| |
| |||||||
Log-Analyse und Auswertung: Computer ungewöhnlich langsam (und hängt oft)!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
16.11.2009, 19:25
| #1 |
| /// Helfer-Team   |  Computer ungewöhnlich langsam (und hängt oft)! Hallo, Habe seit ein paar Wochen folgendes Problem: Hatte bis vor ein paar Wochen/1 Monat noch Vista 64-Bit (zum Arbeiten usw.) und XP 32-Bit (zum Spielen) nebeneinander installiert! Alles lief "perfekt", hatte vorher nie Stabilitätsprobleme oder andere Probleme! Seit nun das neue Windows 7 erschienen ist, habe ich nun Win7 (zum Arbeiten usw.) und Vista (zum Spielen) installiert (machte bei beiden eine Neuinstallation!). Ich merke aber, das Vista wirklich extrem träge ist, vor allem nach dem Start (wenn alles geladen ist)! Der Explorer und einige andere Programme frieren ständig ein, obwohl die CPu-Auslastung "normal" ist! Windows7 läuft meistens ganz OK, habe dort keine größeren Probleme derzeit! Was ich aber komisch finde ist, das Vista nun so träge ist, liegt das an den Spielen, nein oder? Auch einen Virus schließe ich nicht aus, deshalb mein Thread! ;) Mein System: Windows 7 (C:) Windows Vista (D:) MEDION HDD (G:) -> externe Festplatte 1.) CCleaner: Erledigt! 2.) Malwarebytes-Anti-Malware: Code:
ATTFilter Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3079
Windows 6.1.7600
15.11.2009 22:22:43
mbam-log-2009-11-15 (22-22-43).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|G:\|)
Durchsuchte Objekte: 336616
Laufzeit: 1 hour(s), 47 minute(s), 1 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Alexander\Downloads\Spieledateien\Sim City 4 Deluxe\Plugins\SFBT_NVG_Wohnhaus\SFBT_NVG-Wohnhaus.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Alexander\Downloads\Spieledateien\Sim City 4 Deluxe\Plugins\SFBT_Stromleitungen\SFBT_Stromleitungen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
G:\Eigene Dateien\Eigene Dateien\Downloads\Spieledateien\Sim City 4 Deluxe\Plugins\SFBT_NVG_Wohnhaus\SFBT_NVG-Wohnhaus.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
G:\Eigene Dateien\Eigene Dateien\Downloads\Spieledateien\Sim City 4 Deluxe\Plugins\SFBT_Stromleitungen\SFBT_Stromleitungen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{0A41C036-F158-4C89-981C-CEA4253F8426}\RP68\A0019002.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{0A41C036-F158-4C89-981C-CEA4253F8426}\RP68\A0019003.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{30F8A32A-D55B-41EE-84EC-8E8A96A5BA3A}\RP99\A0027536.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{30F8A32A-D55B-41EE-84EC-8E8A96A5BA3A}\RP99\A0027537.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
----> Anhang Ich zähle auf eure Hilfe! ;)
__________________ KEINE Hilfe per PN, für was wäre sonst das Forum da?  Trojaner Board unterstützen! | Mei Bier is ned deppad, du bist deppad! | [Invisible Fighters] Clan |
|
21.11.2009, 16:43
| #2 |
| /// Helfer-Team |  Computer ungewöhnlich langsam (und hängt oft)! Hallo,
__________________Bitte helft mir, mein Problem besteht immer noch!  Vielen Dank für eure Hilfe! 
__________________ |
|
21.11.2009, 16:51
| #3 |
| /// Selecta Jahrusso  | Computer ungewöhnlich langsam (und hängt oft)! Servus, dass vorgepläkel brauch dir ja hoffentlich nicht mehr erklären oder
__________________schritt 1 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
schritt 2 Während dieser Scans soll(en):
Bitte teile die Logfiles auf. Danke
__________________ |
|
22.11.2009, 17:50
| #4 | |
| /// Helfer-Team | Computer ungewöhnlich langsam (und hängt oft)! Hallo Daniel, Zitat:
CustomScan mit OTL (OTL.txt) Part1: Code:
ATTFilter OTL logfile created on: 22.11.2009 16:44:26 - Run 1 OTL by OldTimer - Version 3.1.6.3 Folder = C:\Users\Alexander\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 71,73% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 195,45 Gb Free Space | 83,93% Space Free | Partition Type: NTFS Drive D: | 232,87 Gb Total Space | 149,41 Gb Free Space | 64,16% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 931,51 Gb Total Space | 835,71 Gb Free Space | 89,72% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GAMECOMPUTER Current User Name: Alexander Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009.11.22 16:42:35 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe PRC - [2009.10.20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe PRC - [2009.10.20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe PRC - [2009.10.20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe PRC - [2009.10.20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe PRC - [2009.10.20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe PRC - [2009.10.20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe PRC - [2009.10.20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe PRC - [2009.10.20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe PRC - [2009.10.20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe PRC - [2009.10.20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe PRC - [2009.10.07 13:50:26 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe PRC - [2009.10.07 13:50:26 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe PRC - [2009.10.07 13:50:26 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe PRC - [2009.10.07 13:50:26 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe PRC - [2009.08.28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009.07.20 04:00:00 | 00,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009.07.20 04:00:00 | 00,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009.07.20 04:00:00 | 00,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009.07.20 04:00:00 | 00,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009.07.20 04:00:00 | 00,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009.07.20 04:00:00 | 00,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009.07.20 04:00:00 | 00,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009.07.20 04:00:00 | 00,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009.02.11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe PRC - [2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe ========== Modules (SafeList) ========== MOD - [2009.11.22 16:42:35 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe MOD - [2009.07.20 04:00:00 | 00,057,344 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\x86\GameHook.dll MOD - [2009.07.20 04:00:00 | 00,038,912 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\x86\lgscroll.dll MOD - [2009.07.14 02:16:17 | 01,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2009.07.14 02:16:17 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009.07.14 02:16:15 | 00,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2009.07.14 02:16:15 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2009.07.14 02:14:57 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009.07.14 02:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll MOD - [2009.06.10 22:23:11 | 00,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll MOD - [2009.02.11 11:06:38 | 00,014,032 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\saHook.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.11.13 09:24:50 | 00,036,168 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009.09.23 23:28:02 | 00,202,752 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.09.21 16:36:16 | 00,660,256 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV:64bit: - [2009.09.12 00:40:22 | 02,287,360 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Defrag\oodag.exe -- (O&O Defrag) SRV:64bit: - [2009.07.14 02:41:59 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc) SRV:64bit: - [2009.07.14 02:41:56 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc) SRV:64bit: - [2009.07.14 02:41:56 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\umpo.dll -- (Power) SRV:64bit: - [2009.07.14 02:41:55 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:64bit: - [2009.07.14 02:41:54 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify) SRV:64bit: - [2009.07.14 02:41:54 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc) SRV:64bit: - [2009.07.14 02:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc) SRV:64bit: - [2009.07.14 02:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc) SRV:64bit: - [2009.07.14 02:41:53 | 00,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider) SRV:64bit: - [2009.07.14 02:41:53 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper) SRV:64bit: - [2009.07.14 02:41:53 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg) SRV:64bit: - [2009.07.14 02:41:18 | 00,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener) SRV:64bit: - [2009.07.14 02:40:54 | 01,127,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll -- (FontCache) SRV:64bit: - [2009.07.14 02:40:28 | 00,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV:64bit: - [2009.07.14 02:40:28 | 00,291,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc) SRV:64bit: - [2009.07.14 02:40:13 | 00,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bthserv.dll -- (bthserv) SRV:64bit: - [2009.07.14 02:40:10 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC) SRV:64bit: - [2009.07.14 02:40:05 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV) SRV:64bit: - [2009.07.14 02:40:01 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc) SRV:64bit: - [2009.07.14 02:39:56 | 01,525,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV:64bit: - [2009.07.14 02:39:51 | 01,503,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbengine.exe -- (wbengine) SRV:64bit: - [2009.07.14 02:39:28 | 03,524,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc) SRV:64bit: - [2009.07.14 02:39:11 | 00,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FXSSVC.exe -- (Fax) SRV - [2009.11.16 17:56:29 | 00,607,048 | ---- | M] (TuneUp Software) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.11.13 09:30:48 | 01,353,544 | ---- | M] (TuneUp Software) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2009.11.13 09:24:42 | 00,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2009.10.20 07:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe -- (NIS) SRV - [2009.10.07 13:50:26 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer4) SRV - [2009.08.28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009.07.20 12:36:14 | 00,160,784 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.07.14 04:20:14 | 00,000,000 | ---D | M] -- C:\Windows\Vss -- (VSS) SRV - [2009.07.14 04:20:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2009.07.14 02:39:09 | 00,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr) SRV - [2009.07.14 02:39:09 | 00,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched) SRV - [2009.07.14 02:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider) SRV - [2009.07.14 02:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV - [2009.07.13 21:30:11 | 00,061,056 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2009.06.10 22:23:09 | 00,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.10 21:39:58 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2009.06.10 21:30:59 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2009.06.10 21:30:45 | 00,856,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2009.02.11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008.11.04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D AF 90 35 26 5A CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.85 FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:1.0.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.18 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2 FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:6.1.20091007W FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 FF - prefs.js..extensions.enabledItems: {27c60876-b5c9-4335-b4f3-52b26782220c}:0.9.0 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.15 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {4C0766D3-67A7-45a3-85A2-752F77312F32}:4.0 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5 FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2009.10.31 13:48:34 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2009.10.31 13:48:34 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2009.10.31 16:22:17 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009.11.10 20:37:34 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009.11.07 09:38:18 | 00,000,000 | ---D | M] [2009.10.31 13:35:24 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Extensions [2009.10.31 13:35:24 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009.11.22 10:00:53 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\w82ry5m8.default\extensions [2009.11.09 17:30:03 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\w82ry5m8.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2009.10.31 15:50:09 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\w82ry5m8.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c} [2009.10.31 15:50:09 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\w82ry5m8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.10.31 15:50:09 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\w82ry5m8.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2009.10.31 15:50:10 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\w82ry5m8.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2009.11.18 19:11:07 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\w82ry5m8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009.10.31 15:50:09 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\w82ry5m8.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2009.11.06 18:06:35 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\w82ry5m8.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2009.11.19 19:29:39 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\w82ry5m8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009.10.31 14:25:29 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\w82ry5m8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.10.31 15:50:10 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\w82ry5m8.default\extensions\de-AT@dictionaries.addons.mozilla.org [2009.11.22 10:00:53 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2009.11.07 09:38:18 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009.10.31 13:45:48 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009.11.07 09:38:17 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll [2009.11.07 09:38:17 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll [2009.09.25 17:41:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll [2007.04.10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2009.10.31 13:45:45 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll [2009.09.25 17:41:24 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll [2009.09.25 17:41:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009.02.06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009.11.07 09:38:17 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2006.10.26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2009.02.27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2009.10.31 13:44:23 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2009.10.31 13:44:23 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2009.10.31 13:44:23 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2009.10.31 13:44:23 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2009.10.31 13:44:23 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2009.10.31 13:44:23 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2009.10.31 13:44:23 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2009.09.25 17:41:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll [2009.10.16 19:18:02 | 00,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.10.16 19:18:02 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2009.10.16 19:18:02 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml [2009.10.16 19:18:02 | 00,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2009.10.16 19:18:02 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2009.10.16 19:18:02 | 00,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
__________________ KEINE Hilfe per PN, für was wäre sonst das Forum da? Trojaner Board unterstützen! | Mei Bier is ned deppad, du bist deppad! | [Invisible Fighters] Clan |
|
22.11.2009, 17:53
| #5 |
| /// Helfer-Team | Computer ungewöhnlich langsam (und hängt oft)! CustomScan mit OTL (OTL.txt) Part2: Code:
ATTFilter O1 HOSTS File: (824 bytes) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme (x86)\Microsoft Office\Office12\EXCEL.EXE File not found
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (OODBS) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
__________________ KEINE Hilfe per PN, für was wäre sonst das Forum da? Trojaner Board unterstützen! | Mei Bier is ned deppad, du bist deppad! | [Invisible Fighters] Clan |
|
22.11.2009, 17:54
| #6 |
| /// Helfer-Team | Computer ungewöhnlich langsam (und hängt oft)! CustomScan mit OTL (OTL.txt) Part3: Code:
ATTFilter NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009.07.14 04:20:14 | 00,000,000 | ---D | M] NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation) NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation) NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation) NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation) ========== Files/Folders - Created Within 14 Days ========== [2009.11.22 16:42:34 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe [2009.11.19 19:40:08 | 00,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\CrashDumps [2009.11.19 19:12:59 | 00,003,584 | ---- | C] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.19 19:12:51 | 00,000,000 | -H-D | C] -- C:\Users\Alexander\dwhelper [2009.11.19 18:54:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\PixiePack Codec Pack [2009.11.19 18:51:08 | 00,000,000 | ---D | C] -- C:\ProgramData\RapidSolution [2009.11.19 18:50:21 | 00,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\RapidSolution [2009.11.17 19:58:34 | 00,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\CyberLink [2009.11.16 17:56:30 | 00,036,168 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2009.11.16 17:56:30 | 00,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2009.11.16 17:56:30 | 00,025,928 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2009.11.16 14:46:12 | 00,046,112 | ---- | C] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\tbhsd.sys [2009.11.16 14:45:48 | 00,031,264 | ---- | C] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\rrnetcap.sys [2009.11.11 14:53:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2009.11.11 14:03:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Publish Data [2009.11.11 14:02:55 | 00,000,000 | ---D | C] -- C:\Windows\uninstall [2009.11.10 20:56:32 | 00,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\VoipBuster [2009.11.10 20:54:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\VoipBuster [2009.11.10 20:15:27 | 00,053,296 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymIMV.sys ========== Files - Modified Within 14 Days ========== [2009.11.22 16:43:18 | 00,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2009.11.22 16:43:18 | 00,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2009.11.22 16:42:35 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe [2009.11.22 16:40:51 | 01,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2009.11.22 16:40:51 | 00,645,304 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2009.11.22 16:40:51 | 00,607,666 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2009.11.22 16:40:51 | 00,126,904 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2009.11.22 16:40:51 | 00,104,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2009.11.22 16:38:01 | 01,835,008 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT [2009.11.22 16:36:04 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009.11.22 16:36:02 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009.11.22 16:35:58 | 00,066,352 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2009.11.22 10:40:39 | 02,604,735 | -H-- | M] () -- C:\Users\Alexander\AppData\Local\IconCache.db [2009.11.22 10:00:29 | 01,070,292 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1101000.013\Cat.DB [2009.11.19 19:12:59 | 00,003,584 | ---- | M] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.19 19:00:24 | 00,000,106 | ---- | M] () -- C:\Windows\Podcasts.INI [2009.11.16 17:56:20 | 00,002,192 | ---- | M] () -- C:\Users\Alexander\Desktop\TuneUp Utilities 2010.lnk [2009.11.16 14:46:12 | 00,046,112 | ---- | M] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\tbhsd.sys [2009.11.16 14:45:48 | 00,031,264 | ---- | M] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\rrnetcap.sys [2009.11.14 14:09:37 | 00,000,493 | ---- | M] () -- C:\Users\Alexander\Desktop\Wartungscenter.lnk [2009.11.14 14:09:33 | 00,000,521 | ---- | M] () -- C:\Users\Alexander\Desktop\Netzwerk- und Freigabecenter.lnk [2009.11.14 14:09:24 | 00,000,477 | ---- | M] () -- C:\Users\Alexander\Desktop\System.lnk [2009.11.14 14:09:21 | 00,000,513 | ---- | M] () -- C:\Users\Alexander\Desktop\Software.lnk [2009.11.14 14:08:57 | 00,000,355 | ---- | M] () -- C:\Users\Alexander\Desktop\Arbeitsplatz.lnk [2009.11.14 08:15:35 | 00,002,498 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2009.11.13 09:31:02 | 00,033,608 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2009.11.13 09:25:02 | 00,025,928 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2009.11.13 09:24:56 | 00,021,320 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2009.11.13 09:24:50 | 00,036,168 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2009.11.13 09:24:42 | 00,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2009.11.11 14:53:29 | 00,001,036 | ---- | M] () -- C:\Users\Alexander\Desktop\JDownloader.lnk ========== Files Created - No Company Name ========== [2009.11.19 19:12:59 | 00,003,584 | ---- | C] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.19 19:00:24 | 00,000,106 | ---- | C] () -- C:\Windows\Podcasts.INI [2009.11.16 18:30:36 | 00,002,192 | ---- | C] () -- C:\Users\Alexander\Desktop\TuneUp Utilities 2010.lnk [2009.11.14 14:09:37 | 00,000,493 | ---- | C] () -- C:\Users\Alexander\Desktop\Wartungscenter.lnk [2009.11.14 14:09:33 | 00,000,521 | ---- | C] () -- C:\Users\Alexander\Desktop\Netzwerk- und Freigabecenter.lnk [2009.11.14 14:09:24 | 00,000,477 | ---- | C] () -- C:\Users\Alexander\Desktop\System.lnk [2009.11.14 14:09:21 | 00,000,513 | ---- | C] () -- C:\Users\Alexander\Desktop\Software.lnk [2009.11.14 14:08:57 | 00,000,355 | ---- | C] () -- C:\Users\Alexander\Desktop\Arbeitsplatz.lnk [2009.11.11 14:53:29 | 00,001,036 | ---- | C] () -- C:\Users\Alexander\Desktop\JDownloader.lnk [2009.10.31 08:45:34 | 00,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009.10.31 08:45:34 | 00,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009.10.30 20:17:16 | 02,604,735 | -H-- | C] () -- C:\Users\Alexander\AppData\Local\IconCache.db [2009.10.30 20:03:26 | 00,108,840 | ---- | C] () -- C:\Users\Alexander\AppData\Local\GDIPFONTCACHEV1.DAT [2009.07.14 06:32:39 | 00,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont [2009.07.14 06:32:39 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009.07.14 06:32:39 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009.07.14 06:32:39 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009.07.14 05:54:24 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini [2009.07.14 03:35:42 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2009.07.14 03:34:57 | 00,000,403 | ---- | C] () -- C:\Windows\win.ini [2009.07.14 03:34:57 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini [2009.07.14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.03.02 11:33:32 | 00,067,584 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.03.02 11:33:32 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2009.01.05 15:44:10 | 00,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini [2007.09.04 12:56:10 | 00,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2007.02.05 20:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI ========== LOP Check ========== [2009.11.04 08:46:51 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Adobe [2009.10.31 13:45:07 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Apple Computer [2009.10.30 20:03:19 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\ATI [2009.11.17 19:58:17 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\CyberLink [2009.11.06 19:33:48 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\FileZilla [2009.11.01 16:51:44 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\FreeFLVConverter [2009.10.30 19:51:01 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Identities [2009.11.01 16:31:07 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Leadertech [2009.11.01 16:31:17 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Logitech [2009.10.31 14:03:29 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Macromedia [2009.10.31 13:46:15 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Malwarebytes [2009.07.14 19:18:18 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Media Center Programs [2009.11.19 18:35:06 | 00,000,000 | --SD | M] -- C:\Users\Alexander\AppData\Roaming\Microsoft [2009.10.31 13:35:24 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Mozilla [2009.11.20 20:13:59 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Skype [2009.10.31 13:59:08 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\TeamViewer [2009.10.31 13:59:58 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\TuneUp Software [2009.11.11 18:00:34 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\VoipBuster [2009.10.31 13:40:52 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Win7codecs [2009.10.31 13:24:13 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\WinRAR [2009.11.22 16:36:04 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 00,014,742 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\eventlog.dll /s /md5 > < %SYSTEMDRIVE%\scecli.dll /s /md5 > [2009.07.14 02:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:41:53 | 00,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2009.07.14 02:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [2009.07.14 02:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:41:52 | 00,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 02:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > [2009.07.14 02:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:40:20 | 00,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll [2009.07.14 02:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > < %SYSTEMDRIVE%\nvstor.sys /s /md5 > [2009.07.14 02:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < %SYSTEMDRIVE%\atapi.sys /s /md5 > [2009.07.14 02:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 > [2009.07.14 02:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > < %SYSTEMDRIVE%\nvatabus.sys /s /md5 > < End of report >
__________________ --> Computer ungewöhnlich langsam (und hängt oft)! |
|
22.11.2009, 17:55
| #7 |
| /// Helfer-Team | Computer ungewöhnlich langsam (und hängt oft)! CustomScan mit OTL (Extra.txt) Part1: Code:
ATTFilter OTL Extras logfile created on: 22.11.2009 16:44:26 - Run 1
OTL by OldTimer - Version 3.1.6.3 Folder = C:\Users\Alexander\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 71,73% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 195,45 Gb Free Space | 83,93% Space Free | Partition Type: NTFS
Drive D: | 232,87 Gb Total Space | 149,41 Gb Free Space | 64,16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931,51 Gb Total Space | 835,71 Gb Free Space | 89,72% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: GAMECOMPUTER
Current User Name: Alexander
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"AntiSpyWareDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UacDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{2C4FFF38-9FA5-C451-E79D-FAB3848C7F5A}" = ccc-utility64
"{5324EDAC-DED3-3A65-6881-84B4B8A8A7F9}" = ATI Catalyst Install Manager
"{5759E649-E281-46C2-BB4B-50413623DCDF}" = iTunes
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC84C1E9-F4D4-4B8E-B35C-C88EEA0A5201}" = O&O Defrag Professional
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
__________________ KEINE Hilfe per PN, für was wäre sonst das Forum da? Trojaner Board unterstützen! | Mei Bier is ned deppad, du bist deppad! | [Invisible Fighters] Clan |
|
22.11.2009, 17:56
| #8 |
| /// Helfer-Team | Computer ungewöhnlich langsam (und hängt oft)! CustomScan mit OTL (Extra.txt) Part2: Code:
ATTFilter [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3EA20BCC-983E-E2FB-7655-F701160703AF}" = Catalyst Control Center HydraVision Full
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4DDF49C7-E23B-28E4-D899-DE1950411061}" = Catalyst Control Center Graphics Light
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61814DD5-D192-7D9F-4070-08058E94C765}" = Catalyst Control Center Core Implementation
"{672017AB-BD22-FEED-D058-BC761279EF3D}" = Catalyst Control Center InstallProxy
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B251F4A-0B78-2045-B802-CDB67F594E53}" = Catalyst Control Center Graphics Previews Vista
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8F808D5F-7635-EE62-F2B4-42D72D74443C}" = Catalyst Control Center Graphics Previews Common
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC4C00F4-3043-BA09-C401-A4728663ECCE}" = ccc-core-static
"{C27B2B08-B5BD-A210-73AF-83A740ECC32F}" = Catalyst Control Center Graphics Full New
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6AA63A6-3248-2D28-3BAA-AA9C6B8D84BE}" = CCC Help English
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18EF558-2BCE-99DE-4021-46726B061BD2}" = Catalyst Control Center Graphics Full Existing
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02
"FileZilla Client" = FileZilla Client 3.2.8.1
"HijackThis" = HijackThis 2.0.2
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"NIS" = Norton Internet Security
"PowerISO" = PowerISO
"TeamViewer 4" = TeamViewer 4
"TuneUp Utilities" = TuneUp Utilities
"VoipBuster_is1" = VoipBuster
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.11.2009 12:59:37 | Computer Name = GAMECOMPUTER | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8089.726,
Zeitstempel: 0x4a6ce533 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x567ea0a1 ID des fehlerhaften
Prozesses: 0xc84 Startzeit der fehlerhaften Anwendung: 0x01ca5ca6f6c03158 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 440ebe70-c89a-11de-8d09-f6b0a37e0cf2
Error - 07.11.2009 06:28:37 | Computer Name = GAMECOMPUTER | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\App2Go\Grafik
& Design\Paint.NET Portable\net-und-web_App\Paint.NET\Squish_x64.dll". Die abhängige
Assemblierung "Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.11.2009 06:48:13 | Computer Name = GAMECOMPUTER | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\App2Go\Grafik
& Design\Paint.NET Portable\net-und-web_App\Paint.NET\Squish_x64.dll". Die abhängige
Assemblierung "Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.11.2009 06:54:01 | Computer Name = GAMECOMPUTER | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\App2Go\Grafik
& Design\Paint.NET Portable\net-und-web_App\Paint.NET\Squish_x64.dll". Die abhängige
Assemblierung "Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.11.2009 09:01:25 | Computer Name = GAMECOMPUTER | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\zusaetzliche
Programme\avirarkd.exe". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.11.2009 12:44:33 | Computer Name = GAMECOMPUTER | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8089.726,
Zeitstempel: 0x4a6ce533 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0xc1c Startzeit der fehlerhaften Anwendung: 0x01ca62ee24200b8c Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 7cfe69f6-cee1-11de-a1c2-96f575c0f7e0
Error - 11.11.2009 14:48:04 | Computer Name = GAMECOMPUTER | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\App2Go\Grafik
& Design\Paint.NET Portable\net-und-web_App\Paint.NET\Squish_x64.dll". Die abhängige
Assemblierung "Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 19.11.2009 14:40:02 | Computer Name = GAMECOMPUTER | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: save2pc_light.exe, Version: 4.0.0.0,
Zeitstempel: 0x4af15822 Name des fehlerhaften Moduls: save2pc_light.exe, Version:
4.0.0.0, Zeitstempel: 0x4af15822 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001ba5
ID
des fehlerhaften Prozesses: 0x1428 Startzeit der fehlerhaften Anwendung: 0x01ca6947b2ba1802
Pfad
der fehlerhaften Anwendung: C:\Users\Alexander\Desktop\save2pc_light.exe Pfad des
fehlerhaften Moduls: C:\Users\Alexander\Desktop\save2pc_light.exe Berichtskennung:
f229404e-d53a-11de-a81f-8424286f32fc
Error - 19.11.2009 14:40:12 | Computer Name = GAMECOMPUTER | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: save2pc_light.exe, Version: 4.0.0.0,
Zeitstempel: 0x4af15822 Name des fehlerhaften Moduls: save2pc_light.exe, Version:
4.0.0.0, Zeitstempel: 0x4af15822 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001ba5
ID
des fehlerhaften Prozesses: 0x1490 Startzeit der fehlerhaften Anwendung: 0x01ca6947ba1894ae
Pfad
der fehlerhaften Anwendung: C:\Users\Alexander\Desktop\save2pc_light.exe Pfad des
fehlerhaften Moduls: C:\Users\Alexander\Desktop\save2pc_light.exe Berichtskennung:
f7d5d0fe-d53a-11de-a81f-8424286f32fc
[ System Events ]
Error - 18.11.2009 10:43:23 | Computer Name = GAMECOMPUTER | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 18.11.2009 12:34:39 | Computer Name = GAMECOMPUTER | Source = bowser | ID = 8003
Description =
Error - 19.11.2009 12:31:55 | Computer Name = GAMECOMPUTER | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 20.11.2009 09:48:46 | Computer Name = GAMECOMPUTER | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 20.11.2009 14:11:58 | Computer Name = GAMECOMPUTER | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 21.11.2009 03:12:11 | Computer Name = GAMECOMPUTER | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 21.11.2009 12:03:56 | Computer Name = GAMECOMPUTER | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 22.11.2009 04:48:59 | Computer Name = GAMECOMPUTER | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 22.11.2009 11:35:53 | Computer Name = GAMECOMPUTER | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 22.11.2009 11:36:28 | Computer Name = GAMECOMPUTER | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.1.3 registriert werden. Der Computer mit IP-Adresse 192.168.1.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
< End of report >
__________________ KEINE Hilfe per PN, für was wäre sonst das Forum da? Trojaner Board unterstützen! | Mei Bier is ned deppad, du bist deppad! | [Invisible Fighters] Clan |
|
22.11.2009, 17:57
| #9 |
| /// Helfer-Team | Computer ungewöhnlich langsam (und hängt oft)! Rootkitscan mit RootRepeal: Er meint auf Englisch, dass das Programm nicht für 64-Bit Betriebssysteme gedacht ist!  Sonst alles zu deiner Zufriedenheit? 
__________________ KEINE Hilfe per PN, für was wäre sonst das Forum da? Trojaner Board unterstützen! | Mei Bier is ned deppad, du bist deppad! | [Invisible Fighters] Clan |
|
22.11.2009, 18:20
| #10 |
| /// Selecta Jahrusso | Computer ungewöhnlich langsam (und hängt oft)! Ups, hab vergessen dass Du ein 64 bit system hast. Und Du bist Dir sicher das dein Rechner das Packt mit win7 und Vista? Das braucht schon ein bisschen was. Aber ich bin kein Techniker Was macht bitte TuneUp und O&O Defrag am Rechner. Willste ihn selber zerschießen? Weg damit Kannst Du mir dazu was sagen? Code:
ATTFilter G:\Eigene Dateien\Eigene Dateien\Downloads\Spieledateien\Sim City 4 Deluxe\Plugins\SFBT_Stromleitungen\SFBT_Stromleitungen.exe
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
22.11.2009, 18:29
| #11 | |||
| /// Helfer-Team | Computer ungewöhnlich langsam (und hängt oft)! Hallo, Zitat:
Intel Core 2 Duo E6750 @ 2,66 GHz ASRock 4Core1600-GLAN/M Motherboard 4 GB RAM (Samsung) Powercolor Radeon HD 3850 SAMSUNG HD501LJ (465 GB) Festplatte Zitat:
 Zitat:
__________________ KEINE Hilfe per PN, für was wäre sonst das Forum da? Trojaner Board unterstützen! | Mei Bier is ned deppad, du bist deppad! | [Invisible Fighters] Clan |
|
22.11.2009, 18:35
| #12 |
| /// Selecta Jahrusso | Computer ungewöhnlich langsam (und hängt oft)! Wie gesagt, ich bin kein Techniker  Aber nach Viren kann ich suchen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
22.11.2009, 21:45
| #13 |
| /// Helfer-Team | Computer ungewöhnlich langsam (und hängt oft)! Hallo, Hab den Scan leider abbrechen müssen (war schon seit 2 Stunden bei 99%), da ich den PC ausschalten muss! Log habe ich in dem besagten Ordner nicht gefunden, Funde keine! 
__________________ KEINE Hilfe per PN, für was wäre sonst das Forum da? Trojaner Board unterstützen! | Mei Bier is ned deppad, du bist deppad! | [Invisible Fighters] Clan |
|
22.11.2009, 22:00
| #14 | |
   | Computer ungewöhnlich langsam (und hängt oft)! Ich spring hier mal kurz rein. Zitat:
Ich würde an deiner Stelle das Vista deinstallieren und nur noch Win7 nutzen. Zocken kannste damit auch und das sogar noch besser als mit Vista ich sprech da aus Erfahrung. Gruß Acid
__________________ Kein Support per PM Das befolgen der Tips und Anleitungen geschieht auf eigene Gefahr. |
|
23.11.2009, 13:49
| #15 |
| /// Helfer-Team | Computer ungewöhnlich langsam (und hängt oft)! Hallo Acid303, Danke für den Tipp. Na' wenn du da aus Erfahrung sprichst, kann ich ja fast nicht Nein sagen! Nur noch zwei Fragen: 1.) Sollte ich die Spiele dann trotzdem auf der anderen Partition installieren oder ist das egal wenn ich es auf der Win7 Partition installiere? 2.) Wie siehst es mit Spielekompatibilität+Win7 aus? Irgendwelche Erfahrungen? Spiele nämlich häufig auch ältere Spiele, wie Heroes of Might and Magic 3, Age of Empires 1, Empire Earth usw. Danke für deine Hilfe! 
__________________ KEINE Hilfe per PN, für was wäre sonst das Forum da? Trojaner Board unterstützen! | Mei Bier is ned deppad, du bist deppad! | [Invisible Fighters] Clan |
|
| Themen zu Computer ungewöhnlich langsam (und hängt oft)! |
| 32-bit, 64-bit, andere probleme, backdoor.bot, ccleaner, code, computer, cpu-auslastung, dateien, explorer, folge, hilfe!, hängt, langsam, malwarebytes' anti-malware, neue, neuinstallation, problem, programme, registrierungsschlüssel, spiele, spielen, start, system, system volume information, tool, virus, vista, win7, windows |
Textbox.
.
Linear-Darstellung
