![]() |
|
Plagegeister aller Art und deren Bekämpfung: Gvu Trojaner mit webcamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() Gvu Trojaner mit webcam Hallo ich habe mir jetzt schon einige sachen durchgelesen aber bei mir war das etwas anders. Bei mir hat sich auch dieser Bildschirm einfach geöffnet mit GVU usw dann habe ich den laptop sofort aus gemacht und wieder gestatet er ist ganz normal hochgefahren und ich konnte mich auch normal anmelden mein Viren Programm hat dann den file fastor_ot.exe in Qurantäne gestzt wo ich es dann rausgelöscht habe nun kam nur am Anfang des systemstart die fehlermeldung von rundll32 das er den trojaner nicht ausführen kann denn link habe ich aus dem systemstart gelöscht und auch aus dem papierkorb. Der pc funktioniert eigentlich einwandfrei auch der taskmanger lässt sich öffnen. Wie soll ich jetzt vorgehen damit ich mir sicher sein kann dass alles weg ist. Vielen Dannk für die Hilfe im voraus lg chrisooo Habe jetzt einen Quick Scan mit Malwarebytes Antimalware gemacht hat aber nichts gefunden hier der log: Malwarebytes Anti-Malware (Test) 1.62.0.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.07.15.07 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Christian :: CHRISTIAN-PC [Administrator] Schutz: Aktiviert 15.07.2012 12:27:24 mbam-log-2012-07-15 (12-27-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 234151 Laufzeit: 4 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Hier noch der vollständige Scan Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.15.07 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Christian :: CHRISTIAN-PC [Administrator] Schutz: Aktiviert 15.07.2012 13:21:37 mbam-log-2012-07-15 (13-21-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 447169 Laufzeit: 1 Stunde(n), 23 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files (x86)\EA GAMES\MOHAA\Ereg MOHAAB\go_ez.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) werden jetzt mal einen Scan mit OTL machen Poste dann die Logs hier. Hier die OTL logs:OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.07.2012 15:29:56 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\*******\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 56,16% Memory free 7,73 Gb Paging File | 5,77 Gb Available in Paging File | 74,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 224,87 Gb Total Space | 135,25 Gb Free Space | 60,14% Space Free | Partition Type: NTFS Drive D: | 225,17 Gb Total Space | 81,10 Gb Free Space | 36,02% Space Free | Partition Type: NTFS Drive E: | 6,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: User-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe (Panda Security, S.L.) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe (Panda Security, S.L.) PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe (Panda Security, S.L.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe (Panda Security, S.L.) PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE (Panda Security, S.L.) PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\WebProxy.exe (Panda Security, S.L.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Firewall\PSHOST.EXE (Panda Security International) PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe (Panda Security, S.L.) PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe (Panda Security S.L.) PRC - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () MOD - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\MiniCrypto.dll () MOD - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\libxml2.dll () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (TPSrv) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\TPSrvWow.exe (Panda Security, S.L.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (PAVFNSVR) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe (Panda Security, S.L.) SRV - (PskSvcRetail) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe (Panda Security, S.L.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (PAVSRV) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe (Panda Security, S.L.) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (PSHost) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Firewall\PSHOST.EXE (Panda Security International) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (Panda Software Controller) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe (Panda Security, S.L.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (PSIMSVC) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe (Panda Security S.L.) SRV - (PavPrSrv) -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.) ========== Driver Services (SafeList) ========== DRV:64bit: - (Prot6Flt) -- C:\Windows\SysNative\drivers\prot6flt.sys (Panda Security, S.L.) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (APPFLT) -- C:\Windows\SysNative\drivers\APPFLT64.SYS (Panda Security, S.L.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (IDSFLT) -- C:\Windows\SysNative\drivers\idsflt64.sys (Panda Security, S.L.) DRV:64bit: - (NETIMFLT01060044) -- C:\Windows\SysNative\drivers\n64i1644.sys (Panda Security, S.L.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (AmFSM) -- C:\Windows\SysNative\drivers\amm6460.sys (Panda Security, S.L.) DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (ShldFlt) -- C:\Windows\SysNative\drivers\ShldFlt.sys (Panda Security, S.L.) DRV:64bit: - (WNMFLT) -- C:\Windows\SysNative\drivers\wnmflt64.sys (Panda Security, S.L.) DRV:64bit: - (NETFLTDI) -- C:\Windows\SysNative\drivers\NETTDI64.SYS (Panda Security, S.L.) DRV:64bit: - (DSAFLT) -- C:\Windows\SysNative\drivers\dsaflt64.sys (Panda Security, S.L.) DRV:64bit: - (FNETMON) -- C:\Windows\SysNative\drivers\fnetm64.sys (Panda Security, S.L.) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {E86F2EB7-81E0-46C2-8B2F-D32A301EC0E7} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{E86F2EB7-81E0-46C2-8B2F-D32A301EC0E7}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (ICQ Sparberater) - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe (Microsoft) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APVXDWIN] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE (Panda Security, S.L.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft) O4 - HKLM..\Run: [SCANINICIO] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Inicio.exe (Panda Security, S.L.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7AC2531-F5BB-45EF-A06B-95915CEFAC7F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\gopher - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\avldr: DllName - (avldr64.dll) - C:\Windows\SysNative\avldr64.dll (On-Access Anti-Malware Scanner Sync) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.08.24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2011.09.07 03:00:07 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ] O32 - AutoRun File - [2011.09.07 02:08:12 | 000,032,783 | R--- | M] () - E:\Autorun.ico -- [ UDF ] O32 - AutoRun File - [2011.09.07 03:00:07 | 000,000,132 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{18160f9c-0ddc-11e0-b576-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{18160f9c-0ddc-11e0-b576-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.08.24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts) O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.08.24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.15 15:17:09 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012.07.15 13:34:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.07.15 13:32:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.07.15 12:23:51 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes [2012.07.15 12:23:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.15 12:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.15 12:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.15 12:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.14 20:41:25 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\ElevatedDiagnostics [2012.07.11 17:32:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.11 17:32:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.11 17:32:25 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 17:32:20 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.11 17:32:18 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.06.19 16:58:11 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.19 16:58:11 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.19 16:58:11 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.19 16:57:49 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.19 16:57:49 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.19 16:57:49 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.19 16:57:34 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.19 16:57:34 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.15 16:52:45 | 000,030,720 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\prot6flt.sys [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.15 15:17:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012.07.15 15:09:21 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.15 15:09:21 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.15 15:09:21 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.15 15:09:21 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.15 15:09:21 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.15 15:08:43 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.15 15:08:43 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.15 15:07:32 | 000,359,336 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT.bck [2012.07.15 15:07:32 | 000,359,336 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT [2012.07.15 15:06:19 | 000,303,044 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.rls.bck [2012.07.15 15:06:19 | 000,303,044 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.rls [2012.07.15 15:06:19 | 000,001,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG.bck [2012.07.15 15:06:19 | 000,001,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG [2012.07.15 15:06:19 | 000,000,252 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\IdsFlt.cfg.bck [2012.07.15 15:06:19 | 000,000,252 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\IdsFlt.cfg [2012.07.15 15:06:19 | 000,000,128 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetLoc.wlt.bck [2012.07.15 15:06:19 | 000,000,128 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetLoc.wlt [2012.07.15 15:06:19 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetFlt.cfg.bck [2012.07.15 15:06:19 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetFlt.cfg [2012.07.15 15:06:19 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\WnmFlt.cfg.bck [2012.07.15 15:06:19 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\WnmFlt.cfg [2012.07.15 15:06:19 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.cfg.bck [2012.07.15 15:06:19 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.cfg [2012.07.15 15:02:28 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAR.wlt.bck [2012.07.15 15:02:28 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAR.wlt [2012.07.15 15:02:26 | 000,000,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg.bck [2012.07.15 15:02:26 | 000,000,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg [2012.07.15 15:02:04 | 000,030,720 | ---- | M] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\prot6flt.sys [2012.07.15 15:01:47 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.15 15:01:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.15 15:01:25 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys [2012.07.15 13:49:29 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll [2012.07.15 13:49:28 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll [2012.07.15 12:23:36 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.14 19:06:00 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad [2012.07.14 17:17:29 | 000,008,627 | ---- | M] () -- C:\Windows\SysWow64\PAV_FOG.OPC [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.24 22:21:10 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Medal of Honor Allied Assault(tm) Breakthrough.lnk [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.15 12:23:36 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.14 19:05:36 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad [2012.06.24 22:21:10 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Medal of Honor Allied Assault(tm) Breakthrough.lnk [2012.05.12 17:50:01 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat [2012.04.24 20:23:30 | 000,000,019 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\urhtps.dat [2012.01.11 19:15:09 | 000,000,714 | ---- | C] () -- C:\Windows\wininit.ini [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.02.15 21:17:09 | 000,007,605 | ---- | C] () -- C:\Users\Christian\AppData\Local\resmon.resmoncfg [2011.01.08 17:57:42 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.01.08 17:57:41 | 002,793,768 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.01.08 17:57:41 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.01.06 21:01:30 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.12.22 16:47:11 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010.12.22 16:47:11 | 000,191,688 | ---- | C] () -- C:\Windows\flicker.dll [2010.12.22 16:47:11 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe [2010.12.22 16:47:11 | 000,011,976 | ---- | C] () -- C:\Windows\setpwlin.exe [2010.12.22 16:47:11 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini [2010.12.22 16:47:11 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini [2010.10.14 15:06:09 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.10.14 14:54:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2011.01.12 19:32:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\gnupg [2012.07.13 00:16:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICQ [2012.04.11 23:51:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\kock [2011.01.18 21:17:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Leadertech [2012.05.13 16:21:25 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Origin [2011.11.07 18:58:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Panda Security [2012.04.14 17:24:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\UAs [2012.04.14 17:24:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\xmldm [2012.07.02 17:25:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2 < End of report > und Extra: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.07.2012 15:29:56 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\********\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 56,16% Memory free 7,73 Gb Paging File | 5,77 Gb Available in Paging File | 74,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 224,87 Gb Total Space | 135,25 Gb Free Space | 60,14% Space Free | Partition Type: NTFS Drive D: | 225,17 Gb Total Space | 81,10 Gb Free Space | 36,02% Space Free | Partition Type: NTFS Drive E: | 6,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: User | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* .jse [@ = JSEFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* .vbe [@ = VBEFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* .vbs [@ = VBSFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* .wsf [@ = WSFFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* .wsh [@ = WSHFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* .jse [@ = JSEFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* .vbe [@ = VBEFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* .vbs [@ = VBSFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* .wsf [@ = WSFFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* .wsh [@ = WSHFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* jsefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* vbsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* wsffile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* wshfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) jsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* jsefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* vbsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* wsffile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* wshfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{14B13C06-03D3-44D9-834D-EBE577F2D7FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{23950EF3-C6FD-491B-B34D-A607446793F2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{28CD8638-158B-47F5-9BBB-D60786CAD55A}" = rport=10243 | protocol=6 | dir=out | app=system | "{418E0614-2546-415F-9ABF-DA63ED867CF7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5639E67D-043A-4DE0-B8EE-0EE444D8E078}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{599DBC14-899A-4302-8FED-75304EF08F7C}" = lport=2869 | protocol=6 | dir=in | app=system | "{5B52D658-E40A-4CBB-989C-110C2E84C950}" = lport=2869 | protocol=6 | dir=in | app=system | "{5E472CCB-450A-4DB3-876D-6953291E43CE}" = rport=445 | protocol=6 | dir=out | app=system | "{668B3CE8-621F-4F03-B2D3-DA4C9B6E3CA6}" = rport=139 | protocol=6 | dir=out | app=system | "{6A885B28-6F11-460F-B3EA-AC9E183A1064}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{79F561AF-9036-42AD-B9A6-2576F3B67D1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7A71AFC6-2BBE-4E06-8E7D-1098EDA525E8}" = lport=10243 | protocol=6 | dir=in | app=system | "{A0722194-6C87-4508-B7F0-ADFE85243636}" = lport=445 | protocol=6 | dir=in | app=system | "{A25BA46E-2394-48B6-903D-B1DF42C7ECFA}" = lport=138 | protocol=17 | dir=in | app=system | "{A59F2B67-78CA-4605-8168-67E4774A908A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AA3DBC46-15EA-47C0-B97F-3397222D8B0E}" = rport=138 | protocol=17 | dir=out | app=system | "{AA6BA5B2-57A5-4037-83F4-8612EAF93876}" = lport=139 | protocol=6 | dir=in | app=system | "{B1C41BE1-D753-403E-AD3F-F5F045CE4D78}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BEDFA6D4-D68D-45C3-B270-41CEA5452A22}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{D848D894-41B5-4B5A-98F5-4A8788334E30}" = lport=137 | protocol=17 | dir=in | app=system | "{ED8C2ECC-5F01-47A6-8407-6A738E277331}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F0B464B2-4741-4A5E-9E46-38660757E751}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FD5BBF46-A4D8-4700-9BD7-92F3D2168F7A}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{010C0D03-CC62-44DD-8EDC-927585842A1D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{07E52735-28DD-4FAB-A36F-034BA0E72448}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{0B8268B5-0684-4E49-8729-1FD25771641A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0DF21496-B53B-4D9E-98D4-14936F53CFA8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{0FF7DB57-9AED-4566-9C96-3EAB13DF41C1}" = protocol=6 | dir=out | app=system | "{2E7FA9A8-143E-4367-9898-DE2CE43933DA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{2FC4DD60-2860-4727-9183-3A6412528CA5}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | "{313D4455-F822-4345-8DDE-C4671063822C}" = protocol=6 | dir=in | app=e:\setup.exe | "{3611F864-CEC6-41CB-A195-420CA096A79E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{3861DEDA-F38D-4F65-ABEC-65C6E1B5A40C}" = protocol=17 | dir=in | app=d:\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | "{3CBC5568-8760-4CF7-9984-CA827DBF1AB6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{3F123A8F-D529-4752-9226-424232EF8029}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{402953C2-8A4C-4C96-94EA-99BE823F574E}" = protocol=17 | dir=in | app=c:\program files (x86)\sega\vancouver 2010\vancouver.exe | "{44818AD3-8EEF-45EA-97A5-4A1DEC983966}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{454CC71A-1E27-4391-9309-2640243FC98A}" = protocol=17 | dir=in | app=c:\program files (x86)\sega\beijing 2008\beijing.exe | "{47456820-E292-45CA-88AA-59E572FFB673}" = protocol=6 | dir=in | app=c:\program files (x86)\sega\vancouver 2010\vancouver.exe | "{47A3542B-975F-4E53-BA4D-DA9C32EEE70E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4C025ADC-A3D1-499B-BAAE-AD78E68D060D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4EC1F63C-C641-4B9B-9E8A-088FE5E150C4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{4ED3F5AD-529D-4976-B894-2556A51EBBE0}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe | "{55F3A055-700E-429F-A19B-0890E4139E72}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{57829BC9-CDAF-4DEF-8D33-C6AB71D1B137}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5A26B24E-722A-4C4B-849E-65D0E3B42FAE}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe | "{5A4EBAC7-B19C-47E6-ACA3-D7E7A0A5B90B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5C084B5F-F095-42A5-BAD3-5710C13E9B07}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe | "{5EA97168-492E-406C-8170-6F04B30D3DBF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{607EE90A-EE33-4DAC-B987-4104447FB6DA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{69FB89BE-556D-492E-A337-781E592859B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{731FDB8A-CBFA-49DD-AC36-AF9EA2947A46}" = protocol=6 | dir=in | app=c:\program files (x86)\sega\beijing 2008\beijing.exe | "{73F56A97-CE5E-44BD-81D7-3CD67480E890}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{76956DDE-7BBD-40F7-AF5F-9035CB2D0BE7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{77A8FE17-67CD-40E8-BA4D-1C08538E53CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{84749039-0F02-4C9B-B0B6-FDF1937780D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8DBC06A7-3DA4-402C-9601-D18711C2691B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{91D144BA-1F4D-466F-9C7A-B18E856512E0}" = protocol=6 | dir=in | app=c:\program files (x86)\disney interactive studios\split second\splitsecond.exe | "{920E050A-9871-4378-82A1-9F17FEFE8E81}" = protocol=6 | dir=in | app=d:\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe | "{941B1499-8746-41CB-A0EF-7057C8150BD9}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | "{99CD20E2-CBD9-4C30-9228-32B758B7CE3C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{A33D7A55-5778-4DEE-8F89-DE178DB579C2}" = protocol=17 | dir=in | app=c:\program files (x86)\disney interactive studios\split second\splitsecond.exe | "{A58D47B2-5838-42D3-A777-ED0ED1075107}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{A5B0EB2F-BAD0-4343-AD2E-ECF58459CF4E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{A781A30B-096A-4845-9C8A-46E7EBC41603}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B414F930-0E3A-4B9B-B5F6-C70326F07A1D}" = protocol=6 | dir=in | app=d:\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | "{C4E391A7-D049-48D0-85EB-F2B42A98A237}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{CADF98B9-03EB-4E7C-8125-D3374762775C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CCFA504E-5478-4E53-9426-25EA8336A8E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D27CC0B4-B8EE-4A43-9423-4A6C643E1026}" = protocol=17 | dir=in | app=d:\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe | "{DA5A3189-81F6-4B03-879D-4E22E681E3D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E789E1FC-0D58-4F79-B010-22816E9345C4}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe | "{E83D5B92-A1F1-4A15-A0ED-1AAA7998A8FA}" = protocol=17 | dir=in | app=e:\setup.exe | "{E94232C5-1893-42CA-8BF1-7D2CE621B928}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{EF54295B-159A-4FF1-A2CD-13A3B07DF053}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{EF93E8C6-31F7-4C04-83B5-5F82D2BE1071}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{F048331F-1FE7-4B6D-88B5-35E772275340}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{F764F956-DF20-486C-85C8-401F1DB488C8}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{F91CD423-637D-4D23-A361-F98B9DA85BEA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{41996910-9B77-4705-B3F3-43F2756932BC}C:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe | "TCP Query User{4DD916BC-ABF3-4D96-BC7F-A6F631B730B4}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{12B81A30-6776-44A8-9FB2-60125926650A}C:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe | "UDP Query User{BAEC7764-01ED-471D-907D-87BFBDBF7D1C}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09 "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{28526951-55EF-4901-A0CA-B9AC966D1DD1}" = Split/Second "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3538DD8F-A0CF-4CB9-8B38-0963CAA509EA}" = Panda Antivirus Pro 2012 "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe "{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console "{5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24}" = ICQ Sparberater "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}" = Medal of Honor Allied Assault(tm) Breakthrough "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1" = Panda Secure Vault 5 "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C58BEC6C-D968-4FE3-8DD6-9FDC4278657B}" = Panda Antivirus Pro 2012 "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2012 "{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12 "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "CrashTime" = Cobra 11 - Crash Time (remove only) "FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12 "GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011 "ICQToolbar" = ICQ Toolbar "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "OpenAL" = OpenAL "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 29.06.2012 13:52:05 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 01.07.2012 17:24:34 | Computer Name = Christian-PC | Source = Windows Backup | ID = 4100 Description = Error - 03.07.2012 17:14:27 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 03.07.2012 17:14:32 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe" in Zeile 1. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 04.07.2012 13:16:22 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 04.07.2012 13:16:24 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe" in Zeile 1. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 04.07.2012 13:17:55 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 08.07.2012 06:37:43 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 08.07.2012 06:37:48 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe" in Zeile 1. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 08.07.2012 06:39:17 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. [ Media Center Events ] Error - 27.02.2011 14:35:23 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = 19:35:22 - Fehler beim Herstellen der Internetverbindung. 19:35:22 - Serververbindung konnte nicht hergestellt werden.. Error - 27.02.2011 15:35:28 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = 20:35:28 - Fehler beim Herstellen der Internetverbindung. 20:35:28 - Serververbindung konnte nicht hergestellt werden.. Error - 27.02.2011 15:35:34 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = 20:35:33 - Fehler beim Herstellen der Internetverbindung. 20:35:33 - Serververbindung konnte nicht hergestellt werden.. Error - 27.02.2011 16:35:39 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = 21:35:39 - Fehler beim Herstellen der Internetverbindung. 21:35:39 - Serververbindung konnte nicht hergestellt werden.. Error - 27.02.2011 16:35:45 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = 21:35:44 - Fehler beim Herstellen der Internetverbindung. 21:35:44 - Serververbindung konnte nicht hergestellt werden.. Error - 28.02.2011 15:48:23 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = 20:48:23 - Fehler beim Herstellen der Internetverbindung. 20:48:23 - Serververbindung konnte nicht hergestellt werden.. Error - 28.02.2011 15:48:39 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = 20:48:28 - Fehler beim Herstellen der Internetverbindung. 20:48:28 - Serververbindung konnte nicht hergestellt werden.. Error - 08.03.2011 14:44:54 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = 19:44:53 - Fehler beim Herstellen der Internetverbindung. 19:44:53 - Serververbindung konnte nicht hergestellt werden.. Error - 08.03.2011 14:45:01 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = 19:44:59 - Fehler beim Herstellen der Internetverbindung. 19:44:59 - Serververbindung konnte nicht hergestellt werden.. Error - 08.03.2011 15:47:14 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = 20:47:13 - Fehler beim Herstellen der Internetverbindung. 20:47:13 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 14.07.2012 14:31:03 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Panda TPSrv" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 14.07.2012 14:34:42 | Computer Name = Christian-PC | Source = bowser | ID = 8003 Description = Error - 14.07.2012 19:46:34 | Computer Name = Christian-PC | Source = bowser | ID = 8003 Description = Error - 15.07.2012 06:26:01 | Computer Name = Christian-PC | Source = bowser | ID = 8003 Description = Error - 15.07.2012 06:29:41 | Computer Name = Christian-PC | Source = bowser | ID = 8003 Description = Error - 15.07.2012 06:33:20 | Computer Name = Christian-PC | Source = bowser | ID = 8003 Description = Error - 15.07.2012 06:55:29 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Panda TPSrv" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 15.07.2012 07:01:24 | Computer Name = Christian-PC | Source = bowser | ID = 8003 Description = Error - 15.07.2012 07:31:34 | Computer Name = Christian-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932) Error - 15.07.2012 09:02:22 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Panda TPSrv" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. < End of report > wie soll ich nun weiter vorgehen ? lg |
Themen zu Gvu Trojaner mit webcam |
alternate, anmelden, bildschirm, dll, einfach, fehlermeldung, file, funktioniert, heuristiks/extra, heuristiks/shuriken, install.exe, konnte, laptop, launch, link, locker, melde, melden, mywinlocker, plug-in, pmmupdate.exe, programm, richtlinie, rundll, rundll32, sache, sachen, searchscopes, sofort, systems, systemstart, trojaner, usb 2.0, viren, vorgehen, webcam |