| |
| |||||||
Log-Analyse und Auswertung: Internet langsam, Hijackthis Log und ProblembeschreibungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.02.2011, 10:44
| #1 |
| |  Internet langsam, Hijackthis Log und Problembeschreibung Hallo Expertenrunde, ich habe da ein etwas größeres Problem. Habe schon in mehreren Foren nach einer Lösung gesucht, aber nichts gefunden. Hier die Problembeschreibung: Mein Desktopcomputer ist über LAN mit meiner Fritzbox verbunden. (1&1 6.000 Leitung) Seit 4 Tagen ist das Internet permanent langsam, lediglich Nachts war es dann wie ein Wunder doch wieder schnell. Jedoch vermute ich das Problem nicht bei 1&1 sondern bei mir am Computer lokal, da mein Laptop der über W-LAN verbunden ist gewohnt schnell arbeitet und zwar rund um die Uhr. Folgendes habe ich bereits probiert: neuestes Update der FritzBox, Werkseinstellungen wieder hergestellt AntiVir laufen lassen Defragmentiert Leider nichts geholfen und auch kein Virus trotz Windows 7 gefunden. Firewall aktiviert. Windows 7 Virenschutz ist zusätzlich zu AntiVir am laufen. Gleiche Einstellungen wie beim Laptop. Dann habe ich was von HijackThis gelesen und mal laufen lassen: Hier der Report: IRGENDWAS AUFFÄLLIGES dabei? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:35:31, on 24.02.2011 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16722) Boot mode: Normal Running processes: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Schneider\Downloads\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7237 bytes VIELEN DANK FUER EURE HILFE!!! Ansonsten müsste ich wohl Windows 7 neu draufspielen. Gruß aus Münster Jonas |
|
24.02.2011, 11:09
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Internet langsam, Hijackthis Log und Problembeschreibung Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html
__________________ |
|
24.02.2011, 13:34
| #3 |
| | Internet langsam, Hijackthis Log und Problembeschreibung Ich blick echt nicht durch, was ich da alles machen soll, aber ich hoffe, dass es das hier war:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 24.02.2011 13:26:29 - Run 1 OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Schneider\Desktop\MFTools 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 73,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 68,98 Gb Free Space | 70,64% Space Free | Partition Type: NTFS Drive D: | 76,69 Gb Total Space | 38,58 Gb Free Space | 50,31% Space Free | Partition Type: NTFS Drive E: | 135,13 Gb Total Space | 96,29 Gb Free Space | 71,26% Space Free | Partition Type: NTFS Drive F: | 916,97 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SCHNEIDER-PC | User Name: Schneider | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.02.24 13:11:50 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Schneider\Desktop\MFTools\OTL.exe PRC - [2011.01.07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe ========== Modules (SafeList) ========== MOD - [2011.02.24 13:11:50 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Schneider\Desktop\MFTools\OTL.exe MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2010.11.11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.01.07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.02.10 21:33:55 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2010.11.30 18:13:02 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010.11.30 18:13:02 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.10.24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2010.06.23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 29 9A 5D E4 4C D1 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.14 12:32:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.02.23 13:11:22 | 000,000,000 | ---D | M] [2010.12.14 12:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schneider\AppData\Roaming\mozilla\Extensions [2011.02.24 13:16:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schneider\AppData\Roaming\mozilla\Firefox\Profiles\0v6wox98.default\extensions [2011.01.14 16:08:40 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Schneider\AppData\Roaming\mozilla\Firefox\Profiles\0v6wox98.default\extensions\DeviceDetection@logitech.com [2011.01.05 22:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.12.14 13:58:51 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.01.05 22:23:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.05 22:21:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.01.05 22:21:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.12.06 23:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{de23c100-3533-11e0-95c2-00221591b84d}\Shell - "" = AutoRun O33 - MountPoints2\{de23c100-3533-11e0-95c2-00221591b84d}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{de23c121-3533-11e0-95c2-00221591b84d}\Shell - "" = AutoRun O33 - MountPoints2\{de23c121-3533-11e0-95c2-00221591b84d}\Shell\AutoRun\command - "" = I:\Setup.exe -auto O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.24 13:11:26 | 000,000,000 | ---D | C] -- C:\Users\Schneider\Desktop\MFTools [2011.02.24 13:10:00 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Roaming\Malwarebytes [2011.02.24 13:09:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.02.24 13:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.24 13:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.24 13:09:29 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.02.24 13:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.02.23 13:11:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.02.23 12:56:41 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Local\{59A2BB3C-D34B-4112-B2FF-81D46C59C9AE} [2011.02.22 00:10:02 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Roaming\Avira [2011.02.21 23:05:53 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Local\ElevatedDiagnostics [2011.02.21 23:05:38 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Local\Diagnostics [2011.02.15 15:50:00 | 000,000,000 | ---D | C] -- C:\Users\Schneider\Documents\Updater5 [2011.02.14 23:53:35 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Local\{E1249808-7186-4613-85B3-8E211B372867} [2011.02.14 19:44:01 | 000,000,000 | ---D | C] -- C:\Users\Schneider\Desktop\Kirchenlieder [2011.02.13 23:03:53 | 000,000,000 | ---D | C] -- C:\Users\Schneider\Documents\ICQ [2011.02.13 17:58:41 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Local\{F90A2B60-0D95-46FF-91BA-EF40CAD98434} [2011.02.13 16:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2011.02.10 22:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2011.02.10 22:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2011.02.10 22:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2011.02.10 22:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2011.02.10 22:10:34 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.02.10 22:10:34 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.02.10 22:09:54 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2011.02.10 21:53:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2011.02.10 21:50:50 | 000,000,000 | ---D | C] -- C:\NVIDIA [2011.02.10 21:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive [2011.02.10 21:33:55 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011.02.10 21:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2011.02.10 21:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2011.02.10 21:33:24 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Roaming\DAEMON Tools Lite [2011.02.10 21:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2011.02.09 09:03:53 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Local\{50B642F9-9B92-474B-9A8F-FE8AD8DAC97E} [2011.02.08 15:47:35 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Local\{B1BF086C-5D1E-4CA7-B290-2D7AF26BD7E8} [2011.02.07 12:56:48 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Local\{F6080E71-40AF-46C0-A3A4-78E7F9723224} [2011.02.06 17:55:55 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Local\{1F41DF87-8988-414F-BC86-8D8D41812742} [2011.02.03 15:42:00 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Local\{AFEF3EF1-94E0-421D-9487-6D5B0D655A37} [2011.02.03 10:48:19 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2011.02.03 10:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2011.02.03 10:48:17 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Roaming\Notepad++ [2011.02.03 10:48:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++ [2011.02.02 17:04:42 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Local\{34648853-169C-4833-A60B-A4A1AD34D10D} [2011.02.01 16:27:14 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Local\{C8062CF2-B20F-477E-840A-21443E0E764C} [2011.01.31 14:00:08 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Local\{59E635C8-0F8C-4834-B554-F4C3916E8DE3} [2011.01.29 22:59:52 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Local\{5387B03A-7E78-4AB6-966A-2860D8C46678} [2011.01.28 10:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood [2011.01.27 21:36:24 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Local\{2D83100A-09F2-4A4F-96C0-33D1713C7335} [2011.01.27 20:48:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2011.01.27 20:48:03 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client [2011.01.26 20:05:34 | 000,000,000 | ---D | C] -- C:\Users\Schneider\AppData\Local\{3C075B81-AC8D-4ADF-A26C-2E0514C3E43C} ========== Files - Modified Within 30 Days ========== [2011.02.24 13:22:21 | 000,017,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.24 13:22:21 | 000,017,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.24 13:19:14 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.02.24 13:19:14 | 000,656,028 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.02.24 13:19:14 | 000,617,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.02.24 13:19:14 | 000,130,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.02.24 13:19:14 | 000,107,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.02.24 13:14:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.24 13:14:44 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys [2011.02.24 13:09:34 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.23 14:10:10 | 000,342,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.02.21 15:41:00 | 004,935,680 | ---- | M] () -- C:\Users\Schneider\Desktop\fritz.box_fon_wlan_7170.29.04.40.image [2011.02.13 17:11:15 | 000,050,688 | ---- | M] () -- C:\Windows\SysNative\msvcp71d.dll [2011.02.10 21:47:29 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Sniper Ghost Warrior.lnk [2011.02.10 21:33:55 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011.02.03 20:03:40 | 000,000,574 | ---- | M] () -- C:\Users\Schneider\Desktop\Ra2 - Verknüpfung.lnk [2011.02.03 00:01:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.01.27 20:48:58 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2011.01.27 20:48:34 | 001,526,060 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2011.02.24 13:09:34 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.21 15:41:00 | 004,935,680 | ---- | C] () -- C:\Users\Schneider\Desktop\fritz.box_fon_wlan_7170.29.04.40.image [2011.02.13 17:11:15 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\msvcp71d.dll [2011.02.10 22:10:34 | 000,007,621 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2011.02.10 21:47:29 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Sniper Ghost Warrior.lnk [2011.02.03 20:03:40 | 000,000,574 | ---- | C] () -- C:\Users\Schneider\Desktop\Ra2 - Verknüpfung.lnk [2011.02.03 00:01:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.01.27 20:48:58 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2011.01.27 20:48:34 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.14 14:00:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== LOP Check ========== [2011.02.10 21:35:23 | 000,000,000 | ---D | M] -- C:\Users\Schneider\AppData\Roaming\DAEMON Tools Lite [2011.02.23 19:42:47 | 000,000,000 | ---D | M] -- C:\Users\Schneider\AppData\Roaming\ICQ [2011.02.03 10:48:31 | 000,000,000 | ---D | M] -- C:\Users\Schneider\AppData\Roaming\Notepad++ [2011.02.01 16:19:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > und noch was anderes: [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23 "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "DAEMON Tools Lite" = DAEMON Tools Lite "ENTERPRISE" = Microsoft Office Enterprise 2007 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Notepad++" = Notepad++ "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Red Alert 2" = Command & Conquer Alarmstufe Rot 2 "Sniper Ghost Warrior_is1" = Sniper Ghost Warrior "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 03.02.2011 05:34:42 | Computer Name = Schneider-PC | Source = Windows Installer 3.1 | ID = 921877 Description = Error - 03.02.2011 05:50:31 | Computer Name = Schneider-PC | Source = Windows Installer 3.1 | ID = 921877 Description = Error - 16.02.2011 17:38:50 | Computer Name = Schneider-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3989 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: dec Startzeit: 01cbce21b5ac084f Endzeit: 7 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 1986aeb1-3a15-11e0-bdcb-00221591b84d Error - 17.02.2011 05:34:31 | Computer Name = Schneider-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3989 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f38 Startzeit: 01cbce7bc6bccd39 Endzeit: 17 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 05858769-3a79-11e0-a78d-00221591b84d Error - 20.02.2011 11:20:58 | Computer Name = Schneider-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be035 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001b7d4 ID des fehlerhaften Prozesses: 0x4d4 Startzeit der fehlerhaften Anwendung: 0x01cbd10af1523dda Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\RPCRT4.dll Berichtskennung: 04204e2a-3d05-11e0-bd0e-00221591b84d Error - 22.02.2011 05:01:50 | Computer Name = Schneider-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Eine Zertifikatkette zu einer vertrauenswürdigen Stammzertifizierungsstelle konnte nicht aufgebaut werden. . Error - 22.02.2011 06:40:42 | Computer Name = Schneider-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_NlaSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel: 0x4cc7b325 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000513bd ID des fehlerhaften Prozesses: 0x48c Startzeit der fehlerhaften Anwendung: 0x01cbd26f09587d36 Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 3192b943-3e70-11e0-93a1-00221591b84d Error - 23.02.2011 08:07:29 | Computer Name = Schneider-PC | Source = System Restore | ID = 8200 Description = Error - 23.02.2011 08:08:41 | Computer Name = Schneider-PC | Source = System Restore | ID = 8200 Description = Error - 23.02.2011 09:13:06 | Computer Name = Schneider-PC | Source = System Restore | ID = 8200 Description = [ System Events ] Error - 23.02.2011 09:13:06 | Computer Name = Schneider-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "Windows" den Befehl "chkdsk" aus. Error - 23.02.2011 12:01:35 | Computer Name = Schneider-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?23.?02.?2011 um 16:56:47 unerwartet heruntergefahren. Error - 24.02.2011 07:59:17 | Computer Name = Schneider-PC | Source = NetBT | ID = 4321 Description = Der Name "SCHNEIDER-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 24.02.2011 07:59:21 | Computer Name = Schneider-PC | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{B6B09987-C242-43CC-B4D3-240DB6D1ED94} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error - 24.02.2011 07:59:21 | Computer Name = Schneider-PC | Source = NetBT | ID = 4321 Description = Der Name "SCHNEIDER-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 24.02.2011 07:59:43 | Computer Name = Schneider-PC | Source = Microsoft Antimalware | ID = 3002 Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode: 0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842 Error - 24.02.2011 08:15:01 | Computer Name = Schneider-PC | Source = NetBT | ID = 4321 Description = Der Name "SCHNEIDER-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 24.02.2011 08:15:07 | Computer Name = Schneider-PC | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{B6B09987-C242-43CC-B4D3-240DB6D1ED94} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error - 24.02.2011 08:15:07 | Computer Name = Schneider-PC | Source = NetBT | ID = 4321 Description = Der Name "SCHNEIDER-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 24.02.2011 08:15:26 | Computer Name = Schneider-PC | Source = Microsoft Antimalware | ID = 3002 Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode: 0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842 < End of report > Mir reicht es auch erstmal, wenn ich weiß, obs schlimm ist oder nicht, da ich mich nicht gut auskenne würde ich Win7 notfalls neu installieren... |
|
24.02.2011, 13:39
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet langsam, Hijackthis Log und Problembeschreibung Alles ab Abschnitt 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Internet langsam, Hijackthis Log und Problembeschreibung |
| adobe, antivir guard, avg, avira, bho, explorer, firefox, firewall, hijack, hijackthis, hilfe!!, internet, internet explorer, internet langsam, lan, langsam, log, mozilla, nvidia, object, plug-in, schutz, software, syswow64, virus, werkseinstellungen, windows, wmp |
Linear-Darstellung
