Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virut.gen gefunden und mit AntiVir behandelt (https://www.trojaner-board.de/91054-virut-gen-gefunden-antivir-behandelt.html)

peter567 23.09.2010 16:34
Virut.gen gefunden und mit AntiVir behandelt
 
Hallo,

ich habe gestern nach HTML-Code gesucht und war auf einer Website, die etwas "strange" aussah und meinen Rechner ziemlich langsam machte. Kurz darauf kam die Warnung meiner AntiVir Premium Security Suite, dass sie eine Malware namens "Virut.Gen" gefunden hat:

In der Datei 'C:\Windows\Temp\tmp00005ffd\tmp0000296f'
wurde ein Virus oder unerwünschtes Programm 'W32/Virut.Gen' [virus] gefunden.
Ausgeführte Aktion: Zugriff erlauben

Ich bin dann auf "entfernen" gegangen und habe meinen Rechner vollkommen gescannt. Währenddessen sagte mir meine Windows-Programme (Outlook, Word etc.) ständig, dass sie keine temporären Dateien anlegen könnten. Hatte da schon ziemlich Muffe...

Aber jetzt nach erneutem Hochfahren und zwei AntiVir-Checks sieht alles normal aus und es gibt keine erneuten Warnungen. Heißt das, ich hab Glück gehabt und alles ist wieder super?

Vielen Dank für Eure Hilfe und Eure Mühe! :dankeschoen::party:
Peter

cosinus 23.09.2010 19:24
Hallo und :hallo:

Beim Virut ist höchste Vorsicht geboten. Das Teil ist ein Fileinfector, d.h. er infiziert alle möglichen *.exe Dateien, die er zu fassen bekommt.

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

peter567 24.09.2010 11:44
Super, vielen Dank schon mal im Voraus! :dankeschoen:

Hier das Ergebnis von Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4680

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

24.09.2010 12:39:31
mbam-log-2010-09-24 (12-39-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 453169
Laufzeit: 3 Stunde(n), 31 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Peter\Downloads\Keygen.exe (Trojan.Downloader) -> No action taken.

Soll ich OTL jetzt noch machen?

Viele Grüße
Peter

peter567 24.09.2010 12:53
Hier nochmal das 1. Logfile von OTL:OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 24.09.2010 13:34:41 - Run 1
OTL by OldTimer - Version 3.2.14.1    Folder = C:\Users\Peter\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,28 Gb Total Space | 17,78 Gb Free Space | 6,39% Space Free | Partition Type: NTFS
Drive D: | 19,80 Gb Total Space | 8,51 Gb Free Space | 42,98% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PETE
Current User Name: Peter
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- (FLASHGET)
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03904087-4E74-4BD0-ADBC-F302AA49EA08}" = lport=139 | protocol=6 | dir=in | app=system |
"{0A609BC5-ABEE-4458-AE0C-F93324228A30}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0D50465F-9225-4715-9BF1-846C73842833}" = rport=137 | protocol=17 | dir=out | app=system |
"{1C09C1D0-210D-49A0-A285-B9C42065FE4A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{336FCC1E-A328-435D-8D9B-4DF902B3C5C8}" = lport=138 | protocol=17 | dir=in | app=system |
"{4986369D-8B85-4076-BE50-3F29BCCEB79F}" = rport=139 | protocol=6 | dir=out | app=system |
"{7298977E-5850-4750-A0D4-C72706C6B643}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{78A86E2D-5AFD-463B-9E5C-DA3C66336018}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7A7E6AFA-5382-44B5-AA16-20392FBAD1A9}" = lport=445 | protocol=6 | dir=in | app=system |
"{902CD995-1979-47E0-B668-8370AF85C1BF}" = rport=138 | protocol=17 | dir=out | app=system |
"{BBFB43AA-174E-4B91-A78C-CEA331EE69B5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{D0623C70-9D9A-4098-B639-AE238CCCD8C8}" = rport=445 | protocol=6 | dir=out | app=system |
"{E4FE4EF0-E52D-4778-A602-3584DBE46E33}" = lport=32953 | protocol=6 | dir=in | name=emule |
"{F65921B0-335B-4009-ACB0-E493450CE93D}" = lport=137 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{126DE5F0-A9B3-4357-BC65-998AE6618057}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{27A8CAD8-F075-497A-A9C8-3898F1EA2A23}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3679CC73-C833-4756-998A-51E95E83EE3C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{39A17834-026C-4205-A13D-6847272E440C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3A6B9EBC-BA8A-4A7C-912D-8CBF8851B1F1}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{3AD970FF-A535-45FB-9345-97558FFAA571}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4548C8B3-2ADF-4693-B94C-24C1699F4ED5}" = protocol=17 | dir=in | app=c:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe |
"{5FA8D7A5-D35F-4B04-9273-ACD64E639783}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6080329F-5159-466A-82F9-306E12E5F22C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{688F059D-512E-47B9-B158-D20F11B45569}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6D7E6597-49C7-4187-858F-04E5EA9F434C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{79B16813-7300-4744-A7BA-8B409DA1C30A}" = protocol=6 | dir=in | app=c:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe |
"{883BA941-2E5D-4EF9-BE71-73A13A6F619B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8C88009E-9985-471B-ADFC-1578143FAD6A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{947B48F6-4E21-4B6C-B537-9F9BBE403C8F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9A4C8565-6523-4142-B31B-00BB89602DD4}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9AEFBF07-07B1-4CE6-B58F-DC10E5F48E8E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABA54F45-D510-4360-BA30-516F2C225741}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BD646E67-92C7-446E-80E9-5CAAEFB5E58F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D6F8711B-F4BC-45A3-9AD3-5A61C9A5434D}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe |
"{DB90C6C3-9E8F-4971-BD56-9E0398DBAA62}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E1F04DBC-8D60-41DC-A596-8BE066AAE10B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F195F319-3AB9-4BE3-9533-CD15D5BB41C8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F267E648-4394-41B6-BFB2-4C249BC59D86}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{11D783A0-D235-4FC2-86ED-EB1C30653D9B}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{21D8C41F-513E-49B9-91EB-537728DBF6AE}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{22AD1022-9931-407B-9CDA-696EF3559967}C:\program files\flashget network\flashget universal\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget network\flashget universal\flashget.exe |
"TCP Query User{39D923B6-F756-48C4-AF7F-3B98D7C3AD94}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4D81F970-D197-40A5-A46E-5AA7BD7C4BC1}C:\program files\vegas 6.0\vegsrv60.exe" = protocol=6 | dir=in | app=c:\program files\vegas 6.0\vegsrv60.exe |
"TCP Query User{56D9DA94-1480-4323-9309-80C7E7257EB9}C:\program files\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe |
"TCP Query User{AE986F95-82E4-44D9-B500-CFAFE741ADCA}C:\users\peter\appdata\roaming\microsoft\windows\start menu\programs\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\users\peter\appdata\roaming\microsoft\windows\start menu\programs\ws_ftp\ws_ftp95.exe |
"TCP Query User{B04308C3-BC64-4D6F-AADD-CE9FEF00719B}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{B834F8DF-B69A-4D58-A0AB-860A4BDEB135}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{0189C611-D67E-4ED4-9EE5-E3B7CC169A27}C:\program files\flashget network\flashget universal\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget network\flashget universal\flashget.exe |
"UDP Query User{1CC2246C-A4FB-47B5-B7D3-56E433821AED}C:\program files\vegas 6.0\vegsrv60.exe" = protocol=17 | dir=in | app=c:\program files\vegas 6.0\vegsrv60.exe |
"UDP Query User{30809F82-5DE5-4786-967C-CD2F558C91E0}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{460CFCBD-1BE8-4D25-8568-B8804D842FA1}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{4DC000D7-609E-4C27-A83F-960033D93E24}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{52331006-192B-4925-8508-229AEF657C89}C:\users\peter\appdata\roaming\microsoft\windows\start menu\programs\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\users\peter\appdata\roaming\microsoft\windows\start menu\programs\ws_ftp\ws_ftp95.exe |
"UDP Query User{720FFE0A-4C86-447C-B3E6-3D6EE8F37160}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D2A71198-B460-4E34-BF85-CD52CA7E684F}C:\program files\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe |
"UDP Query User{DD552D95-6AE6-4EF1-9E7C-19C0BB969B1A}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C42593A-B604-4A99-A0BE-F4AD9025F448}" = EN
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15C768E2-AB61-4DE3-952F-6B237A834951}" = Adobe Setup
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{2B4FCBCD-3C07-4743-BC5A-8101836585C7}" = Simplified Chinese TTS
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3BDDA587-7CDE-430C-90A4-E2C4E48D3AE9}" = Camera Recorder
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{47948554-90C6-4AAC-8CFA-D23CE11C1033}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4F68B605-2F2B-42A8-8689-0CA7E67797B0}" = Sony Vegas 6.0d
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS(TM) FIFA Online
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEBFD30-B94F-4A49-8106-03039708BDD4}" = Duden Korrektor Patch 012009
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B13F5727-F12F-4253-B6AD-26AFA880B709}" = Sony Media Manager 2.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C595649D-4C16-42D0-B606-2D1EF9D18C64}" = Duden Korrektor
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D7A53E41-3F32-4A44-989C-53DDEBB2130C}" = Adobe Extension Manager CS3
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DEC2C123-3CE0-4669-B119-61519130CACD}" = TortoiseSVN 1.6.10.19898 (32 bit)
"{E16110F7-1C85-4675-99F4-7938F832C825}" = Adobe Fireworks CS3
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_bbef028176efa5abf0233d3e1747be8" = Adobe Fireworks CS3
"Avira AntiVir Desktop" = Avira Premium Security Suite
"Bibliographix 7_is1" = Bibliographix 7
"BullGuard" = BullGuard 8.5
"DivX Setup.divx.com" = DivX-Setup
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.2.5
"FlashGet 2.0" = FlashGet 2.0
"Free RAR Extract Frog 1.00" = Free RAR Extract Frog 1.00
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Picasa2" = Picasa 2
"PunkBusterSvc" = PunkBuster Services
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"VLC media player" = VLC media player 0.9.8a
"WavePad" = WavePad Sound Editor
"WinLiveSuite_Wave3" = Windows Live Essentials
"XSManager" = XSManager
"ZIP PASSWORD FINDER" = ZIP PASSWORD FINDER
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8fb17bf1b812fb40" = MDBG Chinese Reader
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.09.2010 07:26:12 | Computer Name = pete | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 12.0.4518.1014 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 10d4  Start Time: 01cb5a484df17af6  Termination Time: 66
 
Error - 22.09.2010 07:49:21 | Computer Name = pete | Source = WinMgmt | ID = 10
Description =
 
Error - 22.09.2010 11:11:57 | Computer Name = pete | Source = WinMgmt | ID = 10
Description =
 
Error - 23.09.2010 07:14:11 | Computer Name = pete | Source = WinMgmt | ID = 10
Description =
 
Error - 23.09.2010 08:05:07 | Computer Name = pete | Source = Google Update | ID = 20
Description =
 
Error - 23.09.2010 09:05:09 | Computer Name = pete | Source = Google Update | ID = 20
Description =
 
Error - 23.09.2010 10:05:06 | Computer Name = pete | Source = Google Update | ID = 20
Description =
 
Error - 23.09.2010 16:05:06 | Computer Name = pete | Source = Google Update | ID = 20
Description =
 
Error - 23.09.2010 16:30:50 | Computer Name = pete | Source = Application Error | ID = 1000
Description = Faulting application DivX Plus Player.exe, version 10.2.1.13, time
 stamp 0x4c6c84c0, faulting module DivX Plus Player.exe, version 10.2.1.13, time
 stamp 0x4c6c84c0, exception code 0xc0000005, fault offset 0x0000bac1,  process id
 0x179c, application start time 0x01cb5b5cbefb1c35.
 
Error - 23.09.2010 16:32:10 | Computer Name = pete | Source = Application Error | ID = 1000
Description = Faulting application DivX Plus Player.exe, version 10.2.1.13, time
 stamp 0x4c6c84c0, faulting module DPXPlayerPlugin.dll_unloaded, version 0.0.0.0,
 time stamp 0x4c6c84bc, exception code 0xc0000005, fault offset 0x0483da5e,  process
 id 0xd24, application start time 0x01cb5b5e352d7b95.
 
[ OSession Events ]
Error - 16.01.2010 04:50:27 | Computer Name = pete | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 5750 seconds with 1020 seconds of active time.  This session ended with a
 crash.
 
Error - 11.02.2010 05:44:49 | Computer Name = pete | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 26279
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.03.2010 13:08:40 | Computer Name = pete | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 21557
 seconds with 1620 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.09.2010 16:58:42 | Computer Name = pete | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.50 for the Network Card with network
 address 0015AFD96F2A has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 19.09.2010 04:43:09 | Computer Name = pete | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.50 for the Network Card with network
 address 0015AFD96F2A has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 20.09.2010 03:10:26 | Computer Name = pete | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.50 for the Network Card with network
 address 0015AFD96F2A has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 20.09.2010 12:06:53 | Computer Name = pete | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.111 for the Network Card with network
 address 0015AFD96F2A has been denied by the DHCP server 192.168.2.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 21.09.2010 08:15:44 | Computer Name = pete | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.102 for the Network Card with network
 address 0015AFD96F2A has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 21.09.2010 16:20:35 | Computer Name = pete | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.50 for the Network Card with network
 address 0015AFD96F2A has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 22.09.2010 02:48:22 | Computer Name = pete | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.50 for the Network Card with network
 address 0015AFD96F2A has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 23.09.2010 07:18:19 | Computer Name = pete | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.50 for the Network Card with network
 address 0015AFD96F2A has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 23.09.2010 16:17:20 | Computer Name = pete | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.50 for the Network Card with network
 address 0015AFD96F2A has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 24.09.2010 02:34:01 | Computer Name = pete | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.51 for the Network Card with network
 address 0015AFD96F2A has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
 
< End of report >
--- --- ---

peter567 24.09.2010 13:03
Und hier das 2. Logfile von OTL:OTL Logfile:
Code:
OTL logfile created on: 24.09.2010 13:34:41 - Run 1
OTL by OldTimer - Version 3.2.14.1    Folder = C:\Users\peter\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,28 Gb Total Space | 17,78 Gb Free Space | 6,39% Space Free | Partition Type: NTFS
Drive D: | 19,80 Gb Total Space | 8,51 Gb Free Space | 42,98% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PETE
Current User Name: peter
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\peter\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\DivX\DivX Plus Player\DivX Plus Player.exe ()
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Users\peter\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.)
PRC - C:\Program Files\XSManager\WTGService.exe ()
PRC - C:\Program Files\Duden\Duden Korrektor\DKCore.exe (Expert System S.p.A.)
PRC - C:\Program Files\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\System Control Manager\MSIService.exe ()
PRC - C:\Program Files\HomeCinema\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\peter\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (BgMainSvc) -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.)
SRV - (WTGService) -- C:\Program Files\XSManager\WTGService.exe ()
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (BsMailProxy) -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy.dll (BullGuard Ltd.)
SRV - (BgLiveSvc) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.)
SRV - (BsFileScan) -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll (BullGuard Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (Trufos) -- C:\Program Files\BullGuard Ltd\BullGuard\Antirootkit\trufos.sys (BitDefender S.R.L.)
DRV - (Profos) -- C:\Program Files\BullGuard Ltd\BullGuard\Antirootkit\profos.sys (BitDefender S.R.L.)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (BdFileSpy) -- C:\Windows\System32\drivers\BdFileSpy.sys (BullGuard Ltd.)
DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aldi.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://192.168.2.1/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: xstandard@xstandard.com:2.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.01 12:01:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.01 12:01:41 | 000,000,000 | ---D | M]
 
[2009.03.27 05:42:22 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\Mozilla\Extensions
[2010.09.23 16:56:29 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\pwpqb7cj.default\extensions
[2010.07.11 14:56:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\pwpqb7cj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.02 09:31:42 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\pwpqb7cj.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010.07.11 16:06:45 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\pwpqb7cj.default\extensions\eafo3fflauncher@ea.com
[2009.08.13 07:36:18 | 000,000,000 | ---D | M] -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\pwpqb7cj.default\extensions\xstandard@xstandard.com
[2009.03.28 04:00:49 | 000,003,869 | ---- | M] () -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\pwpqb7cj.default\searchplugins\baidu.xml
[2009.03.28 03:49:37 | 000,002,434 | ---- | M] () -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\pwpqb7cj.default\searchplugins\google-scholar.xml
 [2009.03.28 03:44:49 | 000,001,620 | ---- | M] () -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\pwpqb7cj.default\searchplugins\mozilla-add-ons.xml
[2009.03.28 03:49:54 | 000,001,032 | ---- | M] () -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\pwpqb7cj.default\searchplugins\wikipedia-eng.xml
[2009.04.09 01:52:55 | 000,000,945 | ---- | M] () -- C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\pwpqb7cj.default\searchplugins\youtube-videosuche.xml
[2010.05.06 13:05:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.01 11:03:18 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.05.06 13:05:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\HomeCinema\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Program Files\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [peter] C:\Users\peter\peter.exe File not found
O4 - HKCU..\Run: [NETSelog] C:\Users\peter\AppData\Local\Temp\Compywiz.DLL ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\peter\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm ()
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 05:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{41ffbce8-c6c7-11de-9667-00242160eb57}\Shell - "" = AutoRun
O33 - MountPoints2\{41ffbce8-c6c7-11de-9667-00242160eb57}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.24 09:06:13 | 000,000,000 | ---D | C] -- C:\Users\peter\AppData\Roaming\Malwarebytes
[2010.09.24 09:05:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.24 09:05:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.24 09:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.24 09:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.23 22:20:08 | 000,000,000 | ---D | C] -- C:\Users\peter\Desktop\1
 [2010.09.15 13:16:38 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.09.05 22:28:33 | 000,000,000 | ---D | C] -- C:\Users\peter\Desktop\versuche
[2010.09.04 10:27:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2 C:\Users\peter\Desktop\*.tmp files -> C:\Users\peter\Desktop\*.tmp -> ]
[1 C:\Users\peter\*.tmp files -> C:\Users\peter\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.24 13:35:01 | 004,456,448 | -HS- | M] () -- C:\Users\peter\ntuser.dat
[2010.09.24 13:16:20 | 000,421,435 | ---- | M] () -- C:\Users\peter\Desktop\footie.jpg
[2010.09.24 13:05:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3898720551-4034792664-1382842457-1000UA.job
[2010.09.24 13:02:18 | 000,138,968 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.09.24 13:02:06 | 000,214,592 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.09.24 12:33:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.24 12:33:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.24 09:04:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3898720551-4034792664-1382842457-1000Core.job
[2010.09.24 08:34:24 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FA5B4DC3-DF62-4BDD-B1C8-BC2FA7B669AB}.job
[2010.09.24 08:33:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.23 22:20:19 | 000,117,248 | ---- | M] () -- C:\Users\peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.23 22:18:00 | 000,121,029 | ---- | M] () -- C:\Users\peter\Desktop\1.zip
[2010.09.23 13:13:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.23 13:13:26 | 3184,689,152 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.22 20:13:42 | 000,524,288 | -HS- | M] () -- C:\Users\peter\ntuser.dat{161075d3-30a5-11de-9fe2-00242160eb57}.TMContainer00000000000000000001.regtrans-ms
[2010.09.22 20:13:42 | 000,065,536 | -HS- | M] () -- C:\Users\peter\ntuser.dat{161075d3-30a5-11de-9fe2-00242160eb57}.TM.blf
[2010.09.22 20:13:30 | 002,878,687 | -H-- | M] () -- C:\Users\peter\AppData\Local\IconCache.db
[2010.09.22 12:02:51 | 000,265,858 | ---- | M] () -- C:\Users\peter\Desktop\plg_highslide_2_0_7.zip
[2010.09.21 19:20:59 | 000,000,680 | ---- | M] () -- C:\Users\peter\AppData\Local\d3d9caps.dat
[2010.09.21 11:50:27 | 000,716,862 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.21 11:50:27 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.21 11:50:27 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.20 17:29:11 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.09.10 19:20:57 | 000,000,702 | ---- | M] () -- C:\Users\peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010.09.10 19:20:57 | 000,000,678 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.09.01 12:47:22 | 012,562,356 | ---- | M] () -- C:\Users\peter\Desktop\03000202004C78DF5639190060166025B904-4132-C2CB-0690-22411DB9D2.flv
 [2010.08.26 09:57:51 | 000,461,030 | ---- | M] () -- C:\Users\peter\Desktop\FLT_P3FX1821127_0.pdf
 [2010.08.25 14:14:26 | 000,115,470 | ---- | M] () -- C:\Users\peter\Desktop\05-12_PROJEKTcontrolling_nordmedia_V3.pdf
[2 C:\Users\peter\Desktop\*.tmp files -> C:\Users\peter\Desktop\*.tmp -> ]
[1 C:\Users\peter\*.tmp files -> C:\Users\peter\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.24 13:16:19 | 000,421,435 | ---- | C] () -- C:\Users\peter\Desktop\footie.jpg
[2010.09.23 22:19:52 | 000,121,029 | ---- | C] () -- C:\Users\peter\Desktop\1.zip
 [2010.09.01 12:47:21 | 012,562,356 | ---- | C] () -- C:\Users\peter\Desktop\03000202004C78DF563919006016605B904-4132-C2CB-0690-2241C919D2.flv
 [2010.08.26 09:57:51 | 000,461,030 | ---- | C] () -- C:\Users\peter\Desktop\FLT_P3FX1821127_0.pdf
[2010.08.26 00:47:14 | 000,212,020 | ---- | C] () -- C:\Users\peter\Desktop\CR-016.pdf
 [2010.07.11 16:13:37 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.11 16:13:36 | 000,139,152 | ---- | C] () -- C:\Users\peter\AppData\Roaming\PnkBstrK.sys
[2010.06.04 22:40:46 | 000,000,093 | ---- | C] () -- C:\Users\peter\AppData\Local\fusioncache.dat
[2010.03.06 16:52:22 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.03.04 19:52:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.01.06 22:40:15 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.04.09 16:05:44 | 000,000,680 | ---- | C] () -- C:\Users\peter\AppData\Local\d3d9caps.dat
[2009.03.26 08:01:14 | 000,117,248 | ---- | C] () -- C:\Users\peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.11 13:32:27 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009.02.11 13:31:19 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2006.12.04 02:25:14 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugs2l3.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
< End of report >
--- --- ---

cosinus 24.09.2010 13:33
Zitat:
C:\Users\Peter\Downloads\Keygen.exe (Trojan.Downloader) -> No action taken.
Du kannst formatieren. Bei sowas muss man sich auch nicht wundern, wenn Befall wie Virut da ist :stirn:

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!

peter567 24.09.2010 13:35
Ok, danke ich hab das aber nicht gedownloaded, vielleicht mein Sohn oder meine Lebensgefährtin! Vielen Dank trotzdem!

Gruß
Peter


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:58 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131