|
Plagegeister aller Art und deren Bekämpfung: GData Virenfund Java:Agent-BBY[Expl]Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.07.2012, 23:48 | #1 |
| GData Virenfund Java:Agent-BBY[Expl] Hallo, bin neu hier. Als GData heut mein System gescannt hat, bekam ich den Hinweis, dass die Datei in Quarantäne verschoben worden ist. Code:
ATTFilter Virus: Java:Agent-BBY[Expl](Engine B)(Engine B) Datei: jar_cache8538698815778827528.tmp Verzeichnis: C:\Users\Tobi\AppData\Local\Temp Habe mir sowie die goldenen Regeln als auch alle weiteren Schritte zum erstellen des ersten Threads durchgelesen bzw. durchgeführt. Ich möchte noch erwähnen, dass Defogger.exe weder nach einem Neustart verlangt hat, noch eine Fehler gemeldet hat. Hab die .exe geöffnet, bin auf "Disable" .. und das wars dann. Die defogger_disable.log kopier ich mal Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 00:26 on 02/07/2012 (Tobi) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Als erstes die OTL.txt Code:
ATTFilter OTL logfile created on: 02.07.2012 00:29:30 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Tobi\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 6,50 Gb Available Physical Memory | 82,11% Memory free 15,83 Gb Paging File | 14,19 Gb Available in Paging File | 89,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,53 Gb Total Space | 9,07 Gb Free Space | 15,23% Space Free | Partition Type: NTFS Drive E: | 372,61 Gb Total Space | 281,53 Gb Free Space | 75,56% Space Free | Partition Type: NTFS Drive F: | 372,60 Gb Total Space | 185,56 Gb Free Space | 49,80% Space Free | Partition Type: NTFS Computer Name: TOBI-PC | User Name: Tobi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.02 00:28:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe PRC - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.01.03 20:27:05 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2009.05.19 19:39:44 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2009.03.02 16:33:02 | 000,920,136 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\AntiVirus\AVKTray\AVKTray.exe PRC - [2009.03.02 14:09:30 | 001,117,768 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe PRC - [2009.03.02 14:09:30 | 000,388,168 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\AntiVirus\AVK\AVKService.exe PRC - [2009.02.25 03:47:46 | 000,287,816 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe ========== Modules (No Company Name) ========== MOD - [2011.11.16 15:26:46 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll MOD - [2011.11.16 15:26:45 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.06.23 20:23:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.06.18 17:19:58 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.23 01:44:32 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.01.03 20:27:05 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.02 14:09:30 | 001,117,768 | ---- | M] (G DATA Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2009.03.02 14:09:30 | 000,388,168 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\AntiVirus\AVK\AVKService.exe -- (AVKService) SRV - [2009.02.25 03:47:46 | 000,287,816 | ---- | M] (G DATA Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan) SRV - [2009.02.25 03:32:46 | 001,905,008 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\AntiVirus\AVK\AVKWCtlX64.exe -- (AVKWCtl) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.14 22:21:22 | 000,064,456 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2011.11.14 22:21:02 | 000,038,856 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2011.11.14 22:20:55 | 000,048,072 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2011.08.31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.04.21 20:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.08 07:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.02.08 07:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.02.22 18:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV - [2012.07.01 23:44:50 | 000,104,904 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AB F9 B6 7D DB 43 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: E:\Drucker Treiber\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Acrobat Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 17:19:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 17:19:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.14 22:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions [2012.06.29 17:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\b2z8c1lk.default\extensions [2012.06.28 01:40:19 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\b2z8c1lk.default\extensions\djziggy@gmail.com [2012.06.29 17:07:39 | 000,000,853 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\b2z8c1lk.default\searchplugins\11-suche.xml [2012.06.29 17:07:39 | 000,002,209 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\b2z8c1lk.default\searchplugins\englische-ergebnisse.xml [2012.06.29 17:07:39 | 000,010,506 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\b2z8c1lk.default\searchplugins\gmx-suche.xml [2012.06.29 17:07:39 | 000,002,368 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\b2z8c1lk.default\searchplugins\lastminute.xml [2012.06.29 17:07:39 | 000,005,489 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\b2z8c1lk.default\searchplugins\webde-suche.xml [2012.06.07 20:17:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.23 20:12:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.29 17:07:38 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\TOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B2Z8C1LK.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.06.18 17:19:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.27 18:42:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.27 18:42:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.27 18:42:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.27 18:42:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.27 18:42:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.27 18:42:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\AntiVirus\Webfilter\AVKWebIEx64.dll () O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\AntiVirus\Webfilter\AVKWebIE.dll () O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\AntiVirus\Webfilter\AVKWebIEx64.dll () O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\AntiVirus\Webfilter\AVKWebIE.dll () O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G DATA\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {AEA3991E-3109-4C98-989E-33994FEB1A91} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri64_4.4.26.0.cab (SysInfo Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2108924-4295-4C14-A343-7A8221AD6AD5}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.02 00:28:44 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe [2012.06.13 17:36:30 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\Macromedia [2012.06.05 12:24:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS [2012.06.05 12:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters [2012.06.05 12:24:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2012.06.05 12:24:21 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Documents\My Games [2012.06.05 12:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound [2012.06.05 12:16:28 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll [2012.06.05 12:16:27 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012.06.05 12:16:27 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2012.06.05 12:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2012.06.05 12:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS [2012.06.05 12:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE [2012.06.05 12:15:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2012.06.05 12:15:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2012.06.05 01:54:25 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\NVIDIA ========== Files - Modified Within 30 Days ========== [2012.07.02 00:28:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe [2012.07.02 00:26:46 | 000,000,000 | ---- | M] () -- C:\Users\Tobi\defogger_reenable [2012.07.02 00:25:29 | 000,050,477 | ---- | M] () -- C:\Users\Tobi\Desktop\Defogger.exe [2012.07.02 00:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.01 23:44:50 | 000,104,904 | ---- | M] (G Data Software) -- C:\Windows\SysWow64\drivers\GRD.sys [2012.07.01 23:14:44 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.01 23:14:44 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.01 23:12:30 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.01 23:12:30 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.01 23:12:30 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.01 23:12:30 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.01 23:12:30 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.01 23:06:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.01 23:06:21 | 2078,806,015 | -HS- | M] () -- C:\hiberfil.sys [2012.06.18 21:10:56 | 000,001,061 | ---- | M] () -- C:\Users\Tobi\Desktop\Origin offline.lnk [2012.06.14 11:23:10 | 000,312,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.05 16:39:19 | 000,000,948 | ---- | M] () -- C:\Users\Tobi\Desktop\DIRT3.lnk [2012.06.05 12:16:27 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012.06.05 12:16:27 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll ========== Files Created - No Company Name ========== [2012.07.02 00:26:46 | 000,000,000 | ---- | C] () -- C:\Users\Tobi\defogger_reenable [2012.07.02 00:25:28 | 000,050,477 | ---- | C] () -- C:\Users\Tobi\Desktop\Defogger.exe [2012.06.05 12:27:29 | 000,000,948 | ---- | C] () -- C:\Users\Tobi\Desktop\DIRT3.lnk [2012.02.06 14:49:58 | 001,961,472 | ---- | C] () -- C:\Windows\SysWow64\qtcore4.dll [2012.01.12 22:34:25 | 000,003,822 | ---- | C] () -- C:\Windows\scad3.INI [2012.01.04 16:31:44 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.11.15 03:05:31 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.11.15 03:05:30 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.08.31 20:51:16 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.08.31 20:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.08.31 20:51:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.08.31 20:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.08.31 20:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll ========== LOP Check ========== [2011.11.14 23:22:40 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\ArmA II Launcher [2011.12.13 21:07:53 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Dev-Cpp [2012.04.08 23:07:33 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\LolClient [2011.11.16 15:28:05 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\OpenOffice.org [2011.11.15 01:53:28 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Origin [2012.06.06 22:50:45 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.07.2012 00:29:30 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Tobi\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 6,50 Gb Available Physical Memory | 82,11% Memory free 15,83 Gb Paging File | 14,19 Gb Available in Paging File | 89,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,53 Gb Total Space | 9,07 Gb Free Space | 15,23% Space Free | Partition Type: NTFS Drive E: | 372,61 Gb Total Space | 281,53 Gb Free Space | 75,56% Space Free | Partition Type: NTFS Drive F: | 372,60 Gb Total Space | 185,56 Gb Free Space | 49,80% Space Free | Partition Type: NTFS Computer Name: TOBI-PC | User Name: Tobi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "E:\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "E:\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "E:\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "E:\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0E7CB07E-1FD3-41EB-84EA-EC1E5A13D83F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{0F139034-BEFF-465D-96CA-B9169BAA0B5E}" = rport=137 | protocol=17 | dir=out | app=system | "{20353FF1-C44A-45E0-B5D7-DAEA90522729}" = lport=138 | protocol=17 | dir=in | app=system | "{22398EBE-6F0A-41B5-9C70-7E52BAA95739}" = lport=59033 | protocol=6 | dir=in | name=pando media booster | "{33861CF9-9B8B-4E0A-92CF-BF3ECDD88C9A}" = lport=59033 | protocol=17 | dir=in | name=pando media booster | "{37DB557C-877A-4DDD-A4D1-1E9F3E8FE02D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{46FFD205-DFE4-4C98-93A9-D0794F2C0917}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{480BE769-1C8B-4B86-9DB8-84F8D84F2668}" = lport=59033 | protocol=6 | dir=in | name=pando media booster | "{4F841221-32FB-4CA9-BE5F-E21E02C15249}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4FE9A1D9-944A-46ED-A0AB-36271162D3AE}" = lport=445 | protocol=6 | dir=in | app=system | "{71CE6118-0A39-4E16-B298-541A3FC4E458}" = rport=138 | protocol=17 | dir=out | app=system | "{8EBB396A-14E5-4261-B95D-58F18D55E39C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{C60FF4FE-9CFD-4626-8AE1-FF6BAE86DF06}" = rport=139 | protocol=6 | dir=out | app=system | "{CB28EE58-A705-4508-9195-A4B919F03379}" = lport=59033 | protocol=17 | dir=in | name=pando media booster | "{D4130811-4967-46A2-A280-BB514D232B40}" = rport=445 | protocol=6 | dir=out | app=system | "{E8623EEF-1D8F-472E-BDF9-EE771F7754E6}" = lport=139 | protocol=6 | dir=in | app=system | "{F38DBCB8-E210-4035-876F-D141E8F2B6FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F3B833FC-5B5E-4F67-B99D-C08B2B37F5FC}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04E2C263-3C56-40A3-8F57-86806F11CF20}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0990572B-5F1E-4A8A-93AC-CC6F39C7B9EB}" = protocol=6 | dir=in | app=e:\spiele\battlefield 3\battlefield 3\bf3.exe | "{0E4CE67A-7F8B-4DC5-A3CD-6817E8118F41}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{2279AA86-2DD5-48FF-A688-3C0DC788908F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{23325CFD-F887-43C2-9C77-52DD7293F06A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2FBF86C9-C670-4875-BE5E-10519B0853B7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{3A944D5B-A241-46B0-A259-B5EF6532F538}" = protocol=17 | dir=in | app=e:\spiele\battlefield 3\battlefield 3\bf3.exe | "{531DB3E3-A305-4930-8842-6BA4A34DB208}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5592D4DC-F9B4-4DBC-A14B-39B27858C4E2}" = protocol=6 | dir=in | app=e:\steam\steam.exe | "{5D7ECA40-6DA9-4B9D-B27D-A5775519E6A7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{5DAC8BE4-65ED-43D6-A17E-0D3DC1D1BE06}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{662F1A01-8E6F-4555-B290-90BC9E3300D2}" = protocol=17 | dir=in | app=e:\spiele\bohemia interactive\arma 2\arma2oa.exe | "{6BE34935-8DA3-4CC5-A90E-35AF83000161}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{74367D9C-9E25-4061-8B94-2D72CE454FFF}" = protocol=6 | dir=in | app=e:\spiele\bohemia interactive\arma 2\arma2oa.exe | "{79D96E14-4263-4E5F-A6B6-BB4C3EC7354A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{825BE0EF-FA53-49AA-84B3-71E318C3350C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8AFA18C0-CDAF-45E7-8D78-4F69B6757158}" = protocol=17 | dir=in | app=e:\steam\steam.exe | "{8C3D62FE-0D25-4539-B327-7D47DA40E478}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{969441AC-029F-4E34-805A-EF324B8D7C99}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{988F8CB3-BA6C-4FBC-B927-7C8CABB5E4C9}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{A8D823AB-6D19-4260-81B7-8E6980FFA4FA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{AC670F17-ED45-4B34-9049-FB2F266A9FA8}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{AFECC761-9C51-4E5E-987C-E53703F96A7D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{B5D4C5D8-1502-42D4-A04D-79B753BD759F}" = protocol=6 | dir=in | app=e:\spiele\dirt 3\dirt3_game.exe | "{BB5091D3-BBE3-47E2-BCF2-ADC54F04175C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{C55DB8C1-D8F4-4A22-8200-0BC2F895ADFA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{C5B95E49-9ACE-49E1-B03A-ECB95AEBF72E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C5CCC3B2-176E-4508-AA8F-7812A698100D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{CBC13519-EC34-4768-A0DC-39A3F245D74B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E0B56221-884A-4F4F-A0F2-A2D04C344D8F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E7E0056F-445C-4F5A-878F-B4CF98AD0F2C}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{F003798A-7377-4A9D-836F-924EC45FB715}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{F0C2DEA6-3D01-4301-B878-26B76F733D24}" = protocol=17 | dir=in | app=e:\spiele\dirt 3\dirt3_game.exe | "{F6331F6C-E146-41F3-83EA-A18FBF86B782}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{00C282F1-A900-462C-81CB-DA3C83F0AF1C}E:\spiele\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=e:\spiele\fifa 12\game\fifa.exe | "TCP Query User{3EEC0C83-CCCE-401B-8FB9-7C5570786C84}E:\spiele\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=e:\spiele\fifa 12\game\fifa.exe | "TCP Query User{3F58F3B6-E5CD-427B-A952-5744E5E9449B}E:\spiele\battlefield 3\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=e:\spiele\battlefield 3\battlefield 3\bf3.exe | "TCP Query User{44C5CFBA-0681-4419-B3BF-A6E9FFA59CEF}E:\steam\steam.exe" = protocol=6 | dir=in | app=e:\steam\steam.exe | "TCP Query User{965B6288-F821-41EA-B8B5-3FF4A79D9E6C}E:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "TCP Query User{C3F27E3B-3643-4075-B936-080035E12F36}E:\spiele\bohemia interactive\arma 2\arma2oa.exe" = protocol=6 | dir=in | app=e:\spiele\bohemia interactive\arma 2\arma2oa.exe | "TCP Query User{CC61A440-D58A-4842-84E7-5F66A556074C}E:\spiele\bohemia interactive\arma 2\arma2.exe" = protocol=6 | dir=in | app=e:\spiele\bohemia interactive\arma 2\arma2.exe | "UDP Query User{02531D7B-2F87-4AC7-9BEC-DFD4C0A584B8}E:\spiele\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=e:\spiele\fifa 12\game\fifa.exe | "UDP Query User{34637790-8084-48FA-9887-877EF7D6A816}E:\spiele\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=e:\spiele\fifa 12\game\fifa.exe | "UDP Query User{3E0E1820-5F80-4034-9ECE-94A1AC7E7BD4}E:\spiele\battlefield 3\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=e:\spiele\battlefield 3\battlefield 3\bf3.exe | "UDP Query User{9FCC36A7-1D4E-4692-A141-7DA3FDB812C7}E:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "UDP Query User{C0E0938B-C5EF-44C7-A2C5-89D1EFE30D34}E:\spiele\bohemia interactive\arma 2\arma2.exe" = protocol=17 | dir=in | app=e:\spiele\bohemia interactive\arma 2\arma2.exe | "UDP Query User{C8579D50-C92B-42B6-B2FB-AD0C766A77D3}E:\spiele\bohemia interactive\arma 2\arma2oa.exe" = protocol=17 | dir=in | app=e:\spiele\bohemia interactive\arma 2\arma2oa.exe | "UDP Query User{D4FD57BE-8A2E-436E-BC92-4F058963C5C1}E:\steam\steam.exe" = protocol=17 | dir=in | app=e:\steam\steam.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2 "{D01E478E-05BE-46BC-AF96-DD40EABA1F6A}" = System Requirements Lab CYRI (64-bit) "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "VLC media player" = VLC media player 2.0.1 "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0FDB2D25-D880-4E10-868F-8C64EFE155F1}" = G Data AntiVirus "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{434D0FA0-1558-4D8E-AC3D-BD1000008400}" = DiRT 3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AC056D10-E6C0-4085-BAD6-EEBB5EC76D66}" = Pro Evolution Soccer 4 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FCFCFCFC-FCFC-FCFC-FCFC-FCFCFCFCFCFC}_is1" = DiRT 3 Profile Import version 1.0 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall "ArmA2" = ArmA2 Uninstall "Battlelog Web Plugins" = Battlelog Web Plugins "Canon MP640 series Benutzerregistrierung" = Canon MP640 series Benutzerregistrierung "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "ESN Sonar-0.70.4" = ESN Sonar "FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1 "Fraps" = Fraps "GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008400}" = DiRT 3 "InstallShield_{AC056D10-E6C0-4085-BAD6-EEBB5EC76D66}" = Pro Evolution Soccer 4 "InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "LTspice IV" = LTspice IV "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "wx-devcpp" = wx-devcpp 6.10.2 (4.9.9.2) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 26.06.2012 03:10:29 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10 Description = Error - 26.06.2012 11:05:16 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10 Description = Error - 26.06.2012 16:04:27 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10 Description = Error - 27.06.2012 13:53:46 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10 Description = Error - 27.06.2012 14:57:31 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: u57.exe, Version: 0.0.0.0, Zeitstempel: 0x4feb579a Name des fehlerhaften Moduls: u57.exe, Version: 0.0.0.0, Zeitstempel: 0x4feb579a Ausnahmecode: 0xc00000fd Fehleroffset: 0x0000d313 ID des fehlerhaften Prozesses: 0xa18 Startzeit der fehlerhaften Anwendung: 0x01cd5496b3cf2d00 Pfad der fehlerhaften Anwendung: E:\Hochschule\Programmieren\u57\Output\MingW\u57.exe Pfad des fehlerhaften Moduls: E:\Hochschule\Programmieren\u57\Output\MingW\u57.exe Berichtskennung: f2140ff1-c089-11e1-852e-002522e6ca4e Error - 27.06.2012 14:58:06 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: u57.exe, Version: 0.0.0.0, Zeitstempel: 0x4feb57be Name des fehlerhaften Moduls: u57.exe, Version: 0.0.0.0, Zeitstempel: 0x4feb57be Ausnahmecode: 0xc00000fd Fehleroffset: 0x0000d2d3 ID des fehlerhaften Prozesses: 0xc3c Startzeit der fehlerhaften Anwendung: 0x01cd5496c9ab7024 Pfad der fehlerhaften Anwendung: E:\Hochschule\Programmieren\u57\Output\MingW\u57.exe Pfad des fehlerhaften Moduls: E:\Hochschule\Programmieren\u57\Output\MingW\u57.exe Berichtskennung: 075cbdc5-c08a-11e1-852e-002522e6ca4e Error - 28.06.2012 10:23:46 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10 Description = Error - 28.06.2012 11:04:29 | Computer Name = Tobi-PC | Source = Application Hang | ID = 1002 Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 3e0 Startzeit: 01cd553f2d0f7398 Endzeit: 51 Anwendungspfad: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Berichts-ID: 8d2dd9cf-c132-11e1-bc19-002522e6ca4e Error - 29.06.2012 07:38:12 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10 Description = Error - 01.07.2012 17:08:18 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 25.06.2012 14:31:14 | Computer Name = Tobi-PC | Source = cdrom | ID = 262159 Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit. Error - 25.06.2012 14:31:22 | Computer Name = Tobi-PC | Source = cdrom | ID = 262159 Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit. Error - 25.06.2012 14:31:26 | Computer Name = Tobi-PC | Source = cdrom | ID = 262159 Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit. Error - 25.06.2012 14:31:39 | Computer Name = Tobi-PC | Source = cdrom | ID = 262159 Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit. Error - 25.06.2012 14:32:02 | Computer Name = Tobi-PC | Source = cdrom | ID = 262159 Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit. Error - 25.06.2012 14:34:10 | Computer Name = Tobi-PC | Source = cdrom | ID = 262159 Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit. Error - 25.06.2012 14:34:37 | Computer Name = Tobi-PC | Source = cdrom | ID = 262159 Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit. Error - 25.06.2012 14:36:20 | Computer Name = Tobi-PC | Source = cdrom | ID = 262159 Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit. Error - 25.06.2012 14:36:53 | Computer Name = Tobi-PC | Source = cdrom | ID = 262159 Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit. Error - 28.06.2012 11:05:18 | Computer Name = Tobi-PC | Source = DCOM | ID = 10010 Description = < End of report > Muss ich mir denn eigentlich sorgen machen wegen Passwörter?? Ich benutze ausschließlich Mozilla (aktuell), speichere aber Passwörter nicht. |
02.07.2012, 16:01 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GData Virenfund Java:Agent-BBY[Expl] Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
02.07.2012, 19:26 | #3 |
| GData Virenfund Java:Agent-BBY[Expl] Malwarebytes Vollscan
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.02.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Tobi :: TOBI-PC [Administrator] Schutz: Aktiviert 02.07.2012 19:47:32 mbam-log-2012-07-02 (19-47-32).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 311294 Laufzeit: 10 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=c911a520e3d41f478307ad5b30b68d6e # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-02 06:24:49 # local_time=2012-07-02 08:24:49 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=4096 16777215 100 0 19954014 19954014 0 0 # compatibility_mode=5893 16776573 100 94 282440 92882316 0 0 # compatibility_mode=8192 67108863 100 0 131 131 0 0 # scanned=145616 # found=1 # cleaned=1 # scan_time=1023 E:\Spiele\Pro Evolution Soccer 2012\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C |
03.07.2012, 12:21 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GData Virenfund Java:Agent-BBY[Expl]Code:
ATTFilter E:\Spiele\Pro Evolution Soccer 2012\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ Logfiles bitte immer in CODE-Tags posten |
03.07.2012, 15:20 | #5 |
| GData Virenfund Java:Agent-BBY[Expl] Ist nicht meine Platte .. aber hilft alles nix! Bitte Thread & Account löschen !! |
03.07.2012, 15:22 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GData Virenfund Java:Agent-BBY[Expl] Threads werden hier nicht gelöscht!
__________________ --> GData Virenfund Java:Agent-BBY[Expl] |
Themen zu GData Virenfund Java:Agent-BBY[Expl] |
2.0.7, antivirus, autorun, bho, call of duty, canon, error, excel, fehler, firefox, firefox 13.0.1, flash player, format, gdata, helper, install.exe, langs, launch, logfile, mozilla, nvidia update, object, origin, pando media booster, plug-in, realtek, registry, rundll, searchscopes, security, software, svchost.exe, system, udp, virus, windows |