31
 
Error - 25.10.2010 05:51:47 | Computer Name = MAMAMIAJOANNARE | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
 failed to start because of the following error:   %%31
 
Error - 25.10.2010 05:51:47 | Computer Name = MAMAMIAJOANNARE | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
 failed to start because of the following error:   %%31
 
Error - 25.10.2010 05:51:47 | Computer Name = MAMAMIAJOANNARE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   AFD  AmdK8  d347bus  Fips  IPSec  MpFilter  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  StarOpen  Tcpip
 
Error - 25.10.2010 05:52:11 | Computer Name = MAMAMIAJOANNARE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 25.10.2010 05:53:13 | Computer Name = MAMAMIAJOANNARE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 25.10.2010 05:54:59 | Computer Name = MAMAMIAJOANNARE | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.2.3,  since
 the IP address is outside the 192.168.0.0/255.255.255.0 scope  from which addresses
 are being allocated to DHCP clients.  To enable the DHCP allocator on this IP address,
please
 change the scope to include the IP address,  or change the IP address to fall within
 the scope.
 
Error - 25.10.2010 06:13:03 | Computer Name = MAMAMIAJOANNARE | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.2.3,  since
 the IP address is outside the 192.168.0.0/255.255.255.0 scope  from which addresses
 are being allocated to DHCP clients.  To enable the DHCP allocator on this IP address,
please
 change the scope to include the IP address,  or change the IP address to fall within
 the scope.
 
Error - 25.10.2010 07:05:00 | Computer Name = MAMAMIAJOANNARE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.
 
 
< End of report >
         
--- --- ---

Alt 25.10.2010, 17:49   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rechner unnormal langsam - Standard

Rechner unnormal langsam



Zitat:
weil es eigentlich indiz für ein gecracktes windows ist was es aber mit ziemlicher sicherheit nicht ist....
Sry aber wenn Du so ein legales Windows drauf hast, was soll die antiwpa denn da machen? Da gibts nichts "freizuschalten", weil eine legale Version nicht gecrackt werden muss.
Du wirst um ein format c: nicht herumkommen, weil Deine Windows-Installation offensichtlich durch eine CD mit gecrackter Version stammt.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.10.2010, 17:57   #6
Rednexx
 
Rechner unnormal langsam - Standard

Rechner unnormal langsam



keine ahnung was die drauf macht, ich hab den rechner so von meinem örtlichen händler vorinstalliert so gekauft.... werd ich dem mal die frage stellen dürfen^^

Alt 25.10.2010, 19:26   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rechner unnormal langsam - Standard

Rechner unnormal langsam



Zitat:
werd ich dem mal die frage stellen dürfen^^
Auja, das mach mal!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Rechner unnormal langsam
adobe, bho, dll, explorer, firefox, gainward, hijack, hijack this, hijackthis, hkus\s-1-5-18, hotkey, internet, internet explorer, langsam, logfile, messenger, microsoft, microsoft security, microsoft security essentials, mozilla, neustart, nvidia, rundll, security, software, system, windows, windows xp




Ähnliche Themen: Rechner unnormal langsam


  1. Rechner sehr langsam
    Log-Analyse und Auswertung - 11.08.2015 (3)
  2. Rechner zu langsam
    Alles rund um Windows - 19.05.2015 (4)
  3. Eigener Rechner Auswertung. Rechner ist recht langsam.
    Log-Analyse und Auswertung - 04.08.2014 (11)
  4. Rechner langsam, Internet langsam, neue Programme , mit Log Files
    Log-Analyse und Auswertung - 08.05.2013 (4)
  5. Rechner (Internet) extrem langsam langsam und hackelig!Leerlaufprozess Task Manager ständig zw. 70-98 %
    Plagegeister aller Art und deren Bekämpfung - 11.04.2013 (17)
  6. Rechner langsam
    Log-Analyse und Auswertung - 20.04.2012 (1)
  7. Rechner langsam
    Log-Analyse und Auswertung - 02.03.2012 (3)
  8. Rechner extrem langsam - Internetseitenaufbau langsam/ ladehemmungen
    Log-Analyse und Auswertung - 21.07.2010 (1)
  9. Virus? Empfange massig Pakete - Unnormal
    Plagegeister aller Art und deren Bekämpfung - 04.05.2010 (5)
  10. CPU Auslastung unnormal
    Plagegeister aller Art und deren Bekämpfung - 17.02.2009 (9)
  11. Internet ist unnormal langsam nach Trojanerfund. Trotz entfernen!
    Plagegeister aller Art und deren Bekämpfung - 06.07.2008 (3)
  12. Bei ICQ-Start startet Rechner neu. Dannach ist Rechner langsam
    Log-Analyse und Auswertung - 19.11.2007 (2)
  13. CD Laufwerk geht auf und zu| Rechner langsam | Internet langsam
    Log-Analyse und Auswertung - 01.06.2007 (1)
  14. unnormal hoher ping in online spielen
    Log-Analyse und Auswertung - 24.03.2007 (4)
  15. Rechner = langsam .. was ist das nur.
    Log-Analyse und Auswertung - 01.10.2006 (6)
  16. Rechner langsam
    Log-Analyse und Auswertung - 15.02.2006 (1)
  17. Prozessor Auslastung unnormal
    Plagegeister aller Art und deren Bekämpfung - 11.09.2005 (5)

Zum Thema Rechner unnormal langsam - Guten Abend zusammen. Seit ungefähr 3 Tagen läuft mein Rechner wie eine Schnecke und Microsoft Security Essentials meckert bei jedem Neustart das es nicht gestartet worden wäre obwohl es im - Rechner unnormal langsam...
Archiv
Du betrachtest: Rechner unnormal langsam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.