| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BKA-Trojaner (100Euro Virus)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.06.2012, 20:37
| #1 | ||
| |  BKA-Trojaner (100Euro Virus) Guten Tag, also ich habe da schon viel von Gehört und hab ihn jetzt "endlich" auch. So ich hab schon mit Malewarebytes einen Quick Scan durchgeführt aber nichts :/ Schreibe grade über den abgesicherten Modus, falls ihr euch fragt. Das bild sieht übrigens so aus  Ich habe 64Bit Ultimate. Hier meine Extras.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.06.2012 03:26:10 - Run 1
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Toby\Desktop\Antivirus
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,97 Gb Total Physical Memory | 6,87 Gb Available Physical Memory | 86,18% Memory free
15,94 Gb Paging File | 14,89 Gb Available in Paging File | 93,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 30,18 Gb Total Space | 5,37 Gb Free Space | 17,79% Space Free | Partition Type: NTFS
Drive D: | 29,29 Gb Total Space | 21,09 Gb Free Space | 72,01% Space Free | Partition Type: NTFS
Drive E: | 436,46 Gb Total Space | 228,43 Gb Free Space | 52,34% Space Free | Partition Type: NTFS
Drive F: | 901,14 Gb Total Space | 832,82 Gb Free Space | 92,42% Space Free | Partition Type: NTFS
Drive G: | 204,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: TOBY-PC | User Name: Toby | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- D:\Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- D:\Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "D:\Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "D:\Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07D47CD8-141D-4BA9-8587-A39673A152A6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09AD6FEC-7E0E-48CD-BCD8-D5794D253EDC}" = protocol=6 | dir=in | app=f:\tunngle\tnglctrl.exe |
"{22E6A2EA-082B-4CE9-8770-59AF87858369}" = protocol=17 | dir=in | app=f:\tunngle\tunngle.exe |
"{23831A47-91DB-4D05-BAA6-BCA7E0826EC0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{268EB6BC-0347-48DF-9D8E-8EB6F565A37D}" = protocol=17 | dir=in | app=f:\tunngle\tnglctrl.exe |
"{2977AFE8-DF98-45C7-A48C-054F13C72A15}" = protocol=6 | dir=in | app=f:\tunngle\tunngle.exe |
"{43240B3F-F4E7-43CE-8ACC-1053465F7C57}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{434AECBD-4BFB-4A47-87CC-5745710D8B77}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{465B4453-BE64-493C-BFA2-0802B2488211}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{579EC9A5-9082-4C6E-A70B-8FA89F740071}" = protocol=6 | dir=in | app=e:\spiele\steam.exe |
"{66C16BBB-6D10-45C4-B1E7-D302E14E2D9C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{71B4360D-56FC-444F-B7C3-D793446B5A3E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{786F3DFF-A8DE-4D77-8B16-8FB08F656AFA}" = protocol=17 | dir=in | app=f:\steam\steam.exe |
"{861962B3-0DAE-4E47-B81D-33F24AB50911}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{A6D99BC8-F4E2-454B-A9D3-0B34DD4F2CF7}" = protocol=17 | dir=in | app=e:\spiele\steam.exe |
"{B3604F94-173A-4741-A044-ACA62850A9C6}" = protocol=17 | dir=in | app=f:\battlefield 3\battlefield 3\bf3.exe |
"{C1222A33-0B13-43A4-A829-3AB7BA98F464}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{C4642E0F-4FCC-4119-8618-0336C81A3ED8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C47DF5F9-8582-46DE-87F3-18FC70E3D727}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DEF20652-D290-423F-A7F0-BFF24B039F19}" = protocol=6 | dir=in | app=f:\battlefield 3\battlefield 3\bf3.exe |
"{E0A67011-1580-410A-9EF9-EDEB9876CAE1}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{E3667859-CD39-4CB8-97D9-944E868A5590}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EDECBF19-D72F-494C-AAFC-FC27BDEB009F}" = protocol=6 | dir=in | app=f:\steam\steam.exe |
"{F0FE4C6F-B1D0-4272-8A31-C9C8F017024E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"TCP Query User{FA22EF8C-4B11-4D0B-8E71-B12676839872}E:\spiele\steamapps\tobyyyy1337\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=e:\spiele\steamapps\tobyyyy1337\counter-strike source\hl2.exe |
"UDP Query User{8BD2F00A-FEC9-43D8-A669-4360D53611CE}E:\spiele\steamapps\tobyyyy1337\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=e:\spiele\steamapps\tobyyyy1337\counter-strike source\hl2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"ESL Wire_is1" = ESL Wire 1.12.1
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
"{32A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java(TM) SE Development Kit 7 Update 2
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"5513-1208-7298-9440" = JDownloader 0.9
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.20.423
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Minecraft Cracked" = Minecraft Cracked
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MySSID_is1" = EXPERTool 7.21
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 240" = Counter-Strike: Source
"Tunngle beta_is1" = Tunngle beta
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 31.05.2012 11:56:43 | Computer Name = Toby-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4f6cfb24 Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0, Zeitstempel:
0x4fbabbdd Ausnahmecode: 0xc0000005 Fehleroffset: 0x00087616 ID des fehlerhaften Prozesses:
0x590 Startzeit der fehlerhaften Anwendung: 0x01cd3f434f35741f Pfad der fehlerhaften
Anwendung: f:\steam\steamapps\tobyyyy1337\counter-strike source\hl2.exe Pfad des
fehlerhaften Moduls: f:\steam\steamapps\tobyyyy1337\counter-strike source\cstrike\bin\client.dll
Berichtskennung:
36f702c8-ab39-11e1-af0d-8c89a51846df
Error - 31.05.2012 12:29:23 | Computer Name = Toby-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4f6cfb24 Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0, Zeitstempel:
0x4fbabbdd Ausnahmecode: 0xc0000005 Fehleroffset: 0x00087616 ID des fehlerhaften Prozesses:
0x126c Startzeit der fehlerhaften Anwendung: 0x01cd3f4608ebcbb5 Pfad der fehlerhaften
Anwendung: f:\steam\steamapps\tobyyyy1337\counter-strike source\hl2.exe Pfad des
fehlerhaften Moduls: f:\steam\steamapps\tobyyyy1337\counter-strike source\cstrike\bin\client.dll
Berichtskennung:
c7343d9c-ab3d-11e1-af0d-8c89a51846df
Error - 01.06.2012 12:54:42 | Computer Name = Toby-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.06.2012 09:24:35 | Computer Name = Toby-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.06.2012 14:03:13 | Computer Name = Toby-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.06.2012 15:54:31 | Computer Name = Toby-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.06.2012 15:57:49 | Computer Name = Toby-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.06.2012 16:10:18 | Computer Name = Toby-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.06.2012 16:20:31 | Computer Name = Toby-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.06.2012 20:51:02 | Computer Name = Toby-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 03.06.2012 21:01:30 | Computer Name = Toby-PC | Source = DCOM | ID = 10005
Description =
Error - 03.06.2012 21:01:38 | Computer Name = Toby-PC | Source = DCOM | ID = 10005
Description =
Error - 03.06.2012 21:01:38 | Computer Name = Toby-PC | Source = DCOM | ID = 10005
Description =
Error - 03.06.2012 21:01:39 | Computer Name = Toby-PC | Source = DCOM | ID = 10005
Description =
Error - 03.06.2012 21:01:39 | Computer Name = Toby-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.06.2012 21:01:39 | Computer Name = Toby-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.06.2012 21:01:39 | Computer Name = Toby-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.06.2012 21:01:39 | Computer Name = Toby-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.06.2012 21:01:39 | Computer Name = Toby-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.06.2012 21:01:39 | Computer Name = Toby-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Und hier meine OTL.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 04.06.2012 03:26:10 - Run 1 OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Toby\Desktop\Antivirus 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,97 Gb Total Physical Memory | 6,87 Gb Available Physical Memory | 86,18% Memory free 15,94 Gb Paging File | 14,89 Gb Available in Paging File | 93,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 30,18 Gb Total Space | 5,37 Gb Free Space | 17,79% Space Free | Partition Type: NTFS Drive D: | 29,29 Gb Total Space | 21,09 Gb Free Space | 72,01% Space Free | Partition Type: NTFS Drive E: | 436,46 Gb Total Space | 228,43 Gb Free Space | 52,34% Space Free | Partition Type: NTFS Drive F: | 901,14 Gb Total Space | 832,82 Gb Free Space | 92,42% Space Free | Partition Type: NTFS Drive G: | 204,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: TOBY-PC | User Name: Toby | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.04 03:19:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Toby\Desktop\Antivirus\OTL.exe PRC - [2012.04.21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- D:\Firefox\firefox.exe PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbam.exe ========== Modules (No Company Name) ========== MOD - [2012.04.21 03:16:53 | 001,952,696 | ---- | M] () -- D:\Firefox\mozjs.dll MOD - [2012.02.29 13:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.21 05:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.05.21 16:03:57 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.10 23:10:23 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.05.05 16:46:26 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.02 15:39:30 | 000,168,864 | ---- | M] () [Auto | Stopped] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc) SRV - [2012.04.05 15:50:08 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- F:\TribesAscend\HiPatchService.exe -- (HiPatchService) SRV - [2012.04.05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.02.14 16:49:12 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- F:\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.02 15:39:14 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2012.04.19 18:07:34 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.03.07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.03.07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.24 13:50:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1) DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.04.11 22:01:00 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly) DRV:64bit: - [2011.04.11 22:00:18 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.16 11:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.10.12 02:00:22 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2007.10.12 01:56:34 | 000,582,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV561V64.sys -- (PID_0928) Logitech QuickCam Express(PID_0928) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 53 50 F3 F0 10 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://de-de.facebook.com/" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.05.16 19:43:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: D:\Firefox\components [2012.05.16 19:39:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: D:\Firefox\plugins [2012.04.02 19:27:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toby\AppData\Roaming\mozilla\Extensions [2012.05.05 17:28:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toby\AppData\Roaming\mozilla\Firefox\Profiles\hu09blsr.default\extensions [2012.05.05 17:28:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Toby\AppData\Roaming\mozilla\Firefox\Profiles\hu09blsr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.04.04 20:00:16 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\TOBY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HU09BLSR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.04.30 13:32:09 | 000,004,404 | ---- | M] () (No name found) -- C:\USERS\TOBY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HU09BLSR.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.) O4 - HKCU..\Run: [Spotify] C:\Users\Toby\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Toby\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKCU..\Run: [Steam] F:\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [uqjcnmrotwgplqa] C:\ProgramData\uqjcnmrotwgplqaplskk.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Toby\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Toby\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.7.0_02) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31DBDD1B-53DD-4A71-A522-AF0CA528EE3E}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.04.21 22:26:34 | 000,000,062 | R--- | M] () - G:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{0a79ef93-8a30-11e1-a6cc-00ff01000001}\Shell - "" = AutoRun O33 - MountPoints2\{0a79ef93-8a30-11e1-a6cc-00ff01000001}\Shell\AutoRun\command - "" = H:\steambackup2.EXE O33 - MountPoints2\{16739734-7cdd-11e1-b0c0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{16739734-7cdd-11e1-b0c0-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Install.exe -- [2009.06.30 18:51:56 | 002,348,304 | R--- | M] (Logitech(c)) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.04 03:18:15 | 000,000,000 | ---D | C] -- C:\Users\Toby\Desktop\Antivirus [2012.06.03 21:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ftfoxqaxordwrvw [2012.05.23 19:05:25 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Local\Adobe [2012.05.23 19:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.05.23 19:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.05.23 19:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.05.16 21:00:30 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Local\Logitech [2012.05.16 21:00:29 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\Leadertech [2012.05.16 20:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012.05.16 20:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software [2012.05.16 20:54:31 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\Logitech [2012.05.16 20:54:31 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\Logishrd [2012.05.16 20:05:44 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\Malwarebytes [2012.05.16 20:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.16 20:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.16 20:05:39 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.05.16 19:50:51 | 000,000,000 | ---D | C] -- C:\Users\Toby\Desktop\Programme [2012.05.16 19:47:59 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\12007 [2012.05.16 19:43:18 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.05.16 19:43:18 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Local\Google [2012.05.16 19:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.05.16 19:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.05.16 19:43:17 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.05.16 19:43:14 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.05.16 19:43:13 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.05.16 19:43:12 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.05.16 19:43:11 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.05.16 19:43:10 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.05.16 19:42:58 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.05.16 19:42:58 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.05.16 19:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.05.16 19:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.05.15 21:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2012.05.15 13:15:02 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\11025 [2012.05.14 22:54:27 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Local\ElevatedDiagnostics [2012.05.14 22:54:08 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Local\Diagnostics [2012.05.14 17:12:13 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\11024 [2012.05.13 23:18:54 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\UAs [2012.05.13 22:48:04 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\Ypahuc [2012.05.13 22:48:04 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\Qilyyd [2012.05.13 22:48:04 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\Help [2012.05.13 22:48:04 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\Bylook [2012.05.13 22:43:50 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\TeamViewer [2012.05.13 18:17:16 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\11023 [2012.05.13 18:15:52 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\xmldm [2012.05.13 18:15:51 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\kock [2012.05.13 16:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.05.13 16:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.05.13 16:37:03 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.05.13 16:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.05.13 16:34:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2012.05.13 16:34:34 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Local\Microsoft Help [2012.05.13 16:34:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.05.13 16:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.05.13 16:34:27 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.05.10 23:05:20 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Local\ESN Sonar [2012.05.10 23:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.05.10 23:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.05.10 23:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.05.10 22:59:33 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.05.10 22:59:33 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.05.10 22:52:57 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Local\PunkBuster [2012.05.10 22:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins [2012.05.10 22:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2012.05.10 22:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2012.05.10 22:49:17 | 000,000,000 | ---D | C] -- C:\Users\Toby\Documents\Battlefield 3 [2012.05.10 21:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2012.05.10 21:15:17 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2012.05.10 20:46:56 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\Origin [2012.05.10 20:46:51 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Local\Origin [2012.05.10 20:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2012.05.10 20:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2012.05.10 20:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012.05.10 20:46:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2012.05.10 20:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2012.05.05 17:28:53 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.05 17:28:51 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll [2012.05.05 17:28:51 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll [2012.05.05 17:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.05.05 17:28:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.05.05 17:28:00 | 000,000,000 | ---D | C] -- C:\Users\Toby\AppData\Roaming\DVDVideoSoft [1 C:\Users\Toby\AppData\Roaming\*.tmp files -> C:\Users\Toby\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.04 03:19:14 | 000,000,140 | ---- | M] () -- C:\Users\Toby\defogger_reenable [2012.06.04 03:01:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.04 03:01:17 | 2122,416,127 | -HS- | M] () -- C:\hiberfil.sys [2012.06.04 02:56:38 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.04 02:56:38 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.03 21:49:20 | 002,710,255 | ---- | M] () -- C:\Users\Toby\Desktop\20120602_073902.jpg [2012.06.03 21:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.03 21:45:54 | 000,000,448 | ---- | M] () -- C:\ProgramData\hjjvyuxoafpfhfo [2012.06.03 21:45:51 | 000,054,784 | ---- | M] () -- C:\ProgramData\uqjcnmrotwgplqaplskk.exe [2012.06.03 21:06:42 | 009,415,346 | ---- | M] () -- C:\Users\Toby\Desktop\31052012.mp4 [2012.06.02 15:54:49 | 000,074,410 | ---- | M] () -- C:\Users\Toby\Desktop\545615_393819747331694_100001110156209_1095654_1231012886_n.jpg [2012.06.02 15:52:43 | 000,071,629 | ---- | M] () -- C:\Users\Toby\Desktop\380221_393818943998441_100001110156209_1095640_436243340_n.jpg [2012.06.02 15:51:24 | 000,079,902 | ---- | M] () -- C:\Users\Toby\Desktop\541972_393819330665069_1986986811_n.jpg [2012.05.30 22:05:33 | 000,141,297 | ---- | M] () -- C:\Users\Toby\Desktop\asdasd.jpg [2012.05.29 20:51:36 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.29 20:51:36 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.29 20:51:36 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.29 20:51:36 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.29 20:51:36 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.28 21:34:20 | 000,051,986 | ---- | M] () -- C:\Users\Toby\Desktop\julian.jpg [2012.05.24 20:33:18 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk [2012.05.23 20:21:26 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.05.23 19:04:52 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.05.23 19:02:45 | 000,049,745 | ---- | M] () -- C:\Users\Toby\Desktop\EE1-11_Prüfprojekt.pdf [2012.05.16 19:43:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.05.16 19:39:50 | 000,000,532 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.05.15 21:56:16 | 000,000,034 | ---- | M] () -- C:\Users\Toby\AppData\Roaming\blckdom.res [2012.05.15 21:27:39 | 006,245,094 | ---- | M] () -- C:\Users\Toby\Desktop\Timeflies - Ass Back Home.mp3 [2012.05.15 19:39:25 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.05.15 19:39:25 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.05.15 13:15:18 | 000,230,880 | ---- | M] () -- C:\Users\Toby\AppData\Roaming\AcroIEHelpe122.dll [2012.05.14 21:47:25 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.05.14 17:02:41 | 000,415,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.13 23:03:52 | 000,277,721 | ---- | M] () -- C:\Users\Toby\Desktop\3.jpg [2012.05.13 23:03:41 | 000,071,394 | ---- | M] () -- C:\Users\Toby\Desktop\2.jpg [2012.05.13 23:03:28 | 000,123,277 | ---- | M] () -- C:\Users\Toby\Desktop\1.jpg [2012.05.10 23:10:23 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.05.10 21:15:18 | 000,000,686 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2012.05.10 20:46:33 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [1 C:\Users\Toby\AppData\Roaming\*.tmp files -> C:\Users\Toby\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.04 03:19:14 | 000,000,140 | ---- | C] () -- C:\Users\Toby\defogger_reenable [2012.06.03 21:49:20 | 002,710,255 | ---- | C] () -- C:\Users\Toby\Desktop\20120602_073902.jpg [2012.06.03 21:45:54 | 000,054,784 | ---- | C] () -- C:\ProgramData\uqjcnmrotwgplqaplskk.exe [2012.06.03 21:45:51 | 000,000,448 | ---- | C] () -- C:\ProgramData\hjjvyuxoafpfhfo [2012.06.03 21:06:36 | 009,415,346 | ---- | C] () -- C:\Users\Toby\Desktop\31052012.mp4 [2012.06.02 15:54:49 | 000,074,410 | ---- | C] () -- C:\Users\Toby\Desktop\545615_393819747331694_100001110156209_1095654_1231012886_n.jpg [2012.06.02 15:52:43 | 000,071,629 | ---- | C] () -- C:\Users\Toby\Desktop\380221_393818943998441_100001110156209_1095640_436243340_n.jpg [2012.06.02 15:51:24 | 000,079,902 | ---- | C] () -- C:\Users\Toby\Desktop\541972_393819330665069_1986986811_n.jpg [2012.05.30 22:05:33 | 000,141,297 | ---- | C] () -- C:\Users\Toby\Desktop\asdasd.jpg [2012.05.28 21:34:20 | 000,051,986 | ---- | C] () -- C:\Users\Toby\Desktop\julian.jpg [2012.05.24 20:33:18 | 000,000,779 | ---- | C] () -- C:\Users\Public\Desktop\ESL Wire.lnk [2012.05.23 20:21:26 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.05.23 19:04:52 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.05.23 19:04:52 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.05.23 19:02:45 | 000,049,745 | ---- | C] () -- C:\Users\Toby\Desktop\EE1-11_Prüfprojekt.pdf [2012.05.16 19:43:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012.05.15 21:27:26 | 006,245,094 | ---- | C] () -- C:\Users\Toby\Desktop\Timeflies - Ass Back Home.mp3 [2012.05.15 13:15:18 | 000,230,880 | ---- | C] () -- C:\Users\Toby\AppData\Roaming\AcroIEHelpe122.dll [2012.05.13 23:03:28 | 000,277,721 | ---- | C] () -- C:\Users\Toby\Desktop\3.jpg [2012.05.13 23:03:28 | 000,123,277 | ---- | C] () -- C:\Users\Toby\Desktop\1.jpg [2012.05.13 23:03:28 | 000,071,394 | ---- | C] () -- C:\Users\Toby\Desktop\2.jpg [2012.05.13 18:17:05 | 000,000,034 | ---- | C] () -- C:\Users\Toby\AppData\Roaming\blckdom.res [2012.05.10 23:01:47 | 002,515,790 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2012.05.10 22:59:33 | 000,011,770 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2012.05.10 22:53:00 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.05.10 21:15:18 | 000,000,686 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2012.05.10 21:14:39 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.05.10 21:14:39 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.05.10 21:14:38 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.05.10 20:46:33 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2012.04.03 20:25:18 | 000,000,412 | ---- | C] () -- C:\Users\Toby\AppData\Roaming\All CPU Meter_Settings.ini [2012.04.02 21:37:13 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2011.08.11 04:06:32 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini ========== LOP Check ========== [2012.04.15 15:16:21 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\.minecraft [2012.05.13 18:17:16 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\11023 [2012.05.14 17:12:13 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\11024 [2012.05.15 13:15:02 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\11025 [2012.05.16 19:47:59 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\12007 [2012.05.15 22:35:44 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\Bylook [2012.04.19 18:08:20 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\DAEMON Tools Lite [2012.05.05 17:29:34 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\DVDVideoSoft [2012.05.05 17:28:53 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.13 18:15:51 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\kock [2012.05.16 21:00:29 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\Leadertech [2012.05.10 20:49:00 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\Origin [2012.05.13 22:48:04 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\Qilyyd [2012.06.04 02:54:53 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\Spotify [2012.05.13 22:43:50 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\TeamViewer [2012.04.23 20:47:08 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\TS3Client [2012.04.25 22:29:04 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\Tunngle [2012.05.14 17:03:44 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\UAs [2012.05.14 17:09:17 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\xmldm [2012.05.16 20:12:19 | 000,000,000 | ---D | M] -- C:\Users\Toby\AppData\Roaming\Ypahuc [2009.07.14 07:08:49 | 000,022,302 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > [/CODE] Habt ihr eine Idee wie ich den Virus los werde ?? Sollte ja schon bestimmt mehrere Lösungen geben (: Danke schonmal im vorraus (: Zitat:
Habe jetzt nur C:\ reinkopiert. Zitat:
Habe jetzt nur C:\ reinkopiert. |
|
07.06.2012, 09:37
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | BKA-Trojaner (100Euro Virus)Zitat:
 Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ |
|
| Themen zu BKA-Trojaner (100Euro Virus) |
| autorun, bho, converter, cpu, dateisystem, desktop, document, error, euro, excel, flash player, format, helper, heuristiks/extra, heuristiks/shuriken, install.exe, javaws.exe, jdownloader, langs, logfile, microsoft office word, mozilla, mp3, nvidia update, origin, plug-in, realtek, registry, rundll, scan, searchscopes, security, security scan, senden, server, software, spotify web helper, teamspeak, virus, windows |
Linear-Darstellung
