Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GData Virenfund Java:Agent-BBY[Expl]

GData Virenfund Java:Agent-BBY[Expl]


Plagegeister aller Art und deren Bekämpfung: GData Virenfund Java:Agent-BBY[Expl]

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.07.2012, 23:48   #1
KiLLa-T
 
GData Virenfund Java:Agent-BBY[Expl] - Standard

GData Virenfund Java:Agent-BBY[Expl]


Hallo,

bin neu hier.
Als GData heut mein System gescannt hat, bekam ich den Hinweis, dass die Datei in Quarantäne verschoben worden ist.

Code:
ATTFilter
Virus: Java:Agent-BBY[Expl](Engine B)(Engine B)
Datei: jar_cache8538698815778827528.tmp
Verzeichnis: C:\Users\Tobi\AppData\Local\Temp
Habe das nirgends im Web gefunden, deswegen bitte ich hier um Hilfe!

Habe mir sowie die goldenen Regeln als auch alle weiteren Schritte zum erstellen des ersten Threads durchgelesen bzw. durchgeführt.

Ich möchte noch erwähnen, dass Defogger.exe weder nach einem Neustart verlangt hat, noch eine Fehler gemeldet hat.
Hab die .exe geöffnet, bin auf "Disable" .. und das wars dann.
Die defogger_disable.log kopier ich mal

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:26 on 02/07/2012 (Tobi)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Weiter gehts mit dem OTL
Als erstes die OTL.txt

Code:
ATTFilter
OTL logfile created on: 02.07.2012 00:29:30 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Tobi\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 6,50 Gb Available Physical Memory | 82,11% Memory free
15,83 Gb Paging File | 14,19 Gb Available in Paging File | 89,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,53 Gb Total Space | 9,07 Gb Free Space | 15,23% Space Free | Partition Type: NTFS
Drive E: | 372,61 Gb Total Space | 281,53 Gb Free Space | 75,56% Space Free | Partition Type: NTFS
Drive F: | 372,60 Gb Total Space | 185,56 Gb Free Space | 49,80% Space Free | Partition Type: NTFS
 
Computer Name: TOBI-PC | User Name: Tobi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.02 00:28:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe
PRC - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.01.03 20:27:05 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009.05.19 19:39:44 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009.03.02 16:33:02 | 000,920,136 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\AntiVirus\AVKTray\AVKTray.exe
PRC - [2009.03.02 14:09:30 | 001,117,768 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
PRC - [2009.03.02 14:09:30 | 000,388,168 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G DATA\AntiVirus\AVK\AVKService.exe
PRC - [2009.02.25 03:47:46 | 000,287,816 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.16 15:26:46 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2011.11.16 15:26:45 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.23 20:23:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.06.18 17:19:58 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.23 01:44:32 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.03 20:27:05 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.02 14:09:30 | 001,117,768 | ---- | M] (G DATA Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2009.03.02 14:09:30 | 000,388,168 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2009.02.25 03:47:46 | 000,287,816 | ---- | M] (G DATA Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan)
SRV - [2009.02.25 03:32:46 | 001,905,008 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\AntiVirus\AVK\AVKWCtlX64.exe -- (AVKWCtl)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.14 22:21:22 | 000,064,456 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2011.11.14 22:21:02 | 000,038,856 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2011.11.14 22:20:55 | 000,048,072 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2011.08.31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.04.21 20:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.08 07:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.02.08 07:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.02.22 18:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV - [2012.07.01 23:44:50 | 000,104,904 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AB F9 B6 7D DB 43 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: E:\Drucker Treiber\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Acrobat Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 17:19:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 17:19:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.11.14 22:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions
[2012.06.29 17:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\b2z8c1lk.default\extensions
[2012.06.28 01:40:19 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\b2z8c1lk.default\extensions\djziggy@gmail.com
[2012.06.29 17:07:39 | 000,000,853 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\b2z8c1lk.default\searchplugins\11-suche.xml
[2012.06.29 17:07:39 | 000,002,209 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\b2z8c1lk.default\searchplugins\englische-ergebnisse.xml
[2012.06.29 17:07:39 | 000,010,506 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\b2z8c1lk.default\searchplugins\gmx-suche.xml
[2012.06.29 17:07:39 | 000,002,368 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\b2z8c1lk.default\searchplugins\lastminute.xml
[2012.06.29 17:07:39 | 000,005,489 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\b2z8c1lk.default\searchplugins\webde-suche.xml
[2012.06.07 20:17:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.23 20:12:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.29 17:07:38 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\TOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B2Z8C1LK.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.06.18 17:19:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.27 18:42:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.27 18:42:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.27 18:42:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.27 18:42:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.27 18:42:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.27 18:42:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\AntiVirus\Webfilter\AVKWebIEx64.dll ()
O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\AntiVirus\Webfilter\AVKWebIEx64.dll ()
O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\AntiVirus\Webfilter\AVKWebIE.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G DATA\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {AEA3991E-3109-4C98-989E-33994FEB1A91} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri64_4.4.26.0.cab (SysInfo Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2108924-4295-4C14-A343-7A8221AD6AD5}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.02 00:28:44 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe
[2012.06.13 17:36:30 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\Macromedia
[2012.06.05 12:24:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2012.06.05 12:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2012.06.05 12:24:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012.06.05 12:24:21 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Documents\My Games
[2012.06.05 12:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2012.06.05 12:16:28 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2012.06.05 12:16:27 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.06.05 12:16:27 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.06.05 12:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012.06.05 12:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2012.06.05 12:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2012.06.05 12:15:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012.06.05 12:15:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2012.06.05 01:54:25 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\NVIDIA
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.02 00:28:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe
[2012.07.02 00:26:46 | 000,000,000 | ---- | M] () -- C:\Users\Tobi\defogger_reenable
[2012.07.02 00:25:29 | 000,050,477 | ---- | M] () -- C:\Users\Tobi\Desktop\Defogger.exe
[2012.07.02 00:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.01 23:44:50 | 000,104,904 | ---- | M] (G Data Software) -- C:\Windows\SysWow64\drivers\GRD.sys
[2012.07.01 23:14:44 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.01 23:14:44 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.01 23:12:30 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.01 23:12:30 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.01 23:12:30 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.01 23:12:30 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.01 23:12:30 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.01 23:06:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.01 23:06:21 | 2078,806,015 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.18 21:10:56 | 000,001,061 | ---- | M] () -- C:\Users\Tobi\Desktop\Origin offline.lnk
[2012.06.14 11:23:10 | 000,312,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.05 16:39:19 | 000,000,948 | ---- | M] () -- C:\Users\Tobi\Desktop\DIRT3.lnk
[2012.06.05 12:16:27 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.06.05 12:16:27 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
 
========== Files Created - No Company Name ==========
 
[2012.07.02 00:26:46 | 000,000,000 | ---- | C] () -- C:\Users\Tobi\defogger_reenable
[2012.07.02 00:25:28 | 000,050,477 | ---- | C] () -- C:\Users\Tobi\Desktop\Defogger.exe
[2012.06.05 12:27:29 | 000,000,948 | ---- | C] () -- C:\Users\Tobi\Desktop\DIRT3.lnk
[2012.02.06 14:49:58 | 001,961,472 | ---- | C] () -- C:\Windows\SysWow64\qtcore4.dll
[2012.01.12 22:34:25 | 000,003,822 | ---- | C] () -- C:\Windows\scad3.INI
[2012.01.04 16:31:44 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.11.15 03:05:31 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.15 03:05:30 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.08.31 20:51:16 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.08.31 20:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.31 20:51:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.08.31 20:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.08.31 20:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== LOP Check ==========
 
[2011.11.14 23:22:40 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\ArmA II Launcher
[2011.12.13 21:07:53 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Dev-Cpp
[2012.04.08 23:07:33 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\LolClient
[2011.11.16 15:28:05 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\OpenOffice.org
[2011.11.15 01:53:28 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Origin
[2012.06.06 22:50:45 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Jetzt die Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 02.07.2012 00:29:30 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Tobi\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 6,50 Gb Available Physical Memory | 82,11% Memory free
15,83 Gb Paging File | 14,19 Gb Available in Paging File | 89,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,53 Gb Total Space | 9,07 Gb Free Space | 15,23% Space Free | Partition Type: NTFS
Drive E: | 372,61 Gb Total Space | 281,53 Gb Free Space | 75,56% Space Free | Partition Type: NTFS
Drive F: | 372,60 Gb Total Space | 185,56 Gb Free Space | 49,80% Space Free | Partition Type: NTFS
 
Computer Name: TOBI-PC | User Name: Tobi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E7CB07E-1FD3-41EB-84EA-EC1E5A13D83F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0F139034-BEFF-465D-96CA-B9169BAA0B5E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{20353FF1-C44A-45E0-B5D7-DAEA90522729}" = lport=138 | protocol=17 | dir=in | app=system | 
"{22398EBE-6F0A-41B5-9C70-7E52BAA95739}" = lport=59033 | protocol=6 | dir=in | name=pando media booster | 
"{33861CF9-9B8B-4E0A-92CF-BF3ECDD88C9A}" = lport=59033 | protocol=17 | dir=in | name=pando media booster | 
"{37DB557C-877A-4DDD-A4D1-1E9F3E8FE02D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{46FFD205-DFE4-4C98-93A9-D0794F2C0917}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{480BE769-1C8B-4B86-9DB8-84F8D84F2668}" = lport=59033 | protocol=6 | dir=in | name=pando media booster | 
"{4F841221-32FB-4CA9-BE5F-E21E02C15249}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4FE9A1D9-944A-46ED-A0AB-36271162D3AE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{71CE6118-0A39-4E16-B298-541A3FC4E458}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8EBB396A-14E5-4261-B95D-58F18D55E39C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{C60FF4FE-9CFD-4626-8AE1-FF6BAE86DF06}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CB28EE58-A705-4508-9195-A4B919F03379}" = lport=59033 | protocol=17 | dir=in | name=pando media booster | 
"{D4130811-4967-46A2-A280-BB514D232B40}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E8623EEF-1D8F-472E-BDF9-EE771F7754E6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F38DBCB8-E210-4035-876F-D141E8F2B6FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F3B833FC-5B5E-4F67-B99D-C08B2B37F5FC}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04E2C263-3C56-40A3-8F57-86806F11CF20}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0990572B-5F1E-4A8A-93AC-CC6F39C7B9EB}" = protocol=6 | dir=in | app=e:\spiele\battlefield 3\battlefield 3\bf3.exe | 
"{0E4CE67A-7F8B-4DC5-A3CD-6817E8118F41}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{2279AA86-2DD5-48FF-A688-3C0DC788908F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{23325CFD-F887-43C2-9C77-52DD7293F06A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2FBF86C9-C670-4875-BE5E-10519B0853B7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{3A944D5B-A241-46B0-A259-B5EF6532F538}" = protocol=17 | dir=in | app=e:\spiele\battlefield 3\battlefield 3\bf3.exe | 
"{531DB3E3-A305-4930-8842-6BA4A34DB208}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5592D4DC-F9B4-4DBC-A14B-39B27858C4E2}" = protocol=6 | dir=in | app=e:\steam\steam.exe | 
"{5D7ECA40-6DA9-4B9D-B27D-A5775519E6A7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5DAC8BE4-65ED-43D6-A17E-0D3DC1D1BE06}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{662F1A01-8E6F-4555-B290-90BC9E3300D2}" = protocol=17 | dir=in | app=e:\spiele\bohemia interactive\arma 2\arma2oa.exe | 
"{6BE34935-8DA3-4CC5-A90E-35AF83000161}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{74367D9C-9E25-4061-8B94-2D72CE454FFF}" = protocol=6 | dir=in | app=e:\spiele\bohemia interactive\arma 2\arma2oa.exe | 
"{79D96E14-4263-4E5F-A6B6-BB4C3EC7354A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{825BE0EF-FA53-49AA-84B3-71E318C3350C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8AFA18C0-CDAF-45E7-8D78-4F69B6757158}" = protocol=17 | dir=in | app=e:\steam\steam.exe | 
"{8C3D62FE-0D25-4539-B327-7D47DA40E478}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{969441AC-029F-4E34-805A-EF324B8D7C99}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{988F8CB3-BA6C-4FBC-B927-7C8CABB5E4C9}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{A8D823AB-6D19-4260-81B7-8E6980FFA4FA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AC670F17-ED45-4B34-9049-FB2F266A9FA8}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{AFECC761-9C51-4E5E-987C-E53703F96A7D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B5D4C5D8-1502-42D4-A04D-79B753BD759F}" = protocol=6 | dir=in | app=e:\spiele\dirt 3\dirt3_game.exe | 
"{BB5091D3-BBE3-47E2-BCF2-ADC54F04175C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C55DB8C1-D8F4-4A22-8200-0BC2F895ADFA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C5B95E49-9ACE-49E1-B03A-ECB95AEBF72E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C5CCC3B2-176E-4508-AA8F-7812A698100D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CBC13519-EC34-4768-A0DC-39A3F245D74B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E0B56221-884A-4F4F-A0F2-A2D04C344D8F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E7E0056F-445C-4F5A-878F-B4CF98AD0F2C}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{F003798A-7377-4A9D-836F-924EC45FB715}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{F0C2DEA6-3D01-4301-B878-26B76F733D24}" = protocol=17 | dir=in | app=e:\spiele\dirt 3\dirt3_game.exe | 
"{F6331F6C-E146-41F3-83EA-A18FBF86B782}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{00C282F1-A900-462C-81CB-DA3C83F0AF1C}E:\spiele\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=e:\spiele\fifa 12\game\fifa.exe | 
"TCP Query User{3EEC0C83-CCCE-401B-8FB9-7C5570786C84}E:\spiele\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=e:\spiele\fifa 12\game\fifa.exe | 
"TCP Query User{3F58F3B6-E5CD-427B-A952-5744E5E9449B}E:\spiele\battlefield 3\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=e:\spiele\battlefield 3\battlefield 3\bf3.exe | 
"TCP Query User{44C5CFBA-0681-4419-B3BF-A6E9FFA59CEF}E:\steam\steam.exe" = protocol=6 | dir=in | app=e:\steam\steam.exe | 
"TCP Query User{965B6288-F821-41EA-B8B5-3FF4A79D9E6C}E:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"TCP Query User{C3F27E3B-3643-4075-B936-080035E12F36}E:\spiele\bohemia interactive\arma 2\arma2oa.exe" = protocol=6 | dir=in | app=e:\spiele\bohemia interactive\arma 2\arma2oa.exe | 
"TCP Query User{CC61A440-D58A-4842-84E7-5F66A556074C}E:\spiele\bohemia interactive\arma 2\arma2.exe" = protocol=6 | dir=in | app=e:\spiele\bohemia interactive\arma 2\arma2.exe | 
"UDP Query User{02531D7B-2F87-4AC7-9BEC-DFD4C0A584B8}E:\spiele\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=e:\spiele\fifa 12\game\fifa.exe | 
"UDP Query User{34637790-8084-48FA-9887-877EF7D6A816}E:\spiele\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=e:\spiele\fifa 12\game\fifa.exe | 
"UDP Query User{3E0E1820-5F80-4034-9ECE-94A1AC7E7BD4}E:\spiele\battlefield 3\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=e:\spiele\battlefield 3\battlefield 3\bf3.exe | 
"UDP Query User{9FCC36A7-1D4E-4692-A141-7DA3FDB812C7}E:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"UDP Query User{C0E0938B-C5EF-44C7-A2C5-89D1EFE30D34}E:\spiele\bohemia interactive\arma 2\arma2.exe" = protocol=17 | dir=in | app=e:\spiele\bohemia interactive\arma 2\arma2.exe | 
"UDP Query User{C8579D50-C92B-42B6-B2FB-AD0C766A77D3}E:\spiele\bohemia interactive\arma 2\arma2oa.exe" = protocol=17 | dir=in | app=e:\spiele\bohemia interactive\arma 2\arma2oa.exe | 
"UDP Query User{D4FD57BE-8A2E-436E-BC92-4F058963C5C1}E:\steam\steam.exe" = protocol=17 | dir=in | app=e:\steam\steam.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{D01E478E-05BE-46BC-AF96-DD40EABA1F6A}" = System Requirements Lab CYRI (64-bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0FDB2D25-D880-4E10-868F-8C64EFE155F1}" = G Data AntiVirus
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{434D0FA0-1558-4D8E-AC3D-BD1000008400}" = DiRT 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC056D10-E6C0-4085-BAD6-EEBB5EC76D66}" = Pro Evolution Soccer 4
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCFCFCFC-FCFC-FCFC-FCFC-FCFCFCFCFCFC}_is1" = DiRT 3 Profile Import version 1.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"ArmA2" = ArmA2 Uninstall
"Battlelog Web Plugins" = Battlelog Web Plugins
"Canon MP640 series Benutzerregistrierung" = Canon MP640 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESN Sonar-0.70.4" = ESN Sonar
"FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1
"Fraps" = Fraps
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008400}" = DiRT 3
"InstallShield_{AC056D10-E6C0-4085-BAD6-EEBB5EC76D66}" = Pro Evolution Soccer 4
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"LTspice IV" = LTspice IV
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"wx-devcpp" = wx-devcpp 6.10.2 (4.9.9.2)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.06.2012 03:10:29 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.06.2012 11:05:16 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.06.2012 16:04:27 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.06.2012 13:53:46 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.06.2012 14:57:31 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: u57.exe, Version: 0.0.0.0, Zeitstempel:
 0x4feb579a  Name des fehlerhaften Moduls: u57.exe, Version: 0.0.0.0, Zeitstempel:
 0x4feb579a  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x0000d313  ID des fehlerhaften Prozesses:
 0xa18  Startzeit der fehlerhaften Anwendung: 0x01cd5496b3cf2d00  Pfad der fehlerhaften
 Anwendung: E:\Hochschule\Programmieren\u57\Output\MingW\u57.exe  Pfad des fehlerhaften
 Moduls: E:\Hochschule\Programmieren\u57\Output\MingW\u57.exe  Berichtskennung: f2140ff1-c089-11e1-852e-002522e6ca4e
 
Error - 27.06.2012 14:58:06 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: u57.exe, Version: 0.0.0.0, Zeitstempel:
 0x4feb57be  Name des fehlerhaften Moduls: u57.exe, Version: 0.0.0.0, Zeitstempel:
 0x4feb57be  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x0000d2d3  ID des fehlerhaften Prozesses:
 0xc3c  Startzeit der fehlerhaften Anwendung: 0x01cd5496c9ab7024  Pfad der fehlerhaften
 Anwendung: E:\Hochschule\Programmieren\u57\Output\MingW\u57.exe  Pfad des fehlerhaften
 Moduls: E:\Hochschule\Programmieren\u57\Output\MingW\u57.exe  Berichtskennung: 075cbdc5-c08a-11e1-852e-002522e6ca4e
 
Error - 28.06.2012 10:23:46 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.06.2012 11:04:29 | Computer Name = Tobi-PC | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 3e0    Startzeit: 01cd553f2d0f7398    Endzeit: 51    Anwendungspfad: 
C:\Program Files (x86)\Windows Media Player\wmplayer.exe    Berichts-ID: 8d2dd9cf-c132-11e1-bc19-002522e6ca4e

 
Error - 29.06.2012 07:38:12 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.07.2012 17:08:18 | Computer Name = Tobi-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 25.06.2012 14:31:14 | Computer Name = Tobi-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 25.06.2012 14:31:22 | Computer Name = Tobi-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 25.06.2012 14:31:26 | Computer Name = Tobi-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 25.06.2012 14:31:39 | Computer Name = Tobi-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 25.06.2012 14:32:02 | Computer Name = Tobi-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 25.06.2012 14:34:10 | Computer Name = Tobi-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 25.06.2012 14:34:37 | Computer Name = Tobi-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 25.06.2012 14:36:20 | Computer Name = Tobi-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 25.06.2012 14:36:53 | Computer Name = Tobi-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 28.06.2012 11:05:18 | Computer Name = Tobi-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
Ich hoffe ich habe alles richtig gemacht ..

Muss ich mir denn eigentlich sorgen machen wegen Passwörter??

Ich benutze ausschließlich Mozilla (aktuell), speichere aber Passwörter nicht.

Alt 02.07.2012, 16:01   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GData Virenfund Java:Agent-BBY[Expl] - Standard

GData Virenfund Java:Agent-BBY[Expl]


Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
__________________

__________________
Alt 02.07.2012, 19:26   #3
KiLLa-T
 
GData Virenfund Java:Agent-BBY[Expl] - Standard

GData Virenfund Java:Agent-BBY[Expl]


Malwarebytes Vollscan

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Tobi :: TOBI-PC [Administrator]

Schutz: Aktiviert

02.07.2012 19:47:32
mbam-log-2012-07-02 (19-47-32).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 311294
Laufzeit: 10 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
ESET Scan

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c911a520e3d41f478307ad5b30b68d6e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-02 06:24:49
# local_time=2012-07-02 08:24:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=4096 16777215 100 0 19954014 19954014 0 0
# compatibility_mode=5893 16776573 100 94 282440 92882316 0 0
# compatibility_mode=8192 67108863 100 0 131 131 0 0
# scanned=145616
# found=1
# cleaned=1
# scan_time=1023
E:\Spiele\Pro Evolution Soccer 2012\rld.dll	a variant of Win32/Packed.VMProtect.AAH trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
__________________
Alt 03.07.2012, 12:21   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GData Virenfund Java:Agent-BBY[Expl] - Standard

GData Virenfund Java:Agent-BBY[Expl]


Code:
ATTFilter
E:\Spiele\Pro Evolution Soccer 2012\rld.dll	a variant of Win32/Packed.VMProtect.AAH trojan


Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.07.2012, 15:20   #5
KiLLa-T
 
GData Virenfund Java:Agent-BBY[Expl] - Standard

GData Virenfund Java:Agent-BBY[Expl]


Ist nicht meine Platte .. aber hilft alles nix!

Bitte Thread & Account löschen !!


Alt 03.07.2012, 15:22   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GData Virenfund Java:Agent-BBY[Expl] - Standard

GData Virenfund Java:Agent-BBY[Expl]


Threads werden hier nicht gelöscht!
__________________
--> GData Virenfund Java:Agent-BBY[Expl]

Antwort

Themen zu GData Virenfund Java:Agent-BBY[Expl]
2.0.7, antivirus, autorun, bho, call of duty, canon, error, excel, fehler, firefox, firefox 13.0.1, flash player, format, gdata, helper, install.exe, langs, launch, logfile, mozilla, nvidia update, object, origin, pando media booster, plug-in, realtek, registry, rundll, searchscopes, security, software, svchost.exe, system, udp, virus, windows


« Anfangs TR/Dropper.Gen, nun permanente Meldungen zu TR/Sirefef.AG.35, TR/ATRAPS.Gen2 und TR/Small.FI | Trojaner mit Zahlungsaufforderung, Computer-Sperrung und Spam-Mail »


Ähnliche Themen: GData Virenfund Java:Agent-BBY[Expl]


  1. Seltsame Skype-Übertragung: dann JS:Agent-DDZ [Expl] gefunden + 4 weitere
    Log-Analyse und Auswertung - 10.10.2014 (9)
  2. Avast-Meldung: BSI Warnung (Identitätsdiebstahl) u. Virenfund v. Avast (HTML:Downloader-FG (Expl))
    Log-Analyse und Auswertung - 29.04.2014 (8)
  3. Virenfund EXP/JAVA.Ternub.Gen, entfernt nach Deinstallation von Java?
    Log-Analyse und Auswertung - 22.07.2013 (13)
  4. Trojanische Pferd TR/Expl.Java.CVE20100840.K - gelöscht - system nun clean?
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (11)
  5. Java:CVE-2012-1723-HF [Expl] (2x) (Engine B) - wie bekomm ich den richtig weg?
    Plagegeister aller Art und deren Bekämpfung - 24.09.2012 (2)
  6. (2x) Antivir Fund: Java:Downloader-BQ [Expl]
    Mülltonne - 01.07.2012 (1)
  7. G-Data findet Java:Agent-APE [Expl] (Engine B)
    Plagegeister aller Art und deren Bekämpfung - 18.02.2012 (1)
  8. Avast meldet einen Fehler beim Scan und zwar infiziert von Java: Agent-VN (Expl)
    Plagegeister aller Art und deren Bekämpfung - 07.11.2011 (1)
  9. Java:Agent-UD [Expl], Java:Agent-UE [Expl], Java:Agent-UF [Expl]
    Plagegeister aller Art und deren Bekämpfung - 01.09.2011 (0)
  10. Malware auf Homepage und Rechner gefunden. 'JAVA/Agent.JT' , JAVA/Agent.10515
    Log-Analyse und Auswertung - 31.05.2011 (22)
  11. Java:Agent-EM (Expl) und mehr hilfe!!!
    Plagegeister aller Art und deren Bekämpfung - 17.05.2011 (65)
  12. G Data Total Care findet Win32:Malware-gen; Trojan.Generic.4880128; Java:Agent-CU[Expl]
    Plagegeister aller Art und deren Bekämpfung - 12.02.2011 (7)
  13. Avira meldet Befall mit TR/Dldr.Carberp.C.51 und Java/Agent.HT.2 bzw. Java/Agent.ID.2
    Plagegeister aller Art und deren Bekämpfung - 26.11.2010 (14)
  14. Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C
    Plagegeister aller Art und deren Bekämpfung - 13.11.2010 (18)
  15. Avirafund: TR/Drop.Agent.cxpr, JAVA/Agent.A, JAVA/Rowindal.C und andere
    Plagegeister aller Art und deren Bekämpfung - 14.09.2010 (25)
  16. AntiVir Virenfund - JAVA/Agent.N
    Plagegeister aller Art und deren Bekämpfung - 21.07.2010 (1)
  17. Trojanische Pferd TR/Expl.Java.Bytvery
    Plagegeister aller Art und deren Bekämpfung - 26.12.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GData Virenfund Java:Agent-BBY[Expl] - Hallo, bin neu hier. Als GData heut mein System gescannt hat, bekam ich den Hinweis, dass die Datei in Quarantäne verschoben worden ist. Code: Alles auswählen Aufklappen ATTFilter Virus: Java:Agent-BBY[Expl](Engine - GData Virenfund Java:Agent-BBY[Expl]...
Archiv
Du betrachtest: GData Virenfund Java:Agent-BBY[Expl] auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130