Home » Viren, Trojaner & Malware Forum » Computer ziemlich langsam & einige Fehler » Themenansicht

Computer ziemlich langsam & einige Fehler
#0
24.08.2010, 21:10
pascal25
Member

Beiträge: 19
#1 Seit einiger zeit ist mein Computer langsamer und es treten einige Fehlermeldungen etc. auf ich habe den verdacht das Viren, Trojaner & Malware dafür verantwortlich sind.

Code

OTL Extras logfile created on: 24.08.2010 19:58:09 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\hp\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,12 Gb Total Space | 284,11 Gb Free Space | 62,43% Space Free | Partition Type: NTFS
Drive D: | 10,64 Gb Total Space | 1,45 Gb Free Space | 13,63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HP-PC
Current User Name: hp
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D975D4-80C9-49EA-A6BF-9D7B5C0E95CA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{11F45ECD-803D-4468-BA4F-FDA94E60664A}" = lport=6114 | protocol=6 | dir=in | name=wc37 | 
"{194B7CFC-5829-40F7-849B-7D6FAE604318}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1F97BE18-47DA-4ADD-AE18-56FC16040588}" = lport=6113 | protocol=6 | dir=in | name=wc35 | 
"{2FB5B023-3BE2-4EDC-9A20-8BDFF5C429FA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{36463767-E07D-4A6C-A305-4C0B757AC3AA}" = lport=6111 | protocol=17 | dir=in | name=wc32 | 
"{4435E078-98D9-49B1-A4C3-55C712FA847C}" = lport=6111 | protocol=6 | dir=in | name=wc3 | 
"{58A93993-77BC-43F1-9ED9-F5FB1D3FB84F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{62FD7318-0339-443E-AE79-770F61262571}" = lport=6112 | protocol=17 | dir=in | name=wc34 | 
"{7613752E-0FB4-4D21-A621-CFC7E8CB411D}" = lport=6112 | protocol=6 | dir=in | name=wc33 | 
"{8568BB53-3177-495E-ACAD-533DB4F84D73}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9DC1AAE2-E62C-4008-A4BF-480C45E57477}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C33622FC-E651-4816-8E9F-099B688666BD}" = lport=6113 | protocol=17 | dir=in | name=wc36 | 
"{CDB6A26D-23CB-4070-AC06-7156E0B68F65}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E0195619-E5EE-4B66-BF64-B9D710903C90}" = lport=6114 | protocol=17 | dir=in | name=wc38 | 
"{F6D86828-A1F6-4A12-AC24-600F8FBEA450}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BAD16E3-EDD6-40C4-AE35-0591D0B63135}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{0C9AA316-0981-4180-97FC-98DFD599A293}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{1D03E841-D378-44B8-BD13-302468C67A88}" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"{25E0E7F6-1EE1-47FF-B3AA-7DA323BEA44E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3D2933FA-5497-4C83-A2F7-5273C4047F83}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{57987C63-CD61-49EB-B4FE-8D72FBB791E9}" = protocol=17 | dir=in | app=c:\program files\warcraft iii\bnupdate.exe | 
"{5CE7A209-06A8-4CC0-80F6-D0496C964445}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\bigturin\counter-strike source\hl2.exe | 
"{6877550F-B20F-4F9E-BC5B-768712DC16E8}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{7739359E-C208-44F2-A95F-3EB44E2A62B6}" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"{7860F71E-85CE-42DC-A8E6-EA90A87D0A63}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7B491475-ABC8-425A-9EA6-3139E53F45C3}" = protocol=17 | dir=in | app=c:\program files\warcraft iii\frozen throne.exe | 
"{845E0E90-7C7D-4414-AE48-5F153E61AB8A}" = protocol=17 | dir=in | app=c:\program files\warcraft iii\warcraft iii.exe | 
"{88104D78-DDD2-4377-B6EF-2E2E2993C0F1}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{9736D6E6-AC26-4D0E-9D25-354A46226B19}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\bigturin\counter-strike source\hl2.exe | 
"{C51E645B-AF0F-42C1-B1F4-67ED55ECD8C3}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{D279001C-1E82-4FCC-9994-BB5513221847}" = protocol=6 | dir=in | app=c:\program files\warcraft iii\frozen throne.exe | 
"{D9DD7B7D-4523-49C7-90E2-3ED4506BEBA0}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"{E4E6D26E-8DDF-4B95-AB6C-5CFC9A9CBD2D}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"{EB4F4A12-ACF6-4251-9882-8321205C4F52}" = protocol=6 | dir=in | app=c:\program files\warcraft iii\bnupdate.exe | 
"{F0EE1835-B965-499E-9CD9-25D9BFE18F76}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{F3709281-D269-446E-B16C-F6345D7A96CD}" = protocol=6 | dir=in | app=c:\program files\warcraft iii\warcraft iii.exe | 
"{F38D1787-3D91-4B58-A8BF-DEFE42499ABB}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{054EC923-4B05-D008-CBEC-7403ED383923}" = CCC Help Danish
"{09AF88A0-1895-E3CE-506A-FBA159EABC90}" = Catalyst Control Center Localization Greek
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A3A7A33-B6F5-6643-E98D-0AC5DD6493EE}" = CCC Help Thai
"{0D9ABD1F-786F-0D46-C2B4-9766CC22DFB0}" = Catalyst Control Center Graphics Previews Common
"{0FD46238-4C18-5173-D133-B07D93599AC7}" = CCC Help Japanese
"{15286CC2-DA82-B166-0D49-3AE8EE35ACD3}" = CCC Help Czech
"{19835C9E-09F6-4B6E-AAFA-67AB0E270054}" = Desktop Counters
"{1CD383EF-2B28-8384-1F08-437965EEE2AC}" = CCC Help Finnish
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{21B9B213-DE8D-10A6-CC00-7053F449DD9B}" = CCC Help Dutch
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding
"{2ED1D587-9CF4-0216-E314-A7F2D245A051}" = Catalyst Control Center Localization Thai
"{31787FDD-D9FB-C812-4A61-93A1C6B61568}" = ATI Catalyst Install Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3530A86D-0151-BADE-7D8B-2BE5E573B7FE}" = Catalyst Control Center Graphics Full New
"{37F8AD37-33BD-A92F-1C61-F1E3BC257A52}" = CCC Help Korean
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CB4DE6B-0063-F6CF-4D5E-C5AC574727DB}" = Catalyst Control Center Localization Czech
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4880CDEC-46B5-ECCB-0629-DCC5B59378BD}" = Catalyst Control Center Localization Chinese Traditional
"{4A15E552-7701-9671-4A5F-D2AD5D90BD1F}" = Catalyst Control Center Localization Polish
"{50FF0E66-C30A-66C2-5557-7A7DE87A2A57}" = CCC Help Turkish
"{533A46E3-A450-CD86-E4C2-61CC832149F9}" = Catalyst Control Center Localization Russian
"{537C444C-9FD0-07F4-80BE-292B712FA23E}" = CCC Help Russian
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54334E35-0C4E-7DDF-C137-7B3009142372}" = Catalyst Control Center Graphics Light
"{5442A47B-0CF1-9928-6B96-98ECED7EC302}" = Skins
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5840C930-8D3F-797A-42B9-4C3CC4D033FC}" = Catalyst Control Center Localization Korean
"{5E32EB1B-4E61-0A50-BEBC-35C856692F26}" = CCC Help Norwegian
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{640A46BE-9E3F-F4CC-29E1-BFC86CCFF16B}" = Catalyst Control Center Localization Chinese Standard
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CA7D5C7-42EE-4FEF-66E2-403A151CDA83}" = CCC Help Polish
"{71A6311C-8903-7B1D-3D1A-0ACF1065BBAE}" = CCC Help German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7DD1D7EB-4F6B-411F-43A9-BD6BA5FA44D6}" = Catalyst Control Center Localization Finnish
"{7EE104D6-75B0-9AD7-C6EF-16793F6AF206}" = CCC Help Greek
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = Garena
"{948001BB-99F4-BA2C-9B92-044F16DAA35E}" = CCC Help Hungarian
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CD9BB77-92F7-674F-E2D3-CF6D14C672EF}" = Catalyst Control Center Localization Turkish
"{9D9AE4AE-450D-909B-64F1-6F137CB4CDCC}" = CCC Help Chinese Traditional
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9DC47B66-E422-EDBF-341C-B544BC3F0D65}" = Catalyst Control Center Graphics Previews Vista
"{9F6C988E-9B1C-5038-A4E1-F8817509DAE8}" = Catalyst Control Center Localization Italian
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A55F99F2-D43E-8731-F7F9-3B3AB133A893}" = ccc-utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{B02BBF6C-FB6E-4BA4-7977-3D03D913BD9E}" = CCC Help Spanish
"{B0DE8404-2287-D17A-D483-608CC5D7427F}" = CCC Help Swedish
"{B37B43B2-05A2-C0E6-C74B-23184780BD4B}" = CCC Help Chinese Standard
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C4DA680A-657A-E15B-51EE-E71CF527CD80}" = Catalyst Control Center Localization Japanese
"{C4F0D5BE-0A7F-017E-66FC-DE96B6AF8F6F}" = CCC Help Italian
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C926ACAF-84DF-BDFD-6825-BC5669940AD0}" = Catalyst Control Center Localization Dutch
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC3CFFD1-0EEF-C9DD-5731-089CAA05EB30}" = CCC Help Portuguese
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D73EA784-FC47-E0AA-46CD-12486F41C252}" = Catalyst Control Center Localization Spanish
"{D9A5FF9F-7CEA-4075-8F17-1077026CD98B}" = CCC Help French
"{D9ABB34A-C07A-DCE7-21D3-3BB3E343457B}" = ccc-core-static
"{DB6CFD79-2AC7-A10E-CE84-13AAA52AE9C2}" = Catalyst Control Center Localization Norwegian
"{E053E456-5B00-9D0E-9FC8-7FC23326D487}" = Catalyst Control Center Localization French
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E1476612-02D6-42A3-BDC1-E292B4115738}" = HP Easy Setup - Frontend
"{E15C3B8B-E6AE-E417-4D8D-0E53424DFFBB}" = Catalyst Control Center Localization Portuguese
"{EC3A1D84-E178-56CB-C615-3E2720DD3959}" = Catalyst Control Center Localization Swedish
"{EF9B6310-F152-23FD-5ECE-1EA8EDC3BAF6}" = Catalyst Control Center Localization Danish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F67530B4-606E-4FEF-1555-CB8A5A539C84}" = Catalyst Control Center Graphics Full Existing
"{F84DFE70-2803-7068-EFD5-8F91A648DE87}" = Catalyst Control Center Core Implementation
"{F8CBC264-23A4-E63B-D112-67BFF6A8AED7}" = Catalyst Control Center Localization Hungarian
"{FE46F4D4-CC88-B686-FE10-B2C845FD3BC3}" = CCC Help English
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FEC2EC4D-D096-F5CA-CE9B-D525AB4573F6}" = Catalyst Control Center Localization German
"AC3Filter" = AC3Filter (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"DivX Setup.divx.com" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.3.2.1
"Google Chrome" = Google Chrome
"Hamachi" = Hamachi 1.0.2.1
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mIRC" = mIRC
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Silkroad" = Silkroad
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities" = TuneUp Utilities
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.16.0.0b
"WildTangent hp Master Uninstall" = My HP Games
"WinPcapInst" = WinPcap 4.0
"WinRAR archiver" = WinRAR
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

Code

OTL logfile created on: 24.08.2010 19:58:09 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\hp\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,12 Gb Total Space | 284,11 Gb Free Space | 62,43% Space Free | Partition Type: NTFS
Drive D: | 10,64 Gb Total Space | 1,45 Gb Free Space | 13,63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HP-PC
Current User Name: hp
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\hp\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\FreeLabs\Desktop Counters\DesktopCounters.exe (Free Labs)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\hp\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (PcdrNdisuio) -- C:\Windows\System32\DRIVERS\pcdrndisuio.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (GarenaPEngine) -- C:\Users\hp\AppData\Local\Temp\EZT3465.tmp File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (ATIXPGAA) -- C:\PCDR5\ATIXPGAA.SYS File not found
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1.2
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {5776FCEA-FDBF-11DA-A132-001321F5C1D9}:0.1.9
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.24 14:24:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.24 14:24:40 | 000,000,000 | ---D | M]
 
[2008.11.13 19:12:41 | 000,000,000 | ---D | M] -- C:\Users\hp\AppData\Roaming\mozilla\Extensions
[2010.08.23 21:25:52 | 000,000,000 | ---D | M] -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\1wfvhhre.default\extensions
[2010.05.07 14:49:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\1wfvhhre.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.01 16:39:27 | 000,000,000 | ---D | M] (POW) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\1wfvhhre.default\extensions\{5776FCEA-FDBF-11DA-A132-001321F5C1D9}
[2010.07.10 19:20:58 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\1wfvhhre.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2010.07.10 19:20:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\1wfvhhre.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.10 19:20:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\1wfvhhre.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.02.19 06:03:02 | 000,000,000 | ---D | M] -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\1wfvhhre.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.05.08 11:26:43 | 000,000,000 | ---D | M] -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\1wfvhhre.default\extensions\searchrecs@veoh.com
[2010.05.07 21:44:03 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [{0C4A8EA9-AE1B-5E4D-61D7-D7B97323FEE9}] C:\Users\hp\AppData\Roaming\Erur\wiob.exe (SOFTWIN S.R.L.)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Counters.lnk = C:\Users\hp\AppData\Roaming\Microsoft\Installer\{19835C9E-09F6-4B6E-AAFA-67AB0E270054}\_D111257F0038E0DD196BDC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\hp\Desktop\bilder\1b6fc0c49f.jpg
O24 - Desktop BackupWallPaper: C:\Users\hp\Desktop\bilder\1b6fc0c49f.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.11 09:18:02 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.08.24 19:56:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe
[2010.07.31 09:03:32 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\SpeedSim
[2010.07.31 09:03:08 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\ogame
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.08.24 19:58:25 | 006,291,456 | -HS- | M] () -- C:\Users\hp\NTUSER.DAT
[2010.08.24 19:56:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe
[2010.08.24 19:55:44 | 000,002,617 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Counters.lnk
[2010.08.24 19:55:31 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.24 19:55:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.24 19:55:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.24 19:55:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.24 19:55:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.24 19:55:20 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.24 19:54:46 | 000,524,288 | -HS- | M] () -- C:\Users\hp\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.24 19:54:46 | 000,065,536 | -HS- | M] () -- C:\Users\hp\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.24 19:54:44 | 003,060,526 | -H-- | M] () -- C:\Users\hp\AppData\Local\IconCache.db
[2010.08.24 19:04:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.24 11:27:20 | 001,432,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.24 11:27:20 | 000,623,042 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.24 11:27:20 | 000,591,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.24 11:27:20 | 000,125,172 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.24 11:27:20 | 000,102,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.19 16:35:38 | 000,048,128 | ---- | M] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.04 06:05:09 | 000,078,336 | ---- | M] () -- C:\Users\hp\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.04 06:04:50 | 000,332,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.01 11:20:23 | 000,000,035 | ---- | M] () -- C:\Windows\SIERRA.INI
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.02.07 17:19:18 | 000,000,036 | ---- | C] () -- C:\Windows\rasqervy.dll
[2010.02.07 17:19:15 | 000,000,008 | ---- | C] () -- C:\Windows\sdfinacs.dll
[2010.02.07 17:18:52 | 000,000,005 | ---- | C] () -- C:\Windows\sdfixwcs.dll
[2010.02.03 15:11:35 | 000,078,386 | ---- | C] () -- C:\Windows\msacm32.drv
[2010.02.03 15:11:35 | 000,000,100 | ---- | C] () -- C:\Windows\wuasirvy.dll
[2010.01.05 07:11:47 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009.12.13 22:33:03 | 000,076,880 | ---- | C] () -- C:\Programme\1194986474801021798smiley120.svg.hi.png
[2009.09.30 10:00:14 | 000,000,680 | ---- | C] () -- C:\Users\hp\AppData\Local\d3d9caps.dat
[2009.08.23 17:08:28 | 000,000,035 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.11.18 21:49:35 | 000,048,128 | ---- | C] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.11 17:50:20 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.11.11 09:02:34 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008.11.11 09:02:34 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007.01.25 19:31:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.08.24 19:54:48 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >
Rootkit-Suche mit Gmer hat nicht funktioniert das Programm bricht im 2 scan immer bei "device/harddiskvolumeshadowcopy" ab "Das Programm funktioniert nicht mehr" Das Programm selber wird dabei nebelig weiß und selbst nach 30 Minuten warten macht es nicht weiter.
Seitenanfang Seitenende
25.08.2010, 08:28
raman
Moderator

Beiträge: 7805
#2 Das sieht boese nach Zbot aus
C:\Users\hp\AppData\Roaming\Erur\wiob.exe UEberpruefe die Datei bitte bei Virustotal und poste den Link zum Ergebniss.
Ein Scan mit Malwarebytes waere auch hilfreich. Alle Funde bitte loeschen lassen und den Report bitte posten...
http://www.trojaner-board.de/51187-anleitung-malwarebytes-anti-malware.html

Mache bitte einen vollstaendigen Scan..
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
25.08.2010, 19:22
pascal25
Member

Themenstarter

Beiträge: 19
#3 Halte mich ruhig für dumm aber was ist Zbot?

https://www.virustotal.com/file-scan/report.html?id=1a2ebaa210b9c571f80ef5d576fa83035386336011c4721cf88e1eb6d7bfa0f5-1282751148

Code

Malwarebytes' Anti-Malware 1.33
Datenbank Version: 1738
Windows 6.0.6001 Service Pack 1

25.08.2010 19:21:55
mbam-log-2010-08-25 (19-21-55).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 276396
Laufzeit: 1 hour(s), 33 minute(s), 57 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully.
Seitenanfang Seitenende
26.08.2010, 05:26
raman
Moderator

Beiträge: 7805
#4 Zbot ist ein PAsswortstehlender Trojaner der agressieveren Art.
Aktualisiere bitte dein Mbam und mache ienen neuen scan. Aber im Grunde kannst du am besten deinen PC neu aufsetzen.

Das aendern aller deiner Passworte von einem sauberen PC aus ist Pflicht! Warte damit nicht so lange...
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
26.08.2010, 10:54
pascal25
Member

Themenstarter

Beiträge: 19
#5 Gibt es keine Möglichkeit den bot loszuwerden?



Kann ich Daten auf externen Festplatten sichern oder überschreibt sich der bot dabei mit?

Mbam lässt sich nicht aktualisieren, das Programm sagt es würde von der Firewall blockiert werden, allerdings ist es in der Firewall freigegeben und ich habe diese auch ausgeschaltet, trotzdem macht es nichts.
Seitenanfang Seitenende
26.08.2010, 11:18
raman
Moderator

Beiträge: 7805
#6 Das Mbam geblockt wird, liegt an dem Zbot. Du darfst gerne einmal Combofix nutzen und den Report posten, aber es aendert an deinem Problem wahrscheinlich nur wenig.
Daten sichern, kannst du gefahrlos....

http://board.protecus.de/t23187.htm#332612
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
26.08.2010, 12:01
pascal25
Member

Themenstarter

Beiträge: 19
#7 ich habe die Datei die ich da oben scannen sollte einfach mal gelöscht war das jetzt gut oder schlecht?

Ich werde mich später an combofix begeben da ich derzeit noch zu tun habe.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1