Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Virus TR/Spy.Ipsiut.ag gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 26.06.2011, 18:43   #1
peter111
 
Virus TR/Spy.Ipsiut.ag gefunden - Standard

Virus TR/Spy.Ipsiut.ag gefunden



ich habe antivir free installiert. der zeigt mir seit kurzem immer an: trojaner gefunden TR/Spy.Ipsiut.ag in C:\Windows\System32\certmgrd.dll. über den virus finde ich nichts bei google.
habe Malwarebytes und OTL durchgeführt, weiß aber nicht was die Ergebnisse bedeuten.
malwarebytes:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6954

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

26.06.2011 18:27:05
mbam-log-2011-06-26 (18-27-05).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 189910
Laufzeit: 5 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL.txt
OTL logfile created on: 26.06.2011 18:32:22 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\*****\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 54,58% Memory free
6,21 Gb Paging File | 4,77 Gb Available in Paging File | 76,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 444,18 Gb Total Space | 98,22 Gb Free Space | 22,11% Space Free | Partition Type: NTFS
Drive D: | 21,56 Gb Total Space | 13,44 Gb Free Space | 62,34% Space Free | Partition Type: FAT32

Computer Name: ******** | User Name: ******* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.06.26 18:31:36 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Downloads\OTL.exe
PRC - [2011.05.29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.05.02 20:25:42 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.03.07 21:40:37 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.05.21 01:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 01:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.02.03 16:37:57 | 000,154,112 | ---- | M] () -- C:\Programme\ImagonShared\DierckeBrowserInterface.exe
PRC - [2009.09.26 07:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2009.09.23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009.09.23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.29 19:55:24 | 003,338,240 | ---- | M] (Electronic Arts) -- C:\Programme\Electronic Arts\EADM\Core.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Pixart\Pac7302\Monitor.exe
PRC - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe


========== Modules (SafeList) ==========

MOD - [2011.06.26 18:31:36 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Downloads\OTL.exe
MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.01.14 15:00:29 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.05.05 16:10:57 | 000,316,816 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\System32\appdrvrem01.exe -- (appdrvrem01) Application Driver Auto Removal Service (01)
SRV - [2009.09.23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009.09.23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009.08.24 14:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.02.20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.12.29 18:32:36 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2010.05.05 16:10:59 | 003,033,712 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
DRV - [2010.01.12 13:03:34 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.10.26 11:43:54 | 000,032,800 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2009.10.26 11:43:52 | 000,093,344 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2009.10.05 21:20:26 | 000,031,872 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV - [2009.09.24 10:30:02 | 001,006,816 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2009.09.23 15:04:56 | 000,021,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2009.09.23 15:04:56 | 000,014,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\drivers\SftVollh.sys -- (sftvol)
DRV - [2009.09.23 15:04:54 | 000,190,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\drivers\sftplaylh.sys -- (sftplay)
DRV - [2009.09.23 15:04:50 | 000,543,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\drivers\SftFSlh.sys -- (sftfs)
DRV - [2009.05.13 14:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 14:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.07.30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.10.19 11:37:56 | 000,466,048 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P)
DRV - [2007.09.21 10:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.06.14 15:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 C8 33 BD 02 4D CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:defficial"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.03.07 21:41:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.02 20:25:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.17 07:55:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.06.23 18:05:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.06.17 07:55:51 | 000,000,000 | ---D | M]

[2010.03.22 16:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions
[2010.03.22 16:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.09 20:41:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\76l9t4u9.default\extensions
[2010.06.29 14:53:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\76l9t4u9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.26 14:07:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\76l9t4u9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.03.26 14:06:52 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\76l9t4u9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.03.26 14:07:06 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\76l9t4u9.default\extensions\engine@conduit.com
[2010.06.08 11:29:10 | 000,000,927 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\76l9t4u9.default\searchplugins\conduit.xml
[2011.04.09 20:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.09 11:11:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.01.21 16:10:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2010.05.09 11:11:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.01.21 16:10:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.07 21:41:05 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011.05.02 20:25:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IR_SERVER] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\Pixart\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [MSS] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Team Milram - {45D24C55-1116-42BB-8999-B315E7C69A70} - Reg Error: Key error. File not found
O9 - Extra Button: - {55D24C55-1116-42BB-8999-B315E7C69A70} - Reg Error: Key error. File not found
O9 - Extra Button: - {65D24C55-1116-42BB-8999-B315E7C69A70} - Reg Error: Key error. File not found
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{08fce524-45fa-11df-aa7d-0021850fa02c}\Shell - "" = AutoRun
O33 - MountPoints2\{08fce524-45fa-11df-aa7d-0021850fa02c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.06.26 18:20:42 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes
[2011.06.26 18:20:29 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.26 18:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.26 18:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.26 18:20:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.26 18:20:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.24 18:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\NFS Underground
[2011.06.24 18:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2011.06.24 18:30:28 | 000,000,000 | ---D | C] -- C:\Programme\EA GAMES
[2011.06.23 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\für corinna
[2011.06.19 20:11:13 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\Gartenarbeit am 17_06_2011
[2011.06.16 12:18:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.06.16 12:18:28 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.06.16 12:18:27 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.06.16 12:18:27 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.06.16 12:18:27 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.06.16 12:18:27 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.06.16 12:18:27 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.06.16 12:18:27 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.06.16 12:18:27 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.06.16 12:18:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.06.16 12:18:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.06.16 12:18:27 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.06.16 12:18:26 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.06.16 12:18:26 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.06.16 12:18:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.06.16 12:18:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.06.16 12:18:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.06.16 12:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.06.10 21:15:31 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\Tiramisu
[2011.06.05 17:46:28 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\Fotos vom 5.6.11
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.06.26 18:31:59 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{54C5C3D0-BD2E-4328-912D-43C83CEC3C2B}.job
[2011.06.26 18:20:29 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.26 17:54:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.26 17:39:30 | 000,143,084 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.06.26 17:39:30 | 000,143,084 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.06.26 17:39:21 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.26 17:39:10 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.26 17:39:10 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.26 17:39:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.26 17:39:05 | 3217,252,352 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.25 16:11:25 | 000,086,785 | ---- | M] () -- C:\Users\Matthias\Desktop\subtropische Länder.odt
[2011.06.25 14:48:12 | 000,015,360 | ---- | M] () -- C:\Users\Matthias\Desktop\lebenslaufbe.odt
[2011.06.24 18:35:55 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\NFS Underground.lnk
[2011.06.23 14:31:25 | 001,351,630 | ---- | M] () -- C:\Users\Matthias\Desktop\Bild Eli, bitte nicht löschen!!!!!!.jpg
[2011.06.22 21:44:57 | 000,010,269 | ---- | M] () -- C:\Users\Matthias\Desktop\Albers.odt
[2011.06.19 16:57:20 | 000,675,656 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.19 16:57:20 | 000,642,950 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.19 16:57:20 | 000,143,956 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.19 16:57:20 | 000,121,580 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.17 08:27:56 | 000,020,854 | ---- | M] () -- C:\Users\Matthias\Desktop\Bode Lingen.odt
[2011.06.17 07:55:52 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.06.16 14:54:51 | 000,018,260 | ---- | M] () -- C:\Users\Matthias\Desktop\buchausleihemk.odt
[2011.06.13 21:37:36 | 000,017,095 | ---- | M] () -- C:\Users\Matthias\Desktop\PVG.odt
[2011.06.06 20:01:22 | 000,137,860 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mdbu.bin
[2011.06.02 12:47:56 | 005,208,513 | ---- | M] () -- C:\Users\Matthias\Desktop\Uhu.JPG
[2011.05.30 21:32:14 | 000,182,154 | ---- | M] () -- C:\Users\Matthias\Documents\ESt2010_Petersen_Matthias_und_Petersen_Bettina.elfo
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.28 14:21:32 | 000,023,346 | ---- | M] () -- C:\Users\Matthias\Desktop\ESt2010_Petersen_Matthias_und_Petersen_Bettina.elfo
[2011.05.28 08:05:27 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.05.28 08:04:56 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.05.28 08:04:56 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.05.28 08:04:30 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.05.28 08:04:22 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.05.28 08:04:17 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.05.28 08:04:03 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.05.28 08:04:03 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.05.28 08:04:03 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.05.28 08:04:02 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.05.28 08:04:02 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.05.28 08:03:58 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.05.28 07:10:26 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.05.28 06:33:03 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.05.28 06:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.05.28 06:32:15 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.05.28 06:31:44 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.06.26 18:20:29 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.25 16:11:22 | 000,086,785 | ---- | C] () -- C:\Users\Matthias\Desktop\subtropische Länder.odt
[2011.06.25 14:48:10 | 000,015,360 | ---- | C] () -- C:\Users\Matthias\Desktop\lebenslaufbe.odt
[2011.06.24 18:35:55 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\NFS Underground.lnk
[2011.06.23 14:31:45 | 001,351,630 | ---- | C] () -- C:\Users\Matthias\Desktop\Bild Eli, bitte nicht löschen!!!!!!.jpg
[2011.06.22 21:44:55 | 000,010,269 | ---- | C] () -- C:\Users\Matthias\Desktop\Albers.odt
[2011.06.17 08:27:55 | 000,020,854 | ---- | C] () -- C:\Users\Matthias\Desktop\Bode Lingen.odt
[2011.06.16 14:54:49 | 000,018,260 | ---- | C] () -- C:\Users\Matthias\Desktop\buchausleihemk.odt
[2011.06.13 21:23:13 | 000,017,095 | ---- | C] () -- C:\Users\Matthias\Desktop\PVG.odt
[2011.05.28 14:21:08 | 000,023,346 | ---- | C] () -- C:\Users\Matthias\Desktop\ESt2010_Petersen_Matthias_und_Petersen_Bettina.elfo
[2011.01.05 13:00:03 | 000,073,832 | ---- | C] () -- C:\Windows\System32\SuperFrameSplitter.dll
[2011.01.05 13:00:03 | 000,053,248 | ---- | C] () -- C:\Windows\System32\RTKDABMWare.dll
[2010.12.16 12:32:50 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2010.12.16 12:32:49 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2010.12.02 13:23:34 | 000,026,112 | ---- | C] () -- C:\Windows\System32\certmgrd.dll
[2010.11.29 13:10:31 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe
[2010.07.26 09:33:36 | 000,842,918 | ---- | C] () -- C:\Windows\Der neue Gedächtnistrainer Vol. 1 Uninstaller.exe
[2010.07.13 15:26:20 | 000,137,860 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\mdbu.bin
[2010.07.01 17:18:05 | 000,946,550 | ---- | C] () -- C:\Windows\Diercke Globus Online Uninstaller.exe
[2010.06.20 18:25:05 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.INI
[2010.05.16 16:36:21 | 000,071,680 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.31 15:41:28 | 000,020,480 | ---- | C] () -- C:\Windows\System32\jesterss.dll
[2010.03.22 14:18:38 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.03.22 14:18:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.03.22 13:17:12 | 000,143,084 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.03.22 12:41:40 | 000,143,084 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.09.24 10:30:02 | 000,007,648 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.01.21 09:15:58 | 000,675,656 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,143,956 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,395,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,642,950 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,121,580 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Matthias\Desktop\CLIP0064.AVI:TOC.WMV

< End of report >


extra.txt
OTL Extras logfile created on: 26.06.2011 18:32:22 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\*****\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 54,58% Memory free
6,21 Gb Paging File | 4,77 Gb Available in Paging File | 76,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 444,18 Gb Total Space | 98,22 Gb Free Space | 22,11% Space Free | Partition Type: NTFS
Drive D: | 21,56 Gb Total Space | 13,44 Gb Free Space | 62,34% Space Free | Partition Type: FAT32

Computer Name: ******* | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0014333E-B712-43CC-A1A1-BF496C96F713}" = rport=139 | protocol=6 | dir=out | app=system |
"{1039FE38-70B5-405B-9D37-7960682DAF33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{17C444CE-0F0B-47BB-9946-047C1D87B62F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{257B9812-5ADC-4BA2-BB7B-710ADD6F69EB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{279FB50E-1DB5-4978-8071-91B463ADC3AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2D8C0855-190C-4C46-A83B-468DEDDDD56B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3107FB09-7A42-4D54-A765-C0495EF8D054}" = rport=138 | protocol=17 | dir=out | app=system |
"{48F79E22-77BF-4D6B-98E2-948764E01EF7}" = rport=137 | protocol=17 | dir=out | app=system |
"{4B258BC1-5AA4-4727-8AE5-BAA5A3524DC0}" = lport=139 | protocol=6 | dir=in | app=system |
"{4B977743-C3A5-4962-8643-0FF961AA0C23}" = lport=445 | protocol=6 | dir=in | app=system |
"{52BF9CFF-9A13-4D60-9C53-4C7B31942A21}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5B8B56F8-1840-4E9F-A1E6-299D9BEF9C8C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{718FBE4A-4F21-4386-A86C-5762756BD1C9}" = lport=138 | protocol=17 | dir=in | app=system |
"{79CB2001-4149-4887-8341-51AD2CFCD1F5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{92597FDC-D879-4B3D-857E-F0FAEF5FAE89}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{9B0EA86F-B774-4E8A-A8A4-600848DADF37}" = rport=445 | protocol=6 | dir=out | app=system |
"{AE005ED7-DCE5-4548-AFFD-47D014E05C6B}" = lport=137 | protocol=17 | dir=in | app=system |
"{DB7036AF-04B5-4525-92FB-3879A73F08BE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E098270C-40EF-4375-BCB1-52CBB04E2663}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F2698E81-2547-4F57-8A08-4749A8ED5C93}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FAF5F638-9F87-401B-9C69-D986B2C03D51}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{109B4998-03D8-4D43-856F-7479425725AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2410407F-A1D5-4700-BC92-B43C49F723A2}" = protocol=6 | dir=in | app=c:\program files\sega\beijing 2008\beijing.exe |
"{28B766BA-7D23-4614-B8BC-ECF1057557E5}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe |
"{2A5D20E6-B03F-45FA-A626-51A03D3DFF4C}" = protocol=6 | dir=in | app=c:\program files\capcom\motogp 08\launcher.exe |
"{3788C1C6-7299-4125-A498-DB8139E5F493}" = protocol=17 | dir=in | app=i:\jo\steam\steamapps\common\nba 2k9\nba2k9.exe |
"{391EE1EE-7497-4F3B-9BA8-76042F5535E8}" = protocol=17 | dir=in | app=c:\program files\sega\beijing 2008\beijing.exe |
"{3BF8537E-09AC-46B6-9B54-A9AC200A2F38}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{3D0E6FF7-FDB7-4216-A1D0-3AF2BA32E991}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3DB6BF40-4811-401E-B42B-7D0FF1BCF040}" = protocol=17 | dir=in | app=c:\program files\capcom\motogp 08\launcher.exe |
"{40EE91E2-2A25-443B-9B49-599C0C89E79C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{42C0B3A9-CED6-433B-9390-64E79114A91E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4786A161-2865-4136-81DA-90D86F817959}" = protocol=17 | dir=in | app=i:\jo\steam\steam.exe |
"{5A60F9EA-A633-468D-9EB4-BA498F08D04F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\nba 2k9\nba2k9.exe |
"{5BAD9F58-3204-411D-9256-269292937A7A}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\autorun\exe\autorun.exe |
"{64D074DE-2E5B-4928-AFF9-55C447A602B0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{72BAD72D-82F1-4CC0-B660-7A7D1529CF3F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{7CCA19EC-B90F-4792-B3A1-E13826EBED4E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\nba 2k9\nba2k9.exe |
"{8BFB5AC3-C903-4385-AB24-2DFCB086EAAF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{956CFE12-1CD5-4720-B7AA-66E46CA94F13}" = protocol=6 | dir=in | app=i:\jo\steam\steam.exe |
"{9E25984A-4B68-46EB-8805-97A7623F7C73}" = protocol=6 | dir=in | app=i:\jo\steam\steamapps\common\nba 2k9\nba2k9.exe |
"{9FD9E077-2E0F-4AE5-BBB2-9198F2D448C4}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe |
"{A356C8E0-30ED-4F19-8068-4A56A6B1959E}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\pcm.exe |
"{ADA938D4-1392-45F8-BE2B-9EF6E61F1578}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DCC6B030-72A5-4140-B718-3FB7600B9DE1}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\autorun\exe\autorun.exe |
"{F443940F-CD3F-4127-AD3C-1D83DBC55B90}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\pcm.exe |
"TCP Query User{2284A345-2660-4F03-8382-581CA6066D1B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{7F5AEF08-58D1-4FC5-BF32-2E5FDB41F301}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{8DB2545E-68BE-43E7-A158-DF1BEBB4ECC5}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{1951DF09-8A48-4AC9-871A-3774748C4BDC}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{7FE6F01C-3731-4EBD-B92E-00D0CBB50929}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{B2C4FBD4-CE2C-4A6F-A005-966A4F08B821}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 (Beta)
"{20140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 (Beta)
"{20140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 (Beta)
"{20140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 (Beta)
"{20140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 (Beta)
"{20140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 (Beta)
"{20140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 (Beta)
"{20140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 (Beta)
"{20140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 (Beta)
"{20140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta)
"{20140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 (Beta)
"{20140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 (Beta)
"{20140062-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 (Beta) - Deutsch
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2076B142-10FA-4536-B488-3FDCBB1013D3}" = Beijing 2008
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39C8EFBA-042B-11DC-A860-0EE955D89593}" = EA*SPORTS™ NBA*LIVE*08
"{3AC11667-B4DD-4984-AD0B-B2D4E40AB573}" = 15354 Webcam Live
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9135BA5B-51B4-49BF-867A-D152B5CE67D4}" = Off Road
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = NFS Underground
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{BB394D95-C049-4EA4-00B3-F866A3357CCD}" = F1 2002 WORK IN PROGRESS DEMO
"{BDA825AD-D60B-4935-9590-B0F1AC2E0D22}" = MotoGP 08
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D92F1880-822A-41CA-0090-451FBB89BF4C}" = FIFA Fussball-Weltmeisterschaft 2006 (TM)
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{DE3FCA5F-7B8A-482B-89A9-CC9BD5F656A1}" = UEFA EURO 2008™
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2006
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Bus-Simulator 2009_is1" = Bus-Simulator 2009
"CrashTime" = Cobra 11 - Crash Time (remove only)
"Der neue Gedächtnistrainer Vol. 1" = Der neue Gedächtnistrainer Vol. 1
"Diercke Globus Online" = Diercke Globus Online
"EADM" = EA Download Manager
"EC2000 A1" = EC2000 A1
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"Euro Truck Simulator" = Euro Truck Simulator 1.00
"Fahr-Simulator 2009_is1" = Fahr-Simulator 2009
"FarmingSimulator2008_is1" = Landwirtschafts Simulator 2008
"FileZilla Client" = FileZilla Client 3.3.3
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"GameCenter" = GameCenter
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mini Golf Master 2" = Mini Golf Master 2
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta)
"Office14.SingleImage" = Microsoft Office Professional 2010
"Photo Dose_is1" = Photo Dose
"Pro Cycling Manager 2009_is1" = Pro Cycling Manager - Season 2009 1.0.3.3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 12.0" = RealPlayer
"RTL Biathlon 2009" = RTL Biathlon 2009
"Schiffsim" = Schiffsim 2006
"Skispringen 2007_0001" = Skispringen 2007
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Steam App 7740" = NBA 2K9
"TEAM MILRAM" = TEAM MILRAM
"uDESIGHT_is1" = uDESIGHT 1.1
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 3 (32-bit)
"X10Hardware" = X10 Hardware(TM)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Winterspiele" = Winterspiele

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25.06.2011 05:52:38 | Computer Name = FamiliePetersen | Source = WinMgmt | ID = 10
Description =

Error - 25.06.2011 06:02:25 | Computer Name = FamiliePetersen | Source = MsiInstaller | ID = 10005
Description =

Error - 25.06.2011 06:02:25 | Computer Name = FamiliePetersen | Source = MsiInstaller | ID = 1024
Description =

Error - 25.06.2011 08:46:22 | Computer Name = FamiliePetersen | Source = WinMgmt | ID = 10
Description =

Error - 25.06.2011 10:00:36 | Computer Name = FamiliePetersen | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 2.0.1.4120 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 4c8 Anfangszeit: 01cc334024e18a47 Zeitpunkt der Beendigung:
15

Error - 26.06.2011 04:55:04 | Computer Name = FamiliePetersen | Source = WinMgmt | ID = 10
Description =

Error - 26.06.2011 04:57:24 | Computer Name = FamiliePetersen | Source = MsiInstaller | ID = 10005
Description =

Error - 26.06.2011 04:57:24 | Computer Name = FamiliePetersen | Source = MsiInstaller | ID = 1024
Description =

Error - 26.06.2011 05:03:41 | Computer Name = FamiliePetersen | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {20140062-0062-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.


Error - 26.06.2011 11:40:37 | Computer Name = FamiliePetersen | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 23.06.2011 08:27:57 | Computer Name = FamiliePetersen | Source = ehRecvr | ID = 4
Description =

Error - 24.06.2011 05:06:58 | Computer Name = FamiliePetersen | Source = ehRecvr | ID = 4
Description =

Error - 24.06.2011 08:56:02 | Computer Name = FamiliePetersen | Source = ehRecvr | ID = 4
Description =

Error - 24.06.2011 11:49:47 | Computer Name = FamiliePetersen | Source = ehRecvr | ID = 4
Description =

Error - 24.06.2011 16:30:26 | Computer Name = FamiliePetersen | Source = ehRecvr | ID = 4
Description =

Error - 25.06.2011 05:42:50 | Computer Name = FamiliePetersen | Source = ehRecvr | ID = 4
Description =

Error - 25.06.2011 05:51:50 | Computer Name = FamiliePetersen | Source = ehRecvr | ID = 4
Description =

Error - 25.06.2011 08:45:27 | Computer Name = FamiliePetersen | Source = ehRecvr | ID = 4
Description =

Error - 26.06.2011 04:54:21 | Computer Name = FamiliePetersen | Source = ehRecvr | ID = 4
Description =

Error - 26.06.2011 11:39:38 | Computer Name = FamiliePetersen | Source = ehRecvr | ID = 4
Description =

[ System Events ]
Error - 24.06.2011 16:28:45 | Computer Name = FamiliePetersen | Source = HTTP | ID = 15016
Description =

Error - 25.06.2011 05:41:44 | Computer Name = FamiliePetersen | Source = HTTP | ID = 15016
Description =

Error - 25.06.2011 05:51:05 | Computer Name = FamiliePetersen | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 25.06.2011 um 11:47:29 unerwartet heruntergefahren.

Error - 25.06.2011 05:51:06 | Computer Name = FamiliePetersen | Source = HTTP | ID = 15016
Description =

Error - 25.06.2011 05:56:03 | Computer Name = FamiliePetersen | Source = Service Control Manager | ID = 7022
Description =

Error - 25.06.2011 06:02:44 | Computer Name = FamiliePetersen | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 25.06.2011 08:44:55 | Computer Name = FamiliePetersen | Source = HTTP | ID = 15016
Description =

Error - 26.06.2011 04:53:35 | Computer Name = FamiliePetersen | Source = HTTP | ID = 15016
Description =

Error - 26.06.2011 04:58:36 | Computer Name = FamiliePetersen | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 26.06.2011 11:39:08 | Computer Name = FamiliePetersen | Source = HTTP | ID = 15016
Description =


< End of report >

Alt 27.06.2011, 09:59   #2
markusg
/// Malware-holic
 
Virus TR/Spy.Ipsiut.ag gefunden - Standard

Virus TR/Spy.Ipsiut.ag gefunden



hi,
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________

__________________

Antwort

Themen zu Virus TR/Spy.Ipsiut.ag gefunden
32-bit, alternate, antivir, avira, bho, canon, conduit, converter, desktop, document, error, euro, excel.exe, failed, firefox, flash player, gen 2, google chrome, home, install.exe, langs, logfile, microsoft office 2003, microsoft office word, mozilla thunderbird, mp3, msiinstaller, nvlddmkm.sys, office 2007, plug-in, realtek, registry, rojaner gefunden, searchplugins, senden, server, shell32.dll, software, start menu, svchost.exe, system, trojaner, trojaner gefunden, virus, vista, windows, wma




Ähnliche Themen: Virus TR/Spy.Ipsiut.ag gefunden


  1. BOO/TDss.O Virus gefunden
    Log-Analyse und Auswertung - 18.12.2013 (32)
  2. AVIRA hat Virus gefunden
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (7)
  3. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  4. TR/Spy.ipsiut.gq.1
    Plagegeister aller Art und deren Bekämpfung - 07.03.2012 (32)
  5. TR/Spy.Ipsiut.ch in C:\Windows\System32\bcrypt32.dll
    Log-Analyse und Auswertung - 06.02.2012 (10)
  6. Html/Infected.Webpage.Gen2 [virus] gefunden. Quarantäne leer. FW wurde vom Virus aus/eingeschaltet
    Log-Analyse und Auswertung - 19.12.2011 (52)
  7. Antivir Fund: TR/Spy.Ipsiut.bs im File: C:\Windows\System32\KBDJNORI.DLL
    Plagegeister aller Art und deren Bekämpfung - 22.11.2011 (10)
  8. TR/Spy.Ipsiut.bs in C:\Windows\System32\prndache.dll
    Log-Analyse und Auswertung - 10.11.2011 (1)
  9. TR/Spy.Ipsiut.ao.1
    Log-Analyse und Auswertung - 16.08.2011 (1)
  10. TR/spy.ipsiut.u.1
    Plagegeister aller Art und deren Bekämpfung - 16.06.2011 (11)
  11. Trojaner TR/Spy.Ipsiut.l in C:\Windows\System32\vdmdbg32.dll
    Plagegeister aller Art und deren Bekämpfung - 26.05.2011 (25)
  12. Virus gefunden - Alureon.H Virus - brauche Hilfe
    Plagegeister aller Art und deren Bekämpfung - 10.02.2011 (1)
  13. Virus/trojaner gefunden
    Log-Analyse und Auswertung - 05.02.2010 (7)
  14. Virus gefunden
    Log-Analyse und Auswertung - 03.09.2007 (3)
  15. Virus Java-Virus JAVA/Dldr.Agent.C gefunden; Bitte um Prüfung des Hijack Logfiles
    Log-Analyse und Auswertung - 24.07.2007 (3)
  16. Virus gefunden.
    Log-Analyse und Auswertung - 12.06.2007 (12)
  17. Virus gefunden!!!!
    Mülltonne - 15.09.2006 (1)

Zum Thema Virus TR/Spy.Ipsiut.ag gefunden - ich habe antivir free installiert. der zeigt mir seit kurzem immer an: trojaner gefunden TR/Spy.Ipsiut.ag in C:\Windows\System32\certmgrd.dll. über den virus finde ich nichts bei google. habe Malwarebytes und OTL durchgeführt, - Virus TR/Spy.Ipsiut.ag gefunden...
Archiv
Du betrachtest: Virus TR/Spy.Ipsiut.ag gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.