- #1
S
_solon_
Guest
Servus,
seit einiger Zeit habe ich gewaltige Performance-Probleme auf meinem W2K.
CSRSS.exe war z.B. so ein Kandidat. Aber ich glaube der ist sauber.
So brauchen z.B. normale Kopieraktione 10x-20x so lange wie normal.
Irgendjemand oder irgendetwas bremst mich aus.
Ich poste hier mal mein HiJackthis-file.
Vielleicht kann mal jemand drüber schauen....
Danke.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:43, on 22.06.2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Programme\Gemeinsame Dateien\AAV\aavus.exe
F:\Ashampoo-MagicalDefrag2\bin\aDefragService.exe
F:\CFosSpeed\spd.exe
F:\Eset-NOD32\ekrn.exe
E:\WINNT\System32\svchost.exe
E:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\WINNT\system32\hidserv.exe
E:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\WINNT\system32\nvsvc32.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\tcpsvcs.exe
E:\WINNT\system32\stisvc.exe
E:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
E:\WINNT\Explorer.EXE
E:\WINNT\system32\RUNDLL32.EXE
E:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
E:\WINNT\RTHDCPL.EXE
F:\Ashampoo-MagicalDefrag2\bin\defragTaskBar.exe
E:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
E:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe
E:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe
E:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe
F:\CFosSpeed\cFosSpeed.exe
F:\Eset-NOD32\egui.exe
E:\Programme\Java\jre1.6.0_05\bin\jusched.exe
E:\WINNT\system32\internat.exe
F:\SpybotSearch&Destroy\TeaTimer.exe
F:\Ashampoo-MagicalDefrag2\bin\defragActivityMonitor.exe
E:\WINNT\system32\wuauclt.exe
K:\Firefox\firefox.exe
K:\Sysinternalssuite\RootkitRevealer.exe
E:\DOKUME~1\2ndadmin\LOKALE~1\Temp\MDSIMKN.exe
K:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\SpybotSearch&Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - K:\PDFXChangeViewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - F:\SpoofStick-IE\SpoofStickBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - F:\SpoofStick-IE\SpoofStick.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] E:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] E:\WINNT\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] E:\WINNT\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [DefragTaskBar] F:\Ashampoo-MagicalDefrag2\bin\defragTaskBar.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] E:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe /source=HKLM
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] E:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe /source=HKLM
O4 - HKLM\..\Run: [OrderReminder] E:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [Launch LGDCore] E:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe /SHOWHIDE
O4 - HKLM\..\Run: [cFosSpeed] F:\CFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [egui] F:\Eset-NOD32\egui.exe /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programme\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] E:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\SpybotSearch&Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User->Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] E:\Programme\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User->Default user')
O4 - Global Startup: Microsoft Office.lnk = F:\MSOffice\Office10\OSA.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\MSOffice\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SpybotSearch&Destroy\SDHelper.dll
O9 - Extra->Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SpybotSearch&Destroy\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1198304384828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1210480853062
O23 - Service: AAV UpdateService - Unknown owner - E:\Programme\Gemeinsame Dateien\AAV\aavus.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - F:\Ashampoo-MagicalDefrag2\bin\aDefragService.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - F:\CFosSpeed\spd.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - F:\Eset-NOD32\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - F:\Eset-NOD32\ekrn.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - E:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - E:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: MDSIMKN - Sysinternals - www.sysinternals.com - E:\DOKUME~1\2ndadmin\LOKALE~1\Temp\MDSIMKN.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - E:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - E:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINNT\system32\nvsvc32.exe
O23 - Service: ThreatFire - Unknown owner - K:\ThreatFire\TFService.exe (file missing)
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - E:\WINNT\System32\TuneUpDefragService.exe
O23 - Service: soft Xpansion Print2Document (WPEServ) - soft Xpansion - E:\Programme\Gemeinsame Dateien\WPE\wpeserv.exe
--
End of file - 7721 bytes
seit einiger Zeit habe ich gewaltige Performance-Probleme auf meinem W2K.
CSRSS.exe war z.B. so ein Kandidat. Aber ich glaube der ist sauber.
So brauchen z.B. normale Kopieraktione 10x-20x so lange wie normal.
Irgendjemand oder irgendetwas bremst mich aus.
Ich poste hier mal mein HiJackthis-file.
Vielleicht kann mal jemand drüber schauen....
Danke.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:43, on 22.06.2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Programme\Gemeinsame Dateien\AAV\aavus.exe
F:\Ashampoo-MagicalDefrag2\bin\aDefragService.exe
F:\CFosSpeed\spd.exe
F:\Eset-NOD32\ekrn.exe
E:\WINNT\System32\svchost.exe
E:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\WINNT\system32\hidserv.exe
E:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\WINNT\system32\nvsvc32.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\tcpsvcs.exe
E:\WINNT\system32\stisvc.exe
E:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
E:\WINNT\Explorer.EXE
E:\WINNT\system32\RUNDLL32.EXE
E:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
E:\WINNT\RTHDCPL.EXE
F:\Ashampoo-MagicalDefrag2\bin\defragTaskBar.exe
E:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
E:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe
E:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe
E:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe
F:\CFosSpeed\cFosSpeed.exe
F:\Eset-NOD32\egui.exe
E:\Programme\Java\jre1.6.0_05\bin\jusched.exe
E:\WINNT\system32\internat.exe
F:\SpybotSearch&Destroy\TeaTimer.exe
F:\Ashampoo-MagicalDefrag2\bin\defragActivityMonitor.exe
E:\WINNT\system32\wuauclt.exe
K:\Firefox\firefox.exe
K:\Sysinternalssuite\RootkitRevealer.exe
E:\DOKUME~1\2ndadmin\LOKALE~1\Temp\MDSIMKN.exe
K:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\SpybotSearch&Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - K:\PDFXChangeViewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - F:\SpoofStick-IE\SpoofStickBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - F:\SpoofStick-IE\SpoofStick.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] E:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] E:\WINNT\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] E:\WINNT\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [DefragTaskBar] F:\Ashampoo-MagicalDefrag2\bin\defragTaskBar.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] E:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe /source=HKLM
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] E:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe /source=HKLM
O4 - HKLM\..\Run: [OrderReminder] E:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [Launch LGDCore] E:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe /SHOWHIDE
O4 - HKLM\..\Run: [cFosSpeed] F:\CFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [egui] F:\Eset-NOD32\egui.exe /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programme\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] E:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\SpybotSearch&Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User->Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] E:\Programme\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User->Default user')
O4 - Global Startup: Microsoft Office.lnk = F:\MSOffice\Office10\OSA.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\MSOffice\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SpybotSearch&Destroy\SDHelper.dll
O9 - Extra->Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SpybotSearch&Destroy\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1198304384828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1210480853062
O23 - Service: AAV UpdateService - Unknown owner - E:\Programme\Gemeinsame Dateien\AAV\aavus.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - F:\Ashampoo-MagicalDefrag2\bin\aDefragService.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - F:\CFosSpeed\spd.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - F:\Eset-NOD32\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - F:\Eset-NOD32\ekrn.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - E:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - E:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: MDSIMKN - Sysinternals - www.sysinternals.com - E:\DOKUME~1\2ndadmin\LOKALE~1\Temp\MDSIMKN.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - E:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - E:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINNT\system32\nvsvc32.exe
O23 - Service: ThreatFire - Unknown owner - K:\ThreatFire\TFService.exe (file missing)
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - E:\WINNT\System32\TuneUpDefragService.exe
O23 - Service: soft Xpansion Print2Document (WPEServ) - soft Xpansion - E:\Programme\Gemeinsame Dateien\WPE\wpeserv.exe
--
End of file - 7721 bytes
