|
Log-Analyse und Auswertung: Rechner unnormal langsamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.10.2010, 19:04 | #1 |
| Rechner unnormal langsam Guten Abend zusammen. Seit ungefähr 3 Tagen läuft mein Rechner wie eine Schnecke und Microsoft Security Essentials meckert bei jedem Neustart das es nicht gestartet worden wäre obwohl es im Autostart ausgewählt ist... im Folgenden die Hijack This logfile: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:50:16, on 24.10.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Security Essentials\msseces.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\RENE\My Documents\Downloads\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [GAINWARD] D:\NVidia\Expert Tool\TBPanel.exe /A O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - hxxp://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255349887050 O17 - HKLM\System\CCS\Services\Tcpip\..\{98DD4E7B-0A9E-4BAE-BD17-FFED7A87C9DF}: NameServer = 192.168.120.252,192.168.120.253 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Program Files\Common Files\AVM\de_serv.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4645 bytes Ich hoffe auf eure Hilfe |
24.10.2010, 21:10 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rechner unnormal langsam Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
25.10.2010, 10:38 | #3 |
| Rechner unnormal langsam So, gestern Abend Malwarebytes draufgeschmissen und laufen gelassen..... 3 std später hat er mir ausgespuckt, das die antiwpa.dll schuld wäre (i.stole.windows), sonst nichts. Da ich bisschen voreilig war hab ich den ganzen antiwpa Ordner gelöscht und komme nun nurnoch selten den Rechner gebootet womit ich nicht an die mbam logfiles komme. (windows wäre angeblich nicht lizensiert.... hab aber die mitgelieferte windows cd neben meinem pc liegen ) Hab ein bisschen im Forum gesucht nach der antiwpa und wie es ausschaut wäre das nicht unbedingt eine file bei der ihr mir helfen wollt weil es eigentlich indiz für ein gecracktes windows ist was es aber mit ziemlicher sicherheit nicht ist.... aber bleibt mir was anderes als die kiste formatieren?
__________________mit freundlichen grüßen, rednexx |
25.10.2010, 13:23 | #4 |
| Rechner unnormal langsam So, nachdem ich im abgesichertem Modus die antiwpa.dll gelöscht habe und die systemwiederherstellung bemüht habe konnte ich den rechner wieder im normalen modus booten und mbam und otl laufen lassen: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4941 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 25.10.2010 14:07:09 mbam-log-2010-10-25 (14-07-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|H:\|) Durchsuchte Objekte: 231197 Laufzeit: 55 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> No action taken. Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> No action taken. Code:
ATTFilter OTL logfile created on: 25.10.2010 14:10:47 - Run 1 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\RENE\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,96 Gb Total Space | 22,74 Gb Free Space | 56,89% Space Free | Partition Type: NTFS Drive H: | 34,56 Gb Total Space | 13,35 Gb Free Space | 38,64% Space Free | Partition Type: NTFS Computer Name: MAMAMIAJOANNARE | User Name: RENE | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\RENE\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME) PRC - C:\Program Files\Deutsche Telekom\SurfUSB\divamon.exe () PRC - C:\Program Files\Deutsche Telekom\SurfUSB\watch.exe (Eicon Networks Corporation) PRC - C:\Program Files\Deutsche Telekom\SurfUSB\CGServer.exe (Eicon Networks Corporation) PRC - C:\Program Files\Deutsche Telekom\SurfUSB\DITASK.EXE (Eicon Networks Corporation) PRC - C:\Program Files\Deutsche Telekom\SurfUSB\DiInfo.exe (Eicon Networks) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\RENE\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (de_serv) -- C:\Program Files\Common Files\AVM\de_serv.exe File not found SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NETFRITZ) -- C:\WINDOWS\System32\DRIVERS\NETFRITZ.SYS File not found DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtHDMI.sys (Realtek Semiconductor Corp.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation) DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation) DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation) DRV - (TBPanel) -- C:\WINDOWS\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (d347prt) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( ) DRV - (d347bus) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( ) DRV - (AVMPORT) -- C:\WINDOWS\System32\drivers\avmport.sys (AVM Berlin) DRV - (WDMCAPI) -- C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys (ISDN Company) DRV - (fpcibase) -- C:\WINDOWS\system32\drivers\fpcibase.sys (AVM Berlin) DRV - (AVMCOWAN) -- C:\WINDOWS\system32\drivers\avmcowan.sys (AVM GmbH) DRV - (DiPort) -- C:\WINDOWS\system32\drivers\disdn\diport40.sys (Eicon Networks) DRV - (WDMWANMP) -- C:\WINDOWS\system32\drivers\wdmwanmp.sys (ISDN Company) DRV - (DiWan) -- C:\WINDOWS\system32\drivers\disdn\Diwan.sys (Eicon Networks) DRV - (DiCapi) -- C:\WINDOWS\system32\drivers\disdn\capi202k.sys (Eicon Networks) DRV - (DiMaint) -- C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys (Eicon Networks) DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.teltarif.de/db/res-inet.html?von=Analoganschluss&ziel=Internet&kurz=ja&zugang=03&spalten=8&dauer=3600&rec=grundgeb%3D-1%26format%3D%40format_profil_lang&profilwt=0&profilwt=24&profilwe=0&profilwe=24&verbdauer=18000" FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - prefs.js..network.proxy.autoconfig_url: "hxxp://192.168.105.1/" FF - prefs.js..network.proxy.no_proxies_on: "localhost, 192.168.105.1" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.25 11:24:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.25 11:24:06 | 000,000,000 | ---D | M] [2009.10.14 05:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RENE\Application Data\Mozilla\Extensions [2010.10.25 13:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RENE\Application Data\Mozilla\Firefox\Profiles\camu3e0c.default\extensions [2010.05.26 23:47:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\RENE\Application Data\Mozilla\Firefox\Profiles\camu3e0c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.18 12:57:39 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\RENE\Application Data\Mozilla\Firefox\Profiles\camu3e0c.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.06.04 01:41:26 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\RENE\Application Data\Mozilla\Firefox\Profiles\camu3e0c.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2010.06.01 16:01:05 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\RENE\Application Data\Mozilla\Firefox\Profiles\camu3e0c.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.10.25 11:21:22 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Documents and Settings\RENE\Application Data\Mozilla\Firefox\Profiles\camu3e0c.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}(2) [2009.10.14 05:06:37 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\RENE\Application Data\Mozilla\Firefox\Profiles\camu3e0c.default\searchplugins\icq-search.xml [2009.10.29 23:47:01 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\RENE\Application Data\Mozilla\Firefox\Profiles\camu3e0c.default\searchplugins\icqplugin.xml [2010.10.25 14:07:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.08.24 21:25:19 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.08.24 21:25:19 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2009.08.24 21:25:19 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.08.24 21:25:19 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.08.24 21:25:19 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [CGServer] C:\Program Files\Deutsche Telekom\SurfUSB\cgserver.exe (Eicon Networks Corporation) O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME) O4 - HKLM..\Run: [DiTask.exe] C:\Program Files\Deutsche Telekom\SurfUSB\DiTask.exe (Eicon Networks Corporation) O4 - HKLM..\Run: [Divamon.exe] C:\Program Files\Deutsche Telekom\SurfUSB\Divamon.exe () O4 - HKLM..\Run: [Eicon TechnologyLAN_DAEMON] C:\Program Files\Deutsche Telekom\SurfUSB\watch.exe (Eicon Networks Corporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKCU..\Run: [GAINWARD] D:\NVidia\Expert Tool\TBPanel.exe File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255349887050 (MUWebControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\Antiwpa: DllName - antiwpa.dll - C:\WINDOWS\System32\antiwpa.dll () O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\RENE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\RENE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.10.12 05:34:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{7ed37bd8-bcda-11de-8e02-001d7da3aba9}\Shell\AutoRun\command - "" = H:\ -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.25 14:10:07 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\RENE\Desktop\OTL.exe [2010.10.25 13:07:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.10.25 13:07:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.10.24 21:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RENE\Application Data\Malwarebytes [2010.10.24 21:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.10.24 21:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.10.24 18:47:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2010.10.01 21:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RENE\Application Data\dvdcss [2009.10.12 15:08:30 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys [2009.10.12 15:08:30 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.25 14:05:01 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1563985344-839522115-1003Core.job [2010.10.25 14:05:00 | 000,001,184 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1563985344-839522115-1003UA.job [2010.10.25 13:08:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RENE\Desktop\OTL.exe [2010.10.25 13:08:00 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.25 12:18:09 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010.10.25 12:12:42 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010.10.25 12:12:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.25 11:31:44 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.19 22:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2010.10.12 21:39:05 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2010.10.07 22:56:09 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.25 13:08:00 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.25 11:52:54 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\antiwpa.dll [2010.09.22 18:54:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt [2010.09.22 18:53:11 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.09.09 16:45:44 | 000,000,184 | ---- | C] () -- C:\WINDOWS\ChssBase.ini [2010.03.27 15:17:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010.02.24 21:40:37 | 000,000,030 | ---- | C] () -- C:\WINDOWS\LineMon.INI [2009.12.15 22:06:30 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\RENE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.20 07:55:25 | 000,042,267 | ---- | C] () -- C:\WINDOWS\System32\isdncoin.dll [2009.10.12 17:12:45 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009.10.12 17:12:45 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009.10.12 14:07:42 | 000,000,090 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2009.10.12 06:17:12 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2009.10.11 21:50:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2009.07.03 05:11:18 | 000,007,756 | ---- | C] () -- C:\WINDOWS\cadx2.ini [2004.08.23 02:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll [2003.05.27 10:54:18 | 000,070,084 | ---- | C] () -- C:\WINDOWS\System32\DIVAprop.dll [2003.05.27 10:52:30 | 000,053,331 | ---- | C] () -- C:\WINDOWS\System32\divasu.dll [2003.05.27 10:50:42 | 000,021,816 | ---- | C] () -- C:\WINDOWS\System32\divaci.dll < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.10.2010 14:10:47 - Run 1 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\RENE\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,96 Gb Total Space | 22,74 Gb Free Space | 56,89% Space Free | Partition Type: NTFS Drive H: | 34,56 Gb Total Space | 13,35 Gb Free Space | 38,64% Space Free | Partition Type: NTFS Computer Name: MAMAMIAJOANNARE | User Name: RENE | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Games\Mass Effect\Binaries\MassEffect.exe" = D:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- File not found "D:\Games\Mass Effect\MassEffectLauncher.exe" = D:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- File not found "C:\Program Files\Deutsche Telekom\SurfUSB\watch.exe" = C:\Program Files\Deutsche Telekom\SurfUSB\watch.exe:*:Disabled:Syslog Daemon -- (Eicon Networks Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2B9CF693-1084-11D4-B515-00C04F05FF36}" = Management System "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A62467DE-4312-47ED-8705-60BD6C7E3DEC}" = Teledat Surf USB Tools "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware "{ED1390DC-6910-4C77-97E2-579CAFE82F5B}" = Moorhuhn 4 Teile "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher "{F689C6F7-504E-4373-BE43-0404AFCE049B}" = Samsung PC Studio 3 "53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) "65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ATI Display Driver" = ATI Display Driver "AVM ISDN CAPI Port" = AVM ISDN CAPI Port "CCleaner" = CCleaner "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "EXPERTool_is1" = EXPERTool 7.5 "Guild Wars" = GUILD WARS "ie8" = Windows Internet Explorer 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Essentials" = Microsoft Security Essentials "Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13) "Nero - Burning Rom!UninstallKey" = Nero 6 Demo "NVIDIA Drivers" = NVIDIA Drivers "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Totalcmd" = Total Commander (Remove or Repair) "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR Archivierer ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 23.10.2010 14:12:45 | Computer Name = MAMAMIAJOANNARE | Source = Userenv | ID = 1081 Description = Windows cannot impersonate the user. (The handle is invalid. ). Group Policy processing aborted. Error - 23.10.2010 15:53:46 | Computer Name = MAMAMIAJOANNARE | Source = Userenv | ID = 1081 Description = Windows cannot impersonate the user. (The handle is invalid. ). Group Policy processing aborted. Error - 23.10.2010 17:33:05 | Computer Name = MAMAMIAJOANNARE | Source = Userenv | ID = 1081 Description = Windows cannot impersonate the user. (The handle is invalid. ). Group Policy processing aborted. Error - 23.10.2010 19:06:06 | Computer Name = MAMAMIAJOANNARE | Source = Userenv | ID = 1081 Description = Windows cannot impersonate the user. (The handle is invalid. ). Group Policy processing aborted. Error - 23.10.2010 21:00:18 | Computer Name = MAMAMIAJOANNARE | Source = Userenv | ID = 1081 Description = Windows cannot impersonate the user. (The handle is invalid. ). Group Policy processing aborted. Error - 23.10.2010 22:50:18 | Computer Name = MAMAMIAJOANNARE | Source = Userenv | ID = 1081 Description = Windows cannot impersonate the user. (The handle is invalid. ). Group Policy processing aborted. Error - 24.10.2010 00:20:18 | Computer Name = MAMAMIAJOANNARE | Source = Userenv | ID = 1081 Description = Windows cannot impersonate the user. (The handle is invalid. ). Group Policy processing aborted. Error - 24.10.2010 07:49:28 | Computer Name = MAMAMIAJOANNARE | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 24.10.2010 17:49:31 | Computer Name = MAMAMIAJOANNARE | Source = Windows Product Activation | ID = 1009 Description = You have not activated Windows within the grace period. To activate Windows, contact a customer service representative by telephone. Error - 25.10.2010 05:31:53 | Computer Name = MAMAMIAJOANNARE | Source = Windows Product Activation | ID = 1009 Description = You have not activated Windows within the grace period. To activate Windows, contact a customer service representative by telephone. [ System Events ] Error - 25.10.2010 05:51:47 | Computer Name = MAMAMIAJOANNARE | Source = Service Control Manager | ID = 7001 Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: %%31 Error - 25.10.2010 05:51:47 | Computer Name = MAMAMIAJOANNARE | Source = Service Control Manager | ID = 7001 Description = The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error - 25.10.2010 05:51:47 | Computer Name = MAMAMIAJOANNARE | Source = Service Control Manager | ID = 7001 Description = The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31 Error - 25.10.2010 05:51:47 | Computer Name = MAMAMIAJOANNARE | Source = Service Control Manager | ID = 7001 Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error - 25.10.2010 05:51:47 | Computer Name = MAMAMIAJOANNARE | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD AmdK8 d347bus Fips IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss StarOpen Tcpip Error - 25.10.2010 05:52:11 | Computer Name = MAMAMIAJOANNARE | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 25.10.2010 05:53:13 | Computer Name = MAMAMIAJOANNARE | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 25.10.2010 05:54:59 | Computer Name = MAMAMIAJOANNARE | Source = ipnathlp | ID = 30013 Description = The DHCP allocator has disabled itself on IP address 192.168.2.3, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope. Error - 25.10.2010 06:13:03 | Computer Name = MAMAMIAJOANNARE | Source = ipnathlp | ID = 30013 Description = The DHCP allocator has disabled itself on IP address 192.168.2.3, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope. Error - 25.10.2010 07:05:00 | Computer Name = MAMAMIAJOANNARE | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk0\D. < End of report > |
25.10.2010, 17:49 | #5 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rechner unnormal langsamZitat:
Du wirst um ein format c: nicht herumkommen, weil Deine Windows-Installation offensichtlich durch eine CD mit gecrackter Version stammt.
__________________ Logfiles bitte immer in CODE-Tags posten |
25.10.2010, 17:57 | #6 |
| Rechner unnormal langsam keine ahnung was die drauf macht, ich hab den rechner so von meinem örtlichen händler vorinstalliert so gekauft.... werd ich dem mal die frage stellen dürfen^^ |
25.10.2010, 19:26 | #7 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rechner unnormal langsamZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Rechner unnormal langsam |
adobe, bho, dll, explorer, firefox, gainward, hijack, hijack this, hijackthis, hkus\s-1-5-18, hotkey, internet, internet explorer, langsam, logfile, messenger, microsoft, microsoft security, microsoft security essentials, mozilla, neustart, nvidia, rundll, security, software, system, windows, windows xp |