Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.
Windows 8 _ Internet ladet sehr langsam bis gar nicht!
Hallo
So, erstmal der Fixlog.txt.
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Christine K at 2015-03-30 19:05:57 Run:1
Running from C:\Users\Christine K\Desktop
Loaded Profiles: UpdatusUser & Christine K (Available profiles: UpdatusUser & Christine K)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-4175245928-530565587-4270067117-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
EmptyTemp:
end
*****************
Processes closed successfully.
"HKU\S-1-5-21-4175245928-530565587-4270067117-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
EmptyTemp: => Removed 281.9 MB temporary data.
The system needed a reboot.
==== End of Fixlog 19:06:40 ====
Schritt 2 HitmanPro
Code:
ATTFilter
Code:
ATTFilter
HitmanPro 3.7.9.240
www.hitmanpro.com
Computer name . . . . : CHRISTINE
Windows . . . . . . . : 6.2.0.9200.X64/4
User name . . . . . . : Christine\Christine K
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2015-03-30 21:23:07
Scan mode . . . . . . : Normal
Scan duration . . . . : 12m 13s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 11
Objects scanned . . . : 1.901.966
Files scanned . . . . : 44.479
Remnants scanned . . : 382.838 files / 1.474.649 keys
Suspicious files ____________________________________________________________
C:\Users\Christine K\Desktop\FRST64.exe
Size . . . . . . . : 2.095.616 bytes
Age . . . . . . . : 4.1 days (2015-03-26 18:07:47)
Entropy . . . . . : 7.5
SHA-256 . . . . . : 72AAB1C62CF0BC00F5B102954B603D1509B2AF5F0BD1911E9CAE98C4DDE2D152
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
C:\Windows\PEV.exe
Size . . . . . . . : 256.000 bytes
Age . . . . . . . : 4.0 days (2015-03-26 21:33:36)
Entropy . . . . . : 8.0
SHA-256 . . . . . : AE0F5CC54E4B133DF66A54572A7CE52FAFF11F8FD0CAEAB088AAD3699D6EC924
Fuzzy . . . . . . : 22.0
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Program contains PE structure anomalies. This is not typical for most programs.
Forensic Cluster
-44.7s C:\Windows\erdnt\
-44.7s C:\Windows\erdnt\Hiv-backup\
-44.7s C:\Windows\erdnt\Hiv-backup\ERDNT.INF
-44.7s C:\Windows\erdnt\Hiv-backup\ERDNT.CON
-44.7s C:\Windows\erdnt\Hiv-backup\SYSTEM
-43.7s C:\Windows\erdnt\Hiv-backup\SOFTWARE
-42.9s C:\Windows\Prefetch\COMBOFIX.EXE-0D8A4610.pf
-40.3s C:\Windows\erdnt\Hiv-backup\DEFAULT
-40.3s C:\Windows\erdnt\Hiv-backup\SECURITY
-40.2s C:\Windows\erdnt\Hiv-backup\SAM
-40.2s C:\Windows\erdnt\Hiv-backup\Users\
-40.2s C:\Windows\erdnt\Hiv-backup\Users\00000001\
-40.2s C:\Windows\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
-40.1s C:\Windows\erdnt\Hiv-backup\Users\00000002\
-40.1s C:\Windows\erdnt\Hiv-backup\Users\00000002\NTUSER.DAT
-40.1s C:\Windows\erdnt\Hiv-backup\Users\00000003\
-40.0s C:\Windows\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
-39.7s C:\Windows\erdnt\Hiv-backup\Users\00000004\
-39.7s C:\Windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
-39.6s C:\Windows\erdnt\Hiv-backup\BCD
-39.6s C:\Windows\erdnt\Hiv-backup\Users\00000005\
-39.6s C:\Windows\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
-39.4s C:\Windows\erdnt\Hiv-backup\Users\00000006\
-39.4s C:\Windows\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
-39.3s C:\Windows\Prefetch\ERUNT.3XE-BCC895D4.pf
-38.7s C:\Windows\erdnt\Hiv-backup\ERDNT.EXE
-38.7s C:\Windows\erdnt\Hiv-backup\ERDNTWIN.LOC
-38.7s C:\Windows\erdnt\Hiv-backup\ERDNTDOS.LOC
-11.2s C:\Qoobox\Quarantine\Registry_backups\
-11.2s C:\Qoobox\
-11.2s C:\Qoobox\Quarantine\
-4.2s C:\Windows\Prefetch\CF1822.3XE-582B8981.pf
-3.9s C:\Qoobox\BackEnv\
-3.7s C:\Qoobox\Quarantine\catchme.log
-0.0s C:\Windows\SWXCACLS.exe
-0.0s C:\Windows\SWSC.exe
-0.0s C:\Windows\sed.exe
-0.0s C:\Windows\grep.exe
-0.0s C:\Windows\zip.exe
0.0s C:\Windows\SWREG.exe
0.0s C:\Windows\PEV.exe
0.0s C:\Windows\NIRCMD.exe
0.0s C:\Windows\MBR.exe
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper\ (AirZip)
HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B}\ (AirZip)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F622628-7632-4B28-B184-D7BA0CA3273B} (AirZip)
HKLM\SYSTEM\ControlSet001\Services\EventLog\Application\winzipersvc\ (AirZip)
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc\ (AirZip)
HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
Cookies _____________________________________________________________________
C:\Users\Christine K\AppData\Roaming\Mozilla\Firefox\Profiles\3azibh0d.default-1427376267154\cookies.sqlite:atdmt.com
C:\Users\Christine K\AppData\Roaming\Mozilla\Firefox\Profiles\3azibh0d.default-1427376267154\cookies.sqlite:doubleclick.net
Beim ESET Scan tritt folgender Fehler auf:
Unerwarteter Fehler 2002.
Außerdem habe ich dazu noch eine Frage. Ich habe 2 USB Stick und das Handy angeschlossen, da auch dieses sehr, sehr langsam reagiert. Außerdem habe ich auch noch eine externe Festplatte, die ich jedoch nicht gleichzeitig anschließen kann, da mir der Steckplatz fehlt. Wie gehe ich vor?
Danke und LG Christine
Themen zu Windows 8 _ Internet ladet sehr langsam bis gar nicht!
Zum Thema Windows 8 _ Internet ladet sehr langsam bis gar nicht! - Hallo
So, erstmal der Fixlog.txt.
Code:
Alles auswählen Aufklappen ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Christine K at 2015-03-30 19:05:57 - Windows 8 _ Internet ladet sehr langsam bis gar nicht!...
30.03.2015, 21:38
Baum-Darstellung