|
Plagegeister aller Art und deren Bekämpfung: Virut.gen gefunden und mit AntiVir behandeltWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.09.2010, 16:34 | #1 |
| Virut.gen gefunden und mit AntiVir behandelt Hallo, ich habe gestern nach HTML-Code gesucht und war auf einer Website, die etwas "strange" aussah und meinen Rechner ziemlich langsam machte. Kurz darauf kam die Warnung meiner AntiVir Premium Security Suite, dass sie eine Malware namens "Virut.Gen" gefunden hat: In der Datei 'C:\Windows\Temp\tmp00005ffd\tmp0000296f' wurde ein Virus oder unerwünschtes Programm 'W32/Virut.Gen' [virus] gefunden. Ausgeführte Aktion: Zugriff erlauben Ich bin dann auf "entfernen" gegangen und habe meinen Rechner vollkommen gescannt. Währenddessen sagte mir meine Windows-Programme (Outlook, Word etc.) ständig, dass sie keine temporären Dateien anlegen könnten. Hatte da schon ziemlich Muffe... Aber jetzt nach erneutem Hochfahren und zwei AntiVir-Checks sieht alles normal aus und es gibt keine erneuten Warnungen. Heißt das, ich hab Glück gehabt und alles ist wieder super? Vielen Dank für Eure Hilfe und Eure Mühe! Peter |
23.09.2010, 19:24 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virut.gen gefunden und mit AntiVir behandelt Hallo und
__________________Beim Virut ist höchste Vorsicht geboten. Das Teil ist ein Fileinfector, d.h. er infiziert alle möglichen *.exe Dateien, die er zu fassen bekommt. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
24.09.2010, 11:44 | #3 |
| Virut.gen gefunden und mit AntiVir behandelt Super, vielen Dank schon mal im Voraus!
__________________Hier das Ergebnis von Malwarebytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4680 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 24.09.2010 12:39:31 mbam-log-2010-09-24 (12-39-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 453169 Laufzeit: 3 Stunde(n), 31 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Peter\Downloads\Keygen.exe (Trojan.Downloader) -> No action taken. Soll ich OTL jetzt noch machen? Viele Grüße Peter |
24.09.2010, 12:53 | #4 |
| Virut.gen gefunden und mit AntiVir behandelt Hier nochmal das 1. Logfile von OTL:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.09.2010 13:34:41 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Peter\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 61,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 278,28 Gb Total Space | 17,78 Gb Free Space | 6,39% Space Free | Partition Type: NTFS Drive D: | 19,80 Gb Total Space | 8,51 Gb Free Space | 42,98% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PETE Current User Name: Peter Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- (FLASHGET) "C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found "C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03904087-4E74-4BD0-ADBC-F302AA49EA08}" = lport=139 | protocol=6 | dir=in | app=system | "{0A609BC5-ABEE-4458-AE0C-F93324228A30}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{0D50465F-9225-4715-9BF1-846C73842833}" = rport=137 | protocol=17 | dir=out | app=system | "{1C09C1D0-210D-49A0-A285-B9C42065FE4A}" = lport=2869 | protocol=6 | dir=in | app=system | "{336FCC1E-A328-435D-8D9B-4DF902B3C5C8}" = lport=138 | protocol=17 | dir=in | app=system | "{4986369D-8B85-4076-BE50-3F29BCCEB79F}" = rport=139 | protocol=6 | dir=out | app=system | "{7298977E-5850-4750-A0D4-C72706C6B643}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{78A86E2D-5AFD-463B-9E5C-DA3C66336018}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7A7E6AFA-5382-44B5-AA16-20392FBAD1A9}" = lport=445 | protocol=6 | dir=in | app=system | "{902CD995-1979-47E0-B668-8370AF85C1BF}" = rport=138 | protocol=17 | dir=out | app=system | "{BBFB43AA-174E-4B91-A78C-CEA331EE69B5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{D0623C70-9D9A-4098-B639-AE238CCCD8C8}" = rport=445 | protocol=6 | dir=out | app=system | "{E4FE4EF0-E52D-4778-A602-3584DBE46E33}" = lport=32953 | protocol=6 | dir=in | name=emule | "{F65921B0-335B-4009-ACB0-E493450CE93D}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{126DE5F0-A9B3-4357-BC65-998AE6618057}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{27A8CAD8-F075-497A-A9C8-3898F1EA2A23}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{3679CC73-C833-4756-998A-51E95E83EE3C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{39A17834-026C-4205-A13D-6847272E440C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{3A6B9EBC-BA8A-4A7C-912D-8CBF8851B1F1}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | "{3AD970FF-A535-45FB-9345-97558FFAA571}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{4548C8B3-2ADF-4693-B94C-24C1699F4ED5}" = protocol=17 | dir=in | app=c:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe | "{5FA8D7A5-D35F-4B04-9273-ACD64E639783}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6080329F-5159-466A-82F9-306E12E5F22C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{688F059D-512E-47B9-B158-D20F11B45569}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{6D7E6597-49C7-4187-858F-04E5EA9F434C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{79B16813-7300-4744-A7BA-8B409DA1C30A}" = protocol=6 | dir=in | app=c:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe | "{883BA941-2E5D-4EF9-BE71-73A13A6F619B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8C88009E-9985-471B-ADFC-1578143FAD6A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{947B48F6-4E21-4B6C-B537-9F9BBE403C8F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{9A4C8565-6523-4142-B31B-00BB89602DD4}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{9AEFBF07-07B1-4CE6-B58F-DC10E5F48E8E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ABA54F45-D510-4360-BA30-516F2C225741}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{BD646E67-92C7-446E-80E9-5CAAEFB5E58F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{D6F8711B-F4BC-45A3-9AD3-5A61C9A5434D}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | "{DB90C6C3-9E8F-4971-BD56-9E0398DBAA62}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{E1F04DBC-8D60-41DC-A596-8BE066AAE10B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F195F319-3AB9-4BE3-9533-CD15D5BB41C8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{F267E648-4394-41B6-BFB2-4C249BC59D86}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "TCP Query User{11D783A0-D235-4FC2-86ED-EB1C30653D9B}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{21D8C41F-513E-49B9-91EB-537728DBF6AE}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{22AD1022-9931-407B-9CDA-696EF3559967}C:\program files\flashget network\flashget universal\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget network\flashget universal\flashget.exe | "TCP Query User{39D923B6-F756-48C4-AF7F-3B98D7C3AD94}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{4D81F970-D197-40A5-A46E-5AA7BD7C4BC1}C:\program files\vegas 6.0\vegsrv60.exe" = protocol=6 | dir=in | app=c:\program files\vegas 6.0\vegsrv60.exe | "TCP Query User{56D9DA94-1480-4323-9309-80C7E7257EB9}C:\program files\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe | "TCP Query User{AE986F95-82E4-44D9-B500-CFAFE741ADCA}C:\users\peter\appdata\roaming\microsoft\windows\start menu\programs\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\users\peter\appdata\roaming\microsoft\windows\start menu\programs\ws_ftp\ws_ftp95.exe | "TCP Query User{B04308C3-BC64-4D6F-AADD-CE9FEF00719B}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{B834F8DF-B69A-4D58-A0AB-860A4BDEB135}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{0189C611-D67E-4ED4-9EE5-E3B7CC169A27}C:\program files\flashget network\flashget universal\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget network\flashget universal\flashget.exe | "UDP Query User{1CC2246C-A4FB-47B5-B7D3-56E433821AED}C:\program files\vegas 6.0\vegsrv60.exe" = protocol=17 | dir=in | app=c:\program files\vegas 6.0\vegsrv60.exe | "UDP Query User{30809F82-5DE5-4786-967C-CD2F558C91E0}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{460CFCBD-1BE8-4D25-8568-B8804D842FA1}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{4DC000D7-609E-4C27-A83F-960033D93E24}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{52331006-192B-4925-8508-229AEF657C89}C:\users\peter\appdata\roaming\microsoft\windows\start menu\programs\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\users\peter\appdata\roaming\microsoft\windows\start menu\programs\ws_ftp\ws_ftp95.exe | "UDP Query User{720FFE0A-4C86-447C-B3E6-3D6EE8F37160}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{D2A71198-B460-4E34-BF85-CD52CA7E684F}C:\program files\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe | "UDP Query User{DD552D95-6AE6-4EF1-9E7C-19C0BB969B1A}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger "{0C42593A-B604-4A99-A0BE-F4AD9025F448}" = EN "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{15C768E2-AB61-4DE3-952F-6B237A834951}" = Adobe Setup "{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62 "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20 "{2B4FCBCD-3C07-4743-BC5A-8101836585C7}" = Simplified Chinese TTS "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3BDDA587-7CDE-430C-90A4-E2C4E48D3AE9}" = Camera Recorder "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{47948554-90C6-4AAC-8CFA-D23CE11C1033}" = Nero 8 Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{4F68B605-2F2B-42A8-8689-0CA7E67797B0}" = Sony Vegas 6.0d "{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer "{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS(TM) FIFA Online "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AEBFD30-B94F-4A49-8106-03039708BDD4}" = Duden Korrektor Patch 012009 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3 "{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9 "{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{B13F5727-F12F-4253-B6AD-26AFA880B709}" = Sony Media Manager 2.0 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C595649D-4C16-42D0-B606-2D1EF9D18C64}" = Duden Korrektor "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{D7A53E41-3F32-4A44-989C-53DDEBB2130C}" = Adobe Extension Manager CS3 "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DEC2C123-3CE0-4669-B119-61519130CACD}" = TortoiseSVN 1.6.10.19898 (32 bit) "{E16110F7-1C85-4675-99F4-7938F832C825}" = Adobe Fireworks CS3 "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync "7-Zip" = 7-Zip 4.65 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Adobe_bbef028176efa5abf0233d3e1747be8" = Adobe Fireworks CS3 "Avira AntiVir Desktop" = Avira Premium Security Suite "Bibliographix 7_is1" = Bibliographix 7 "BullGuard" = BullGuard 8.5 "DivX Setup.divx.com" = DivX-Setup "eMule" = eMule "ENTERPRISE" = Microsoft Office Enterprise 2007 "FileZilla Client" = FileZilla Client 3.2.5 "FlashGet 2.0" = FlashGet 2.0 "Free RAR Extract Frog 1.00" = Free RAR Extract Frog 1.00 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "Picasa2" = Picasa 2 "PunkBusterSvc" = PunkBuster Services "SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010) "VLC media player" = VLC media player 0.9.8a "WavePad" = WavePad Sound Editor "WinLiveSuite_Wave3" = Windows Live Essentials "XSManager" = XSManager "ZIP PASSWORD FINDER" = ZIP PASSWORD FINDER ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "8fb17bf1b812fb40" = MDBG Chinese Reader "Dropbox" = Dropbox "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 22.09.2010 07:26:12 | Computer Name = pete | Source = Application Hang | ID = 1002 Description = The program OUTLOOK.EXE version 12.0.4518.1014 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 10d4 Start Time: 01cb5a484df17af6 Termination Time: 66 Error - 22.09.2010 07:49:21 | Computer Name = pete | Source = WinMgmt | ID = 10 Description = Error - 22.09.2010 11:11:57 | Computer Name = pete | Source = WinMgmt | ID = 10 Description = Error - 23.09.2010 07:14:11 | Computer Name = pete | Source = WinMgmt | ID = 10 Description = Error - 23.09.2010 08:05:07 | Computer Name = pete | Source = Google Update | ID = 20 Description = Error - 23.09.2010 09:05:09 | Computer Name = pete | Source = Google Update | ID = 20 Description = Error - 23.09.2010 10:05:06 | Computer Name = pete | Source = Google Update | ID = 20 Description = Error - 23.09.2010 16:05:06 | Computer Name = pete | Source = Google Update | ID = 20 Description = Error - 23.09.2010 16:30:50 | Computer Name = pete | Source = Application Error | ID = 1000 Description = Faulting application DivX Plus Player.exe, version 10.2.1.13, time stamp 0x4c6c84c0, faulting module DivX Plus Player.exe, version 10.2.1.13, time stamp 0x4c6c84c0, exception code 0xc0000005, fault offset 0x0000bac1, process id 0x179c, application start time 0x01cb5b5cbefb1c35. Error - 23.09.2010 16:32:10 | Computer Name = pete | Source = Application Error | ID = 1000 Description = Faulting application DivX Plus Player.exe, version 10.2.1.13, time stamp 0x4c6c84c0, faulting module DPXPlayerPlugin.dll_unloaded, version 0.0.0.0, time stamp 0x4c6c84bc, exception code 0xc0000005, fault offset 0x0483da5e, process id 0xd24, application start time 0x01cb5b5e352d7b95. [ OSession Events ] Error - 16.01.2010 04:50:27 | Computer Name = pete | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5750 seconds with 1020 seconds of active time. This session ended with a crash. Error - 11.02.2010 05:44:49 | Computer Name = pete | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 26279 seconds with 0 seconds of active time. This session ended with a crash. Error - 04.03.2010 13:08:40 | Computer Name = pete | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 21557 seconds with 1620 seconds of active time. This session ended with a crash. [ System Events ] Error - 18.09.2010 16:58:42 | Computer Name = pete | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.50 for the Network Card with network address 0015AFD96F2A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 19.09.2010 04:43:09 | Computer Name = pete | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.50 for the Network Card with network address 0015AFD96F2A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 20.09.2010 03:10:26 | Computer Name = pete | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.50 for the Network Card with network address 0015AFD96F2A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 20.09.2010 12:06:53 | Computer Name = pete | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.111 for the Network Card with network address 0015AFD96F2A has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message). Error - 21.09.2010 08:15:44 | Computer Name = pete | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.2.102 for the Network Card with network address 0015AFD96F2A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 21.09.2010 16:20:35 | Computer Name = pete | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.50 for the Network Card with network address 0015AFD96F2A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 22.09.2010 02:48:22 | Computer Name = pete | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.50 for the Network Card with network address 0015AFD96F2A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 23.09.2010 07:18:19 | Computer Name = pete | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.50 for the Network Card with network address 0015AFD96F2A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 23.09.2010 16:17:20 | Computer Name = pete | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.50 for the Network Card with network address 0015AFD96F2A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 24.09.2010 02:34:01 | Computer Name = pete | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.51 for the Network Card with network address 0015AFD96F2A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). < End of report > |
24.09.2010, 13:03 | #5 |
| Virut.gen gefunden und mit AntiVir behandelt Und hier das 2. Logfile von OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.09.2010 13:34:41 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\peter\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 61,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 278,28 Gb Total Space | 17,78 Gb Free Space | 6,39% Space Free | Partition Type: NTFS Drive D: | 19,80 Gb Total Space | 8,51 Gb Free Space | 42,98% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PETE Current User Name: peter Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\peter\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\DivX\DivX Plus Player\DivX Plus Player.exe () PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Users\peter\AppData\Roaming\Dropbox\bin\Dropbox.exe () PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.) PRC - C:\Program Files\XSManager\WTGService.exe () PRC - C:\Program Files\Duden\Duden Korrektor\DKCore.exe (Expert System S.p.A.) PRC - C:\Program Files\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\System Control Manager\MSIService.exe () PRC - C:\Program Files\HomeCinema\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\peter\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (BgMainSvc) -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.) SRV - (WTGService) -- C:\Program Files\XSManager\WTGService.exe () SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) SRV - (BsMailProxy) -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy.dll (BullGuard Ltd.) SRV - (BgLiveSvc) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.) SRV - (BsFileScan) -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll (BullGuard Ltd.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH) DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (Trufos) -- C:\Program Files\BullGuard Ltd\BullGuard\Antirootkit\trufos.sys (BitDefender S.R.L.) DRV - (Profos) -- C:\Program Files\BullGuard Ltd\BullGuard\Antirootkit\profos.sys (BitDefender S.R.L.) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (BdFileSpy) -- C:\Windows\System32\drivers\BdFileSpy.sys (BullGuard Ltd.) DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://192.168.2.1/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3 FF - prefs.js..extensions.enabledItems: xstandard@xstandard.com:2.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.01 12:01:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.01 12:01:41 | 000,000,000 | ---D | M] [2009.03.27 05:42:22 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\Mozilla\Extensions [2010.09.23 16:56:29 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\pwpqb7cj.default\extensions [2010.07.11 14:56:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\pwpqb7cj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.02 09:31:42 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\pwpqb7cj.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB} [2010.07.11 16:06:45 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\pwpqb7cj.default\extensions\eafo3fflauncher@ea.com [2009.08.13 07:36:18 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\pwpqb7cj.default\extensions\xstandard@xstandard.com [2009.03.28 04:00:49 | 000,003,869 | ---- | M] () -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\pwpqb7cj.default\searchplugins\baidu.xml [2009.03.28 03:49:37 | 000,002,434 | ---- | M] () -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\pwpqb7cj.default\searchplugins\google-scholar.xml [2009.03.28 03:44:49 | 000,001,620 | ---- | M] () -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\pwpqb7cj.default\searchplugins\mozilla-add-ons.xml [2009.03.28 03:49:54 | 000,001,032 | ---- | M] () -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\pwpqb7cj.default\searchplugins\wikipedia-eng.xml [2009.04.09 01:52:55 | 000,000,945 | ---- | M] () -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\pwpqb7cj.default\searchplugins\youtube-videosuche.xml [2010.05.06 13:05:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.04.01 11:03:18 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.05.06 13:05:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\HomeCinema\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Program Files\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKCU..\Run: [peter] C:\Users\peter\peter.exe File not found O4 - HKCU..\Run: [NETSelog] C:\Users\peter\AppData\Local\Temp\Compywiz.DLL () O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\peter\AppData\Roaming\Dropbox\bin\Dropbox.exe () O4 - Startup: C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm () O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 05:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{41ffbce8-c6c7-11de-9667-00242160eb57}\Shell - "" = AutoRun O33 - MountPoints2\{41ffbce8-c6c7-11de-9667-00242160eb57}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.24 09:06:13 | 000,000,000 | ---D | C] -- C:\Users\peter\AppData\Roaming\Malwarebytes [2010.09.24 09:05:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.24 09:05:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.24 09:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.24 09:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.23 22:20:08 | 000,000,000 | ---D | C] -- C:\Users\peter\Desktop\1 [2010.09.15 13:16:38 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2010.09.05 22:28:33 | 000,000,000 | ---D | C] -- C:\Users\peter\Desktop\versuche [2010.09.04 10:27:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2 C:\Users\peter\Desktop\*.tmp files -> C:\Users\peter\Desktop\*.tmp -> ] [1 C:\Users\peter\*.tmp files -> C:\Users\peter\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.24 13:35:01 | 004,456,448 | -HS- | M] () -- C:\Users\peter\ntuser.dat [2010.09.24 13:16:20 | 000,421,435 | ---- | M] () -- C:\Users\peter\Desktop\footie.jpg [2010.09.24 13:05:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3898720551-4034792664-1382842457-1000UA.job [2010.09.24 13:02:18 | 000,138,968 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.09.24 13:02:06 | 000,214,592 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2010.09.24 12:33:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.24 12:33:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.24 09:04:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3898720551-4034792664-1382842457-1000Core.job [2010.09.24 08:34:24 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FA5B4DC3-DF62-4BDD-B1C8-BC2FA7B669AB}.job [2010.09.24 08:33:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.23 22:20:19 | 000,117,248 | ---- | M] () -- C:\Users\peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.23 22:18:00 | 000,121,029 | ---- | M] () -- C:\Users\peter\Desktop\1.zip [2010.09.23 13:13:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.23 13:13:26 | 3184,689,152 | -HS- | M] () -- C:\hiberfil.sys [2010.09.22 20:13:42 | 000,524,288 | -HS- | M] () -- C:\Users\peter\ntuser.dat{161075d3-30a5-11de-9fe2-00242160eb57}.TMContainer00000000000000000001.regtrans-ms [2010.09.22 20:13:42 | 000,065,536 | -HS- | M] () -- C:\Users\peter\ntuser.dat{161075d3-30a5-11de-9fe2-00242160eb57}.TM.blf [2010.09.22 20:13:30 | 002,878,687 | -H-- | M] () -- C:\Users\peter\AppData\Local\IconCache.db [2010.09.22 12:02:51 | 000,265,858 | ---- | M] () -- C:\Users\peter\Desktop\plg_highslide_2_0_7.zip [2010.09.21 19:20:59 | 000,000,680 | ---- | M] () -- C:\Users\peter\AppData\Local\d3d9caps.dat [2010.09.21 11:50:27 | 000,716,862 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.21 11:50:27 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.21 11:50:27 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.20 17:29:11 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2010.09.10 19:20:57 | 000,000,702 | ---- | M] () -- C:\Users\peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk [2010.09.10 19:20:57 | 000,000,678 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2010.09.01 12:47:22 | 012,562,356 | ---- | M] () -- C:\Users\peter\Desktop\03000202004C78DF5639190060166025B904-4132-C2CB-0690-22411DB9D2.flv [2010.08.26 09:57:51 | 000,461,030 | ---- | M] () -- C:\Users\peter\Desktop\FLT_P3FX1821127_0.pdf [2010.08.25 14:14:26 | 000,115,470 | ---- | M] () -- C:\Users\peter\Desktop\05-12_PROJEKTcontrolling_nordmedia_V3.pdf [2 C:\Users\peter\Desktop\*.tmp files -> C:\Users\peter\Desktop\*.tmp -> ] [1 C:\Users\peter\*.tmp files -> C:\Users\peter\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.24 13:16:19 | 000,421,435 | ---- | C] () -- C:\Users\peter\Desktop\footie.jpg [2010.09.23 22:19:52 | 000,121,029 | ---- | C] () -- C:\Users\peter\Desktop\1.zip [2010.09.01 12:47:21 | 012,562,356 | ---- | C] () -- C:\Users\peter\Desktop\03000202004C78DF563919006016605B904-4132-C2CB-0690-2241C919D2.flv [2010.08.26 09:57:51 | 000,461,030 | ---- | C] () -- C:\Users\peter\Desktop\FLT_P3FX1821127_0.pdf [2010.08.26 00:47:14 | 000,212,020 | ---- | C] () -- C:\Users\peter\Desktop\CR-016.pdf [2010.07.11 16:13:37 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.07.11 16:13:36 | 000,139,152 | ---- | C] () -- C:\Users\peter\AppData\Roaming\PnkBstrK.sys [2010.06.04 22:40:46 | 000,000,093 | ---- | C] () -- C:\Users\peter\AppData\Local\fusioncache.dat [2010.03.06 16:52:22 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.03.04 19:52:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.01.06 22:40:15 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.04.09 16:05:44 | 000,000,680 | ---- | C] () -- C:\Users\peter\AppData\Local\d3d9caps.dat [2009.03.26 08:01:14 | 000,117,248 | ---- | C] () -- C:\Users\peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.11 13:32:27 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2009.02.11 13:31:19 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll [2006.12.04 02:25:14 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugs2l3.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini < End of report > |
24.09.2010, 13:33 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virut.gen gefunden und mit AntiVir behandeltZitat:
Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr. Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ --> Virut.gen gefunden und mit AntiVir behandelt |
24.09.2010, 13:35 | #7 |
| Virut.gen gefunden und mit AntiVir behandelt Ok, danke ich hab das aber nicht gedownloaded, vielleicht mein Sohn oder meine Lebensgefährtin! Vielen Dank trotzdem! Gruß Peter |
Themen zu Virut.gen gefunden und mit AntiVir behandelt |
antivir, c:\windows, datei, dateien, entfernen, gesucht, hochfahren, langsam, malware, namens, outlook, programm, rechner, security, suite, super, temp, temporäre, tmp, unerwünschtes programm, virus, w32/virut.gen, warnung, windows, zugriff |