| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Java:Agent-EM (Expl) und mehr hilfe!!!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.05.2011, 17:31
| #16 |
| |  Java:Agent-EM (Expl) und mehr hilfe!!! lool aber kann mann diesne hurensohn virus nicht irgenwie noch löschen?? |
|
06.05.2011, 18:31
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Java:Agent-EM (Expl) und mehr hilfe!!! Sicher geht das "irgendwie" - nur ob du alles erwischt ist bei einer Bereinigung IMMER ungewiss! Und da du mit einem vom Vorbesitzer vergewaltigten Windows rumgurkst wollte ich die zusätzliche Sinnfreiheit deutlich machen. Warum genau hast du jetzt ein Problem mit format c, welches Argument spricht aus deiner Sicht dagegen? "keine Lust" oder ähnliches zählt nicht!
__________________
__________________ |
|
07.05.2011, 22:38
| #18 |
| | Java:Agent-EM (Expl) und mehr hilfe!!! also mein argument is ich habe ersten keine win 7 cd 2ten ich bin rgad nicht so einer der es weißt wie man sowas macht.. und danach noch die ganzen datein wie rgafik arte treiber alles raus zu suchen... sowas kann ich nicht gut und darum habe ich ja euch gefragt ob man denn bösen virus wegbekommt... ich finds voll bekloppt... ersmall steht da alles ok ich so glücklich aber dann wieder des.. ich war so... du weißt schon..ja und mit Malwarebytes hab ich ja geguckt der meint keine maleware nur mein G data security 2010 meint das da virus noch is... echt.. weiß nicht weita pls.. hilfe..
__________________ |
|
07.05.2011, 23:27
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java:Agent-EM (Expl) und mehr hilfe!!! Keine Recoverypartition vorhanden? Vermutlich ist bei diesem vom Lastwagen gefallenen Gerät auch kein handbuch dabei gewesen? 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.05.2011, 14:23
| #20 |
| | Java:Agent-EM (Expl) und mehr hilfe!!! handbuch von pc was der pc für funktionen hat das müsst ich haben.. aber ne andere frage gibs echt kein anderen weg diesen virus zu löschen? |
|
08.05.2011, 14:38
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java:Agent-EM (Expl) und mehr hilfe!!! Wenn du das unbedingt willst... Dann brauch ich neue Logs mit Malwarebytes und OTL: Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL-Custom: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Java:Agent-EM (Expl) und mehr hilfe!!! |
|
09.05.2011, 09:05
| #22 |
| | Java:Agent-EM (Expl) und mehr hilfe!!! och wenn ich dich nicht hätte^^ mach ich so schnell wie möglich^^ |
|
09.05.2011, 10:34
| #23 |
| | Java:Agent-EM (Expl) und mehr hilfe!!! also das wurde am 30.3.11 erstellt wo ich dass das erste mall gemacht habe vielleicht rbauchs des auch^^OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.04.2011 23:05:51 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\PBell\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 30,00% Memory free 6,00 Gb Paging File | 2,00 Gb Available in Paging File | 41,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457,95 Gb Total Space | 316,35 Gb Free Space | 69,08% Space Free | Partition Type: NTFS Drive D: | 458,46 Gb Total Space | 90,73 Gb Free Space | 19,79% Space Free | Partition Type: NTFS Computer Name: PBELL-PC | User Name: PBell | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\PBell\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\SwiftKit\SwiftKit-RS.exe (Bluelight Developments) PRC - C:\Program Files (x86)\IObit\Game Booster\gbtray.exe (IObit) PRC - C:\Users\PBell\Desktop\Steam\steam.exe (Valve Corporation) PRC - C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Java\jre6\bin\java.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe (Acer Incorporated) PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Program Files (x86)\Packard Bell Photo Frame\ButtonMonitor.exe (IOI) PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Packard Bell\Software Suite SE\SEDevDetect.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) ========== Modules (SafeList) ========== MOD - C:\Users\PBell\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_a35e6b9.dll () SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG) SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) SRV - (AVKService) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AdobeActiveFileMonitor7.0) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G DATA Software AG) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G DATA Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software) DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (e1kexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV - (GRD) -- C:\Windows\SysWOW64\drivers\GRD.sys (G Data Software) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.622.0 FF - prefs.js..extensions.enabledItems: runtime@panda3d.org:1.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {563e4790-7e70-11da-a72b-0800200c9a66}:0.9d FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.29 10:44:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.30 22:22:49 | 000,000,000 | ---D | M] [2010.11.01 16:15:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PBell\AppData\Roaming\mozilla\Extensions [2011.04.07 18:54:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PBell\AppData\Roaming\mozilla\Firefox\Profiles\30zk41z0.default\extensions [2011.04.06 20:17:28 | 000,000,000 | ---D | M] (Vyprázdnit vyrovnávacÃ* paměť) -- C:\Users\PBell\AppData\Roaming\mozilla\Firefox\Profiles\30zk41z0.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66} [2011.04.07 18:54:09 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\PBell\AppData\Roaming\mozilla\Firefox\Profiles\30zk41z0.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.04.07 18:54:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\PBell\AppData\Roaming\mozilla\Firefox\Profiles\30zk41z0.default\extensions\engine@conduit.com [2010.11.22 13:14:09 | 000,000,000 | ---D | M] (Panda3D Game Engine Plug-In) -- C:\Users\PBell\AppData\Roaming\mozilla\Firefox\Profiles\30zk41z0.default\extensions\runtime@panda3d.org [2011.04.06 22:25:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.11.25 23:28:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.16 10:34:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.04 01:09:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2011.04.29 10:44:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.12.16 11:17:08 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [Packard Bell Photo Frame] C:\Program Files (x86)\Packard Bell Photo Frame\ButtonMonitor.exe (IOI) O4 - HKCU..\Run: [Software Suite SE] C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe (Acer Incorporated) O4 - HKCU..\Run: [Steam] C:\Users\PBell\Desktop\Steam\steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\PBell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\PBell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe) - c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe () O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.30 23:00:11 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\PBell\Desktop\OTL.exe [2011.04.30 20:59:05 | 000,000,000 | ---D | C] -- C:\Users\PBell\AppData\Roaming\Malwarebytes [2011.04.30 20:58:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.04.30 20:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.30 20:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.30 20:58:37 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.04.30 20:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.04.29 09:24:24 | 000,000,000 | ---D | C] -- C:\Users\PBell\Desktop\alle dokumente [2011.04.27 01:38:06 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011.04.27 01:38:06 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2011.04.27 01:38:06 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.04.27 01:38:05 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.04.27 01:37:56 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2011.04.27 01:37:56 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2011.04.27 01:37:56 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2011.04.27 01:37:56 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe [2011.04.27 01:37:56 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys [2011.04.27 01:37:55 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys [2011.04.27 01:37:55 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe [2011.04.27 01:37:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe [2011.04.27 01:37:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe [2011.04.24 12:07:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2011.04.24 12:06:08 | 002,578,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2011.04.24 12:06:07 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2011.04.24 12:06:07 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2011.04.24 12:06:07 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2011.04.24 12:06:07 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2011.04.24 12:06:02 | 002,392,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2011.04.24 12:06:02 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2011.04.24 12:06:01 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2011.04.24 12:05:58 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2011.04.24 12:05:57 | 003,048,552 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2011.04.24 12:05:56 | 000,648,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2011.04.24 12:05:55 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2011.04.24 12:05:55 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2011.04.24 12:05:55 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2011.04.24 12:05:55 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2011.04.24 12:05:54 | 001,242,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2011.04.24 12:05:52 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2011.04.24 12:05:52 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2011.04.24 12:05:51 | 000,084,584 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll [2011.04.24 12:05:39 | 000,397,912 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBTHX64.dll [2011.04.24 12:05:39 | 000,309,848 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBTHX32.dll [2011.04.24 12:05:39 | 000,080,984 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll [2011.04.24 12:05:39 | 000,032,344 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\MBfilt64.sys [2011.04.24 12:05:38 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2011.04.24 12:05:37 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2011.04.24 12:05:27 | 002,075,712 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2011.04.24 12:05:26 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2011.04.24 12:05:26 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2011.04.24 12:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2011.04.24 11:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2011.04.24 11:29:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2011.04.24 11:28:22 | 020,471,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2011.04.24 11:28:22 | 018,580,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2011.04.24 11:28:22 | 015,047,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2011.04.24 11:28:22 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2011.04.24 11:28:22 | 012,859,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2011.04.24 11:28:22 | 006,604,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2011.04.24 11:28:22 | 004,941,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2011.04.24 11:28:22 | 003,112,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2011.04.24 11:28:22 | 002,895,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2011.04.24 11:28:22 | 002,479,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2011.04.24 11:28:22 | 002,251,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2011.04.24 11:28:22 | 001,614,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642090.dll [2011.04.24 11:28:22 | 001,359,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642040.dll [2011.04.24 11:28:22 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.04.24 11:28:22 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.04.24 11:28:22 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2011.04.24 11:27:44 | 000,000,000 | ---D | C] -- C:\NVIDIA [2011.04.23 13:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster [2011.04.23 13:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2011.04.23 13:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2011.04.23 13:46:32 | 007,069,064 | ---- | C] (IObit ) -- C:\Users\PBell\Desktop\gamebooster23.exe [2011.04.15 02:35:45 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.04.15 02:35:44 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.04.15 02:35:43 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.04.15 02:35:43 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.04.15 02:35:43 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.04.15 02:35:41 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll [2011.04.15 02:35:40 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll [2011.04.15 02:35:40 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2011.04.15 02:35:40 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2011.04.15 02:35:37 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.04.15 02:35:36 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.04.15 02:35:36 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.04.15 02:35:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.04.15 02:35:27 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.04.15 02:35:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.04.15 02:35:24 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll [2011.04.15 02:35:24 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe [2011.04.15 02:35:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2011.04.15 02:35:22 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2011.04.15 02:35:22 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2011.04.15 02:35:22 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2011.04.15 02:35:22 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2011.04.15 02:35:22 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll [2011.04.15 02:35:22 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll [2011.04.15 02:35:22 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll [2011.04.15 02:35:14 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe [2011.04.10 17:58:03 | 000,000,000 | ---D | C] -- C:\Users\PBell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vogster Entertainment [2011.04.10 17:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vogster Entertainment [2011.04.10 17:43:47 | 000,000,000 | ---D | C] -- C:\Users\PBell\Desktop\Crimecraft [2011.04.07 18:35:35 | 000,000,000 | ---D | C] -- C:\Users\PBell\AppData\Roaming\Opera [2011.04.07 18:35:35 | 000,000,000 | ---D | C] -- C:\Users\PBell\AppData\Local\Opera [2011.04.07 18:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2011.04.05 19:41:52 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2011.04.05 19:11:01 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.04.05 18:26:40 | 000,000,000 | ---D | C] -- C:\Users\PBell\AppData\Local\Apple Computer [2011.04.05 18:24:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2011.04.05 18:24:15 | 000,000,000 | ---D | C] -- C:\Users\PBell\AppData\Local\Apple [2011.04.05 18:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011.04.03 12:43:21 | 000,000,000 | ---D | C] -- C:\Users\PBell\AppData\Roaming\Need for Speed World [2011.04.03 12:26:13 | 000,000,000 | ---D | C] -- C:\Users\PBell\AppData\Local\Electronic_Arts_Inc [2011.04.03 12:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2011.04.03 12:25:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2009.09.03 16:13:01 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2011.04.30 23:00:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\PBell\Desktop\OTL.exe [2011.04.30 22:19:19 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.30 20:58:41 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.30 17:19:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.30 16:09:52 | 000,000,129 | ---- | M] () -- C:\Users\PBell\jagex_runescape_preferences2.dat [2011.04.30 16:09:52 | 000,000,046 | ---- | M] () -- C:\Users\PBell\jagex_runescape_preferences.dat [2011.04.28 00:18:20 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 00:18:20 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.27 03:19:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.27 03:19:43 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2011.04.25 01:10:35 | 000,000,125 | ---- | M] () -- C:\Users\PBell\AppData\Roaming\RSBot_Accounts.ini [2011.04.23 13:47:42 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2011.04.23 13:47:42 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk [2011.04.23 13:46:37 | 007,069,064 | ---- | M] (IObit ) -- C:\Users\PBell\Desktop\gamebooster23.exe [2011.04.22 16:34:43 | 001,260,747 | ---- | M] () -- C:\Users\PBell\Desktop\RSBot-239.jar [2011.04.21 22:16:13 | 000,000,024 | ---- | M] () -- C:\Users\PBell\jagexappletviewer.preferences [2011.04.21 21:33:25 | 1429,406,634 | ---- | M] () -- C:\Users\PBell\Documents\Runescape pk vid 1(noobs)0048.avi [2011.04.15 03:29:04 | 000,470,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.15 03:02:02 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.15 03:02:02 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.15 03:02:02 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.15 03:02:02 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.15 03:02:01 | 001,518,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.10 17:58:04 | 000,002,227 | ---- | M] () -- C:\Users\PBell\Desktop\CrimeCraft.lnk [2011.04.09 12:53:38 | 000,211,483 | ---- | M] () -- C:\Users\PBell\Documents\ts3_clientui-win32-12815-2011-04-09 12_53_37.717276.dmp [2011.04.06 22:25:47 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.04.05 19:11:03 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.04 21:08:14 | 001,254,956 | ---- | M] () -- C:\Users\PBell\Desktop\ts3_recording_11_04_04_21_7_48.wav [2011.04.04 21:07:16 | 009,647,148 | ---- | M] () -- C:\Users\PBell\Desktop\ts3_recording_11_04_04_21_5_38.wav [2011.04.03 12:25:40 | 000,002,233 | ---- | M] () -- C:\Users\PBell\Desktop\Need For Speed World.lnk ========== Files Created - No Company Name ========== [2011.04.30 20:58:41 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.23 13:47:42 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2011.04.23 13:47:42 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster.lnk [2011.04.22 16:34:39 | 001,260,747 | ---- | C] () -- C:\Users\PBell\Desktop\RSBot-239.jar [2011.04.21 21:30:47 | 1429,406,634 | ---- | C] () -- C:\Users\PBell\Documents\Runescape pk vid 1(noobs)0048.avi [2011.04.10 17:58:04 | 000,002,227 | ---- | C] () -- C:\Users\PBell\Desktop\CrimeCraft.lnk [2011.04.09 12:53:37 | 000,211,483 | ---- | C] () -- C:\Users\PBell\Documents\ts3_clientui-win32-12815-2011-04-09 12_53_37.717276.dmp [2011.04.06 22:25:47 | 000,001,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.04.05 19:11:03 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.04 21:07:50 | 001,254,956 | ---- | C] () -- C:\Users\PBell\Desktop\ts3_recording_11_04_04_21_7_48.wav [2011.04.04 21:05:43 | 009,647,148 | ---- | C] () -- C:\Users\PBell\Desktop\ts3_recording_11_04_04_21_5_38.wav [2011.04.03 12:25:40 | 000,002,233 | ---- | C] () -- C:\Users\PBell\Desktop\Need For Speed World.lnk [2011.02.24 22:36:03 | 000,000,000 | ---- | C] () -- C:\Users\PBell\AppData\Roaming\chrtmp [2011.01.29 14:10:25 | 000,007,597 | ---- | C] () -- C:\Users\PBell\AppData\Local\Resmon.ResmonCfg [2010.12.12 02:02:01 | 000,000,050 | ---- | C] () -- C:\Users\PBell\AppData\Roaming\mBot.ini [2010.11.22 18:09:12 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll [2010.11.08 21:25:07 | 000,000,125 | ---- | C] () -- C:\Users\PBell\AppData\Roaming\RSBot_Accounts.ini [2010.11.01 16:18:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.01 16:15:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.01.24 00:35:45 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi [2010.01.19 04:32:11 | 000,028,672 | ---- | C] () -- C:\Windows\SNVerifyDLL.dll [2009.09.03 16:19:59 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.11.01 02:40:18 | 001,019,904 | ---- | C] () -- C:\Windows\SysWow64\HDX4MediaConverter2.dll [2008.10.20 00:28:04 | 000,272,896 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll [2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:4D066AD2 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B9176C0 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E1F04E8D @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AB689DEA @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:ABE89FFE @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:93DE1838 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:5D7E5A8F @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:1D32EC29 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E3C56885 < End of report > |
|
09.05.2011, 10:37
| #24 |
| | Java:Agent-EM (Expl) und mehr hilfe!!! ehmm macht das was aus wenn ich malebyte.. und OTL gleichzeitig scannen lasse oder darf man des nicht? |
|
09.05.2011, 13:25
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java:Agent-EM (Expl) und mehr hilfe!!! OtL braucht doch nicht lange! Warte ab bis OTL durch ist und dann Malwarebytes scannen lassen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.05.2011, 17:26
| #26 |
| | Java:Agent-EM (Expl) und mehr hilfe!!! jo lasse ich jetzt machen so habe mit GDATA internet security noch ma scannen lassen vollständig jetzt sagt er er hat nix gefunden.. Virenprüfung mit G Data AntiVirus Version 20.2.4.2 (20.04.2010) Virensignaturen vom Startzeit: 09.05.2011 14:29:43 Virensignaturen: Heuristik: Ein Archive: Ein Systembereiche: Ein RootKits prüfen: Ein Prüfung der Systembereiche... Prüfung auf RootKits... Prüfung aller lokalen Festplatten... Analyse vollständig durchgeführt: 09.05.2011 15:43:35 273409 Dateien überprüft 0 infizierte Dateien gefunden 0 verdächtige Dateien gefunden |
|
09.05.2011, 17:43
| #27 |
| | Java:Agent-EM (Expl) und mehr hilfe!!! hier quick scan OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 09.05.2011 18:27:59 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\PBell\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457,95 Gb Total Space | 317,89 Gb Free Space | 69,42% Space Free | Partition Type: NTFS Drive D: | 458,46 Gb Total Space | 320,11 Gb Free Space | 69,82% Space Free | Partition Type: NTFS Computer Name: PBELL-PC | User Name: PBell | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\PBell\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\IObit\Game Booster\gbtray.exe (IObit) PRC - C:\Users\PBell\Desktop\Steam\steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe (Acer Incorporated) PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Program Files (x86)\Packard Bell Photo Frame\ButtonMonitor.exe (IOI) PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Packard Bell\Software Suite SE\SEDevDetect.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) ========== Modules (SafeList) ========== MOD - C:\Users\PBell\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_3f211bc.dll () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG) SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) SRV - (AVKService) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AdobeActiveFileMonitor7.0) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G DATA Software AG) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G DATA Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software) DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (e1kexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV - (GRD) -- C:\Windows\SysWOW64\drivers\GRD.sys (G Data Software) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.622.0 FF - prefs.js..extensions.enabledItems: runtime@panda3d.org:1.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {563e4790-7e70-11da-a72b-0800200c9a66}:0.9d FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.08 03:16:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.08 03:16:46 | 000,000,000 | ---D | M] [2010.11.01 16:15:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PBell\AppData\Roaming\mozilla\Extensions [2011.05.09 08:57:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PBell\AppData\Roaming\mozilla\Firefox\Profiles\30zk41z0.default\extensions [2011.04.06 20:17:28 | 000,000,000 | ---D | M] (Vyprázdnit vyrovnávacÃ* paměť) -- C:\Users\PBell\AppData\Roaming\mozilla\Firefox\Profiles\30zk41z0.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66} [2011.04.07 18:54:09 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\PBell\AppData\Roaming\mozilla\Firefox\Profiles\30zk41z0.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.04.07 18:54:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\PBell\AppData\Roaming\mozilla\Firefox\Profiles\30zk41z0.default\extensions\engine@conduit.com [2010.11.22 13:14:09 | 000,000,000 | ---D | M] (Panda3D Game Engine Plug-In) -- C:\Users\PBell\AppData\Roaming\mozilla\Firefox\Profiles\30zk41z0.default\extensions\runtime@panda3d.org [2011.04.06 22:25:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.11.25 23:28:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.16 10:34:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.04 01:09:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2011.04.29 10:44:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.12.16 11:17:08 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [Packard Bell Photo Frame] C:\Program Files (x86)\Packard Bell Photo Frame\ButtonMonitor.exe (IOI) O4 - HKCU..\Run: [Software Suite SE] C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe (Acer Incorporated) O4 - HKCU..\Run: [Steam] C:\Users\PBell\Desktop\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe) - c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe () O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.08 03:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2011.05.08 03:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.05.08 03:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2011.05.08 03:16:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.05.08 03:15:29 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple [2011.05.08 03:15:17 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2011.05.08 03:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011.05.02 16:25:36 | 000,000,000 | ---D | C] -- C:\Users\PBell\Desktop\Neuer Ordner [2011.04.30 23:00:11 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\PBell\Desktop\OTL.exe [2011.04.30 20:59:05 | 000,000,000 | ---D | C] -- C:\Users\PBell\AppData\Roaming\Malwarebytes [2011.04.30 20:58:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.04.30 20:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.30 20:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.30 20:58:37 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.04.30 20:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.04.29 09:24:24 | 000,000,000 | ---D | C] -- C:\Users\PBell\Desktop\alle dokumente [2011.04.24 12:07:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2011.04.24 12:06:08 | 002,578,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2011.04.24 12:06:07 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2011.04.24 12:06:07 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2011.04.24 12:06:07 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2011.04.24 12:06:07 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2011.04.24 12:05:55 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2011.04.24 12:05:55 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2011.04.24 12:05:55 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2011.04.24 12:05:55 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2011.04.24 12:05:52 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2011.04.24 12:05:52 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2011.04.24 12:05:38 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2011.04.24 12:05:37 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2011.04.24 12:05:27 | 002,075,712 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2011.04.24 12:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2011.04.24 11:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2011.04.24 11:29:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2011.04.24 11:28:22 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.04.24 11:28:22 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.04.24 11:27:44 | 000,000,000 | ---D | C] -- C:\NVIDIA [2011.04.23 13:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster [2011.04.23 13:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2011.04.23 13:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2011.04.23 13:46:32 | 007,069,064 | ---- | C] (IObit ) -- C:\Users\PBell\Desktop\gamebooster23.exe [2011.04.10 17:58:03 | 000,000,000 | ---D | C] -- C:\Users\PBell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vogster Entertainment [2011.04.10 17:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vogster Entertainment [2011.04.10 17:43:47 | 000,000,000 | ---D | C] -- C:\Users\PBell\Desktop\Crimecraft [2009.09.03 16:13:01 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2011.05.09 18:26:40 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.09 18:26:40 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.09 18:19:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.09 17:32:13 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.09 14:29:24 | 000,000,129 | ---- | M] () -- C:\Users\PBell\jagex_runescape_preferences2.dat [2011.05.09 14:29:24 | 000,000,046 | ---- | M] () -- C:\Users\PBell\jagex_runescape_preferences.dat [2011.05.09 07:08:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.09 07:07:55 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2011.05.02 16:24:13 | 008,291,518 | ---- | M] () -- C:\Users\PBell\Desktop\SFBot_v2.0.1_win.zip [2011.04.30 23:00:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\PBell\Desktop\OTL.exe [2011.04.30 20:58:41 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.25 01:10:35 | 000,000,125 | ---- | M] () -- C:\Users\PBell\AppData\Roaming\RSBot_Accounts.ini [2011.04.23 13:47:42 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2011.04.23 13:47:42 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk [2011.04.23 13:46:37 | 007,069,064 | ---- | M] (IObit ) -- C:\Users\PBell\Desktop\gamebooster23.exe [2011.04.22 16:34:43 | 001,260,747 | ---- | M] () -- C:\Users\PBell\Desktop\RSBot-239.jar [2011.04.21 22:16:13 | 000,000,024 | ---- | M] () -- C:\Users\PBell\jagexappletviewer.preferences [2011.04.21 21:33:25 | 1429,406,634 | ---- | M] () -- C:\Users\PBell\Documents\Runescape pk vid 1(noobs)0048.avi [2011.04.15 03:29:04 | 000,470,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.15 03:02:02 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.15 03:02:02 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.15 03:02:02 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.15 03:02:02 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.15 03:02:01 | 001,518,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.10 17:58:04 | 000,002,227 | ---- | M] () -- C:\Users\PBell\Desktop\CrimeCraft.lnk ========== Files Created - No Company Name ========== [2011.05.02 16:24:08 | 008,291,518 | ---- | C] () -- C:\Users\PBell\Desktop\SFBot_v2.0.1_win.zip [2011.04.30 20:58:41 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.23 13:47:42 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2011.04.23 13:47:42 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster.lnk [2011.04.22 16:34:39 | 001,260,747 | ---- | C] () -- C:\Users\PBell\Desktop\RSBot-239.jar [2011.04.21 21:30:47 | 1429,406,634 | ---- | C] () -- C:\Users\PBell\Documents\Runescape pk vid 1(noobs)0048.avi [2011.04.10 17:58:04 | 000,002,227 | ---- | C] () -- C:\Users\PBell\Desktop\CrimeCraft.lnk [2011.02.24 22:36:03 | 000,000,000 | ---- | C] () -- C:\Users\PBell\AppData\Roaming\chrtmp [2011.01.29 14:10:25 | 000,007,597 | ---- | C] () -- C:\Users\PBell\AppData\Local\Resmon.ResmonCfg [2010.12.12 02:02:01 | 000,000,050 | ---- | C] () -- C:\Users\PBell\AppData\Roaming\mBot.ini [2010.11.22 18:09:12 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll [2010.11.08 21:25:07 | 000,000,125 | ---- | C] () -- C:\Users\PBell\AppData\Roaming\RSBot_Accounts.ini [2010.11.01 16:18:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.01 16:15:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.01.24 00:35:45 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi [2010.01.19 04:32:11 | 000,028,672 | ---- | C] () -- C:\Windows\SNVerifyDLL.dll [2009.09.03 16:19:59 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.11.01 02:40:18 | 001,019,904 | ---- | C] () -- C:\Windows\SysWow64\HDX4MediaConverter2.dll [2008.10.20 00:28:04 | 000,272,896 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll [2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys ========== LOP Check ========== [2011.03.28 19:10:36 | 000,000,000 | ---D | M] -- C:\Users\PBell\AppData\Roaming\DVDVideoSoftIEHelpers [2010.12.14 16:36:24 | 000,000,000 | ---D | M] -- C:\Users\PBell\AppData\Roaming\edxLabs [2010.11.03 22:52:16 | 000,000,000 | ---D | M] -- C:\Users\PBell\AppData\Roaming\MAGIX [2011.04.03 12:43:21 | 000,000,000 | ---D | M] -- C:\Users\PBell\AppData\Roaming\Need for Speed World [2011.04.07 18:35:35 | 000,000,000 | ---D | M] -- C:\Users\PBell\AppData\Roaming\Opera [2011.01.11 21:27:29 | 000,000,000 | ---D | M] -- C:\Users\PBell\AppData\Roaming\PC Suite [2011.03.04 16:27:04 | 000,000,000 | ---D | M] -- C:\Users\PBell\AppData\Roaming\PlayFirst [2011.01.11 21:33:46 | 000,000,000 | ---D | M] -- C:\Users\PBell\AppData\Roaming\Samsung [2011.01.19 12:18:13 | 000,000,000 | ---D | M] -- C:\Users\PBell\AppData\Roaming\SFBot [2011.01.29 00:15:14 | 000,000,000 | ---D | M] -- C:\Users\PBell\AppData\Roaming\TS3Client [2011.02.23 15:18:49 | 000,000,000 | ---D | M] -- C:\Users\PBell\AppData\Roaming\Unity [2011.04.02 13:03:25 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:4D066AD2 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B9176C0 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E1F04E8D @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AB689DEA @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:ABE89FFE @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:93DE1838 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:5D7E5A8F @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:1D32EC29 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E3C56885 < End of report > |
|
09.05.2011, 19:07
| #28 |
| | Java:Agent-EM (Expl) und mehr hilfe!!! hier vollscan mit malebyte.. Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6539 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 09.05.2011 19:58:36 mbam-log-2011-05-09 (19-58-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 437040 Laufzeit: 1 Stunde(n), 12 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
09.05.2011, 19:08
| #29 |
| | Java:Agent-EM (Expl) und mehr hilfe!!! ist jetzt alles ok oder wie siehs du das ^^ |
|
09.05.2011, 19:30
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java:Agent-EM (Expl) und mehr hilfe!!! GDATA IS ist eine schlimme Systembremse, von der ich nur abraten kann. Ich musst du wissen, was du verwenden willst. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2009.09.03 16:13:01 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:93DE1838
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:1D32EC29
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E3C56885
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Java:Agent-EM (Expl) und mehr hilfe!!! |
| 2 infizierte dateien, appdata, backup, befinden, board, brauch, cache, data, dateien, durchgeführt, einfach, festplatte, files, hilfe!, hilfe!!, infizierte, infizierte dateien, java, lokale, platte, posten, protokoll, prüfen, prüfung, signaturen, trojaner, trojaner board |
Textbox.
.
Linear-Darstellung
