Problem beim starten eines Prozesses (evtl. Trojaner, etc.)

Oronwe · 01.08.2010, 10:22

Hallo zusammen,

Ich habe seit einiger Zeit (2 Monate) ein Problem mit dem Starten eines Prozesses (PunkbusterB-Service). Zweck dieses Service ist es, Punkbuster-überwachten Servern beizutreten (in meinem Fall bei dem Spiel Bad Company 2).

Nun ist es aber so, das ich zufällig von unterschiedlichen Servern gekickt werde, da der Service nicht gefunden wurde.

Ich besitze weder Cheat/Hack oder sonstige Programme, die Version des SPiels ist Original und auch ansonsten scheint mein System recht sauber zu sein.

Nachdem ich Rücksprache mit dem Support des Punkbuster-Services gehalten habe, und deren Lösungsvorschläge bei dxdiag.txt schon ausgeschöpft waren,
wurde mir kurzum gesagt, das es sich wahrscheinlich um einen Trojaner handle.

OS. WIndows 7 (64bit)

Schritte, die ich or dem Thread gemacht hatte:
-CCleaner (Reg/Dateien)
-SpybotSD (1 Problem gefunden, nicht mehr aufgetreten danach)
-Avira Antivir Suchlauf (kein Befund)

Schritte nach der Registrierung, vor Öffnen des Threads.

-CCleaner (keine Fehler in der Reg)

MBAM-LOG:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4376

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01.08.2010 10:53:22
mbam-log-2010-08-01 (10-53-22).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 131773
Laufzeit: 2 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL -TXT :

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.08.2010 10:55:49 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Dizzy\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 91,33 Gb Free Space | 39,22% Space Free | Partition Type: NTFS
Drive D: | 153,38 Gb Total Space | 153,27 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive E: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MAINS
Current User Name: Dizzy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\SysWow64\PrintDisp.exe File not found
PRC - C:\Windows\SysWow64\PrintCtrl.exe File not found
PRC - C:\Users\Dizzy\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Dizzy\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Logitech\SetPoint\x86\GameHook.dll (Logitech, Inc.)
MOD - C:\Programme\Logitech\SetPoint\x86\lgscroll.dll (Logitech, Inc.)
MOD - C:\Windows\SysWOW64\wpdshext.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\srvcli.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\slc.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\EhStorShell.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (Printer Control) -- C:\Windows\SysNative\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (WEBNTACCESS) -- C:\Windows\SysNative\NTACCESS.SYS File not found
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (LVUVC64) Logitech Webcam 250(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (WEBNTACCESS) -- C:\Windows\SysWOW64\Ntaccess.sys (Your Corporation)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F 44 56 28 2B F5 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {E4091D66-127C-11DB-903A-DE80D2EFDFE8}:1.6.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7
FF - prefs.js..extensions.enabledItems: tabscroll@mthamil:20100626
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.24 09:54:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.24 09:54:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.03.17 10:56:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.02.28 20:18:43 | 000,000,000 | ---D | M]
 
[2009.10.29 12:22:39 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\mozilla\Extensions
[2010.08.01 09:49:19 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\mozilla\Firefox\Profiles\jiekbg54.default\extensions
[2010.04.13 20:08:56 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Dizzy\AppData\Roaming\mozilla\Firefox\Profiles\jiekbg54.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2010.07.22 08:46:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dizzy\AppData\Roaming\mozilla\Firefox\Profiles\jiekbg54.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.29 22:42:20 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Dizzy\AppData\Roaming\mozilla\Firefox\Profiles\jiekbg54.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.05.27 08:49:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dizzy\AppData\Roaming\mozilla\Firefox\Profiles\jiekbg54.default\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
[2009.10.29 12:24:22 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\mozilla\Firefox\Profiles\jiekbg54.default\extensions\anycolor.pavlos256@gmail.com
[2010.04.17 14:23:28 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\mozilla\Firefox\Profiles\jiekbg54.default\extensions\firegestures@xuldev.org
[2010.07.01 12:29:54 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\mozilla\Firefox\Profiles\jiekbg54.default\extensions\tabscroll@mthamil
[2010.08.01 09:49:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.02.25 18:08:05 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.19 09:18:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll
[2010.03.16 12:43:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.16 12:43:10 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.16 12:43:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.16 12:43:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.16 12:43:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.28 23:25:09 | 000,415,700 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14347 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PrintDisp] C:\Windows\SysNative\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATICDE.EXE File not found
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Dizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 08:21:09 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010.01.31 10:21:13 | 000,367,686 | R--- | M] () - E:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 04:55:03 | 009,965,568 | R--- | M] () - E:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 04:54:55 | 000,000,155 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{198c4d4f-c221-11de-b138-00040ecc8efb}\Shell - "" = AutoRun
O33 - MountPoints2\{198c4d4f-c221-11de-b138-00040ecc8efb}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{38da3731-c20a-11de-80ad-0024211dabfd}\Shell - "" = AutoRun
O33 - MountPoints2\{38da3731-c20a-11de-80ad-0024211dabfd}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
O33 - MountPoints2\{85f41f1d-c209-11de-ad50-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{85f41f1d-c209-11de-ad50-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.01 10:50:21 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\AppData\Roaming\Malwarebytes
[2010.08.01 10:50:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.08.01 10:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.01 10:50:13 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.08.01 10:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.07.31 09:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.07.29 18:25:59 | 000,000,000 | ---D | C] -- C:\Games
[2010.07.29 18:24:43 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\Desktop\LoL Stand
[2010.07.28 23:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.07.28 23:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.07.27 19:53:47 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\AppData\Local\76561197964233719
[2010.07.27 19:53:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010.07.26 13:08:11 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\Desktop\Gamunex
[2010.07.26 11:21:28 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\Documents\BFBC2
[2010.07.26 09:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2010.07.26 09:48:51 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\Desktop\Gamunex C4D Mail
[2010.07.12 23:02:17 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\Documents\Wizards of the Coast
[2010.07.12 12:40:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010.07.12 12:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2010.07.10 09:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\KingsIsle Entertainment
[2010.07.08 13:04:57 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\AppData\Roaming\Wizards of the Coast
[2010.07.08 13:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wizards of the Coast
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.01 10:56:13 | 006,553,600 | -HS- | M] () -- C:\Users\Dizzy\NTUSER.DAT
[2010.08.01 10:50:17 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.01 10:46:49 | 000,001,040 | ---- | M] () -- C:\Users\Dizzy\Desktop\CCleaner.lnk
[2010.08.01 10:44:42 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.01 10:44:42 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.01 10:41:43 | 001,501,000 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.01 10:41:43 | 000,654,096 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.01 10:41:43 | 000,615,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.01 10:41:43 | 000,130,952 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.01 10:41:43 | 000,107,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.01 10:38:07 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.01 10:37:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.01 10:37:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010.08.01 10:37:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.01 10:37:22 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.01 10:36:20 | 012,238,064 | -H-- | M] () -- C:\Users\Dizzy\AppData\Local\IconCache.db
[2010.08.01 10:36:00 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.08.01 10:34:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.01 10:31:32 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.07.29 18:27:28 | 000,001,726 | ---- | M] () -- C:\Users\Dizzy\Desktop\Start League of Legends.lnk
[2010.07.28 23:25:09 | 000,415,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.07.28 23:04:59 | 000,001,291 | ---- | M] () -- C:\Users\Dizzy\Desktop\Spybot - Search & Destroy.lnk
[2010.07.28 19:41:04 | 000,794,408 | ---- | M] () -- C:\Windows\SysWow64\pbsvc(3).exe
[2010.07.28 19:41:04 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.07.28 07:07:24 | 000,000,221 | ---- | M] () -- C:\Users\Dizzy\Desktop\Disciples III Renaissance - Demo.url
[2010.07.27 19:53:03 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.07.27 19:53:03 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.07.27 19:53:02 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.07.27 19:53:02 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.07.27 08:39:43 | 000,012,798 | ---- | M] () -- C:\Users\Dizzy\Desktop\pbgame.htm
[2010.07.26 13:16:26 | 000,000,080 | ---- | M] () -- C:\Users\Dizzy\Desktop\pbuser.htm
[2010.07.26 10:21:38 | 000,794,408 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.07.26 10:19:11 | 000,794,408 | ---- | M] () -- C:\Windows\SysWow64\pbsvc(2).exe
[2010.07.26 10:15:10 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.07.13 16:39:25 | 000,038,729 | ---- | M] () -- C:\Users\Dizzy\Desktop\1-af18aa73243cb6a8191b58e896f89e94.jpg
[2010.07.11 01:53:10 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.07.10 09:44:41 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Play Wizard101.lnk
[2010.07.10 09:26:21 | 000,035,432 | ---- | M] () -- C:\Users\Dizzy\Documents\cc_20100710_092616.reg
[2010.07.09 13:20:18 | 222,713,280 | ---- | M] () -- C:\Users\Dizzy\Documents\reg_backup.reg
[2010.07.08 13:06:29 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\BattleForge™.lnk
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.01 10:50:17 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.31 10:37:03 | 000,218,808 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.07.29 18:27:28 | 000,001,726 | ---- | C] () -- C:\Users\Dizzy\Desktop\Start League of Legends.lnk
[2010.07.28 23:04:59 | 000,001,291 | ---- | C] () -- C:\Users\Dizzy\Desktop\Spybot - Search & Destroy.lnk
[2010.07.28 19:41:04 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.07.28 19:40:40 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc(3).exe
[2010.07.27 20:12:46 | 000,000,221 | ---- | C] () -- C:\Users\Dizzy\Desktop\Disciples III Renaissance - Demo.url
[2010.07.26 13:16:26 | 000,000,080 | ---- | C] () -- C:\Users\Dizzy\Desktop\pbuser.htm
[2010.07.26 13:16:14 | 000,012,798 | ---- | C] () -- C:\Users\Dizzy\Desktop\pbgame.htm
[2010.07.26 10:21:38 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.07.26 10:19:11 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc(2).exe
[2010.07.13 16:39:24 | 000,038,729 | ---- | C] () -- C:\Users\Dizzy\Desktop\1-af18aa73243cb6a8191b58e896f89e94.jpg
[2010.07.11 01:53:10 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.07.10 09:44:41 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Play Wizard101.lnk
[2010.07.10 09:26:19 | 000,035,432 | ---- | C] () -- C:\Users\Dizzy\Documents\cc_20100710_092616.reg
[2010.07.09 13:20:07 | 222,713,280 | ---- | C] () -- C:\Users\Dizzy\Documents\reg_backup.reg
[2010.07.08 13:06:29 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\BattleForge™.lnk
[2010.06.02 11:15:01 | 001,391,616 | ---- | C] () -- C:\Windows\SysWow64\ActPDF.dll
[2010.05.14 21:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010.05.14 21:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.02.26 07:59:16 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009.11.12 00:52:25 | 001,526,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.02.01 09:18:14 | 000,009,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\FlashSys.sys
 
========== LOP Check ==========
 
[2010.03.10 10:55:37 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\EveHQ
[2010.03.06 14:04:41 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\EVEMon
[2010.06.20 10:13:26 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\Facebook
[2010.03.20 02:20:20 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\GetRightToGo
[2009.10.26 11:59:42 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\Leadertech
[2010.05.12 16:22:20 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\LolClient
[2009.10.26 12:34:52 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.06.02 11:28:21 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\ooVoo Details
[2009.10.26 12:02:04 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\Thunderbird
[2010.02.07 22:43:24 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\TS3Client
[2010.03.20 10:41:03 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\Turbine
[2009.10.26 15:20:29 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\Ubisoft
[2010.07.08 13:08:55 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\Wizards of the Coast
[2010.05.13 08:10:37 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

Extras-TXT :

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 01.08.2010 10:55:49 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Dizzy\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 91,33 Gb Free Space | 39,22% Space Free | Partition Type: NTFS
Drive D: | 153,38 Gb Total Space | 153,27 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive E: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MAINS
Current User Name: Dizzy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Rebus\Rebus Manager\RebusManager.exe" = C:\Rebus\Rebus Manager\RebusManager.exe:*:Enabled:RebusManager -- File not found
"C:\Rebus\Rebus Manager\RebusManager.exe" = C:\Rebus\Rebus Manager\RebusManager.exe:*:Enabled:RebusManager -- File not found
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{48A25E19-D9AE-4BBE-9411-6F4C5D328B39}" = Skype™ Beta 5.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000B8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95C5F81D-0779-4932-BE83-32AAF814F4B9}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ACE LoL Client" = League of Legends - ACE Client by Matricus
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.42
"League of Legends_is1" = League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"SpeedFan" = SpeedFan (remove only)
"Steam App 15620" = WarhammerÂ® 40,000â„¢: Dawn of WarÂ® II
"Steam App 23310" = The Last Remnant
"Steam App 49400" = Magic: The Gathering - Duels of the Planeswalkers
"Steam App 57610" = Disciples III: Renaissance - Demo
"Steam App 630" = Alien Swarm
"Steam App 640" = Alien Swarm - SDK
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VLC media player" = VLC media player 1.0.2
"WinRAR archiver" = WinRAR
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

So ...mehr hab ich leider nicht. Wie schon oben erwähnt, ich bin etwas ratlos bezüglich des Problems, da ich seit 2 Monaten keinen einzigen Ratschlag bekam, der mir weiterhalf, letzte Hoffnung seit Ihr nun....

freue mich über jede Antwort, Danke im Voraus

Larusso · 01.08.2010, 10:56

War klar das wenn es Problem ist, es immer gleich ein Trojaner ist.

Ich hab hierzu mal folgenden Post gefunden
PunksBusted.com > Pnkbstra.exe Pnkbstrb.exe

Ich sehe nämlich auch in den Logfiles den service nicht geschweige denn eine Datei.

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2

Doppelklick auf die SystemLook.exe, um das Tool zu starten.
Vista-User mit Rechtsklick und als Administrator starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:filefind
PnkBstrB*
:regfind
PnkBstrB
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Oronwe · 01.08.2010, 11:29

jipieh...

also die seite punkbusted knnte ich noch garnich....hab mich direkt an evenbalance gewandt... hier das LOG:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 12:26 on 01/08/2010 by Dizzy (Administrator - Elevation successful)

========== filefind ==========

Searching for "PnkBstrB*"
C:\Users\Dizzy\AppData\Local\PunkBuster\BC2\pb\PnkBstrB.exe --a--- 218808 bytes [16:58 14/06/2010] [08:31 01/08/2010] 70AE060AB277961835E0CE7CF7C9D689
C:\Windows\Prefetch\PNKBSTRB.EXE-5A939BCA.pf --a--- 92480 bytes [17:41 28/07/2010] [08:31 01/08/2010] 8BF458DD832B6C6E73894E4A73712536
C:\Windows\System32\LogFiles\PunkBuster\PnkBstrB.log --a--- 5649 bytes [17:41 28/07/2010] [08:31 01/08/2010] FCEC383560CFD048A3B834590432A215
C:\Windows\System32\PnkBstrB.exe --a--- 218808 bytes [08:37 31/07/2010] [08:31 01/08/2010] 70AE060AB277961835E0CE7CF7C9D689
C:\Windows\System32\PnkBstrB.xtr --a--- 218808 bytes [16:58 14/06/2010] [08:36 01/08/2010] 70AE060AB277961835E0CE7CF7C9D689
C:\Windows\SysWOW64\PnkBstrB.exe --a--- 218808 bytes [08:37 31/07/2010] [08:31 01/08/2010] 70AE060AB277961835E0CE7CF7C9D689
C:\Windows\SysWOW64\PnkBstrB.xtr --a--- 218808 bytes [16:58 14/06/2010] [08:36 01/08/2010] 70AE060AB277961835E0CE7CF7C9D689

========== regfind ==========

Searching for "PnkBstrB"
No data found.

-=End Of File=-

Larusso · 01.08.2010, 11:40

Okay, prozess ist da. Der Treiber dafür fehlt aber auch.
Kannst DU mal PunkBuster Services deinstallieren und neu installieren ?

Software mit Revo Uninstaller deinstallieren

Downloade Dir bitte den Revo Uninstaller

Doppelklick auf die revosetup.exe.
Installiere das Tool in den vorgegebenen Pfad.
Doppelklick auf das Revo Uninstall Icon.
Suche Dir nun folgende Software aus der Code-Box.
Code:
ATTFilter
```
PunkBuster Services
         
```
Klicke darauf und bestätige mit Ja.
Belasse die Einstellung der Deinstallationsroutine auf Moderat und klicke auf weiter.
Das Tool wird nun nach allen Einträgen auf dem Rechner suchen. Klick auf weiter
Klick auf den Markiere alle Button und klick auf löschen und bestätige mit Ja.

Bebilderte Anleitung

Oronwe · 01.08.2010, 12:00

so...habs wie beschrieben deinstalliert und nun via pbsetup/add game...neu installier tun auch ein update drüber laufen lassen.

ich teste jetzt nochmal, auf einen server, den ich mir unter favoriten gespeichert habe, von dem ich jedoch immer runtergeworfen wurde, mich dort einzuloggen.

Danke für die HIlfe...mal sehn was jetzt passiert.

So nebenbei ist mir eben noch ein kleiner Fehler aufgefallen, der mir gar nicht in den Sinn kam: Manchmal, wenn ich versuche eine Datei herunterzuladen, wie eben über den Revo Uninstaller Link, verweigert mir Windows7 diese Datei in egal welchem ordner, abzuspeichern, nach einem Neustart ist das problem dann temporär behoben.

Hat das evtl. auch was damit zu tun? Oder ist das eine andere Baustelle (Administratorkonto hab ich, jedoch kommt er mir beim fehlgeschlagenen herunterladen mit "keine Zugriffsrechte...")

Cheers...

Oronwe · 01.08.2010, 12:02

Edit:

Das log sieht jetzt so aus :

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 13:01 on 01/08/2010 by Dizzy (Administrator - Elevation successful)

========== filefind ==========

Searching for "PnkBstrB*"
C:\Users\Dizzy\AppData\Local\PunkBuster\BC2\pb\PnkBstrB.exe --a--- 218808 bytes [10:38 01/08/2010] [10:40 01/08/2010] 70AE060AB277961835E0CE7CF7C9D689
C:\Windows\Prefetch\PNKBSTRB.EXE-5A939BCA.pf --a--- 37238 bytes [10:37 01/08/2010] [11:01 01/08/2010] 5877E5FFD24A13DC7887745F4DA45C1E
C:\Windows\System32\LogFiles\PunkBuster\PnkBstrB.log --a--- 198 bytes [11:01 01/08/2010] [11:01 01/08/2010] CE50C24FC5F0085127E4C7845BE64C1A
C:\Windows\System32\PnkBstrB.exe --a--- 111928 bytes [11:01 01/08/2010] [11:01 01/08/2010] 13F068305D0D1BDB781D8433E364378F
C:\Windows\System32\PnkBstrB.xtr --a--- 218808 bytes [16:58 14/06/2010] [10:42 01/08/2010] 70AE060AB277961835E0CE7CF7C9D689
C:\Windows\SysWOW64\PnkBstrB.exe --a--- 111928 bytes [11:01 01/08/2010] [11:01 01/08/2010] 13F068305D0D1BDB781D8433E364378F
C:\Windows\SysWOW64\PnkBstrB.xtr --a--- 218808 bytes [16:58 14/06/2010] [10:42 01/08/2010] 70AE060AB277961835E0CE7CF7C9D689

========== regfind ==========

Searching for "PnkBstrB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Even Balance\PnkBstrB]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PnkBstrB]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PnkBstrB]
"ImagePath"="C:\Windows\system32\PnkBstrB.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PnkBstrB]
"ImagePath"="C:\Windows\system32\PnkBstrB.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PnkBstrB]
"ImagePath"="C:\Windows\system32\PnkBstrB.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PnkBstrB]
"ImagePath"="C:\Windows\system32\PnkBstrB.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PnkBstrB]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PnkBstrB]
"ImagePath"="C:\Windows\system32\PnkBstrB.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PnkBstrB]
"ImagePath"="C:\Windows\system32\PnkBstrB.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PnkBstrB]
"ImagePath"="C:\Windows\system32\PnkBstrB.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PnkBstrB]
"ImagePath"="C:\Windows\system32\PnkBstrB.exe"

-=End Of File=-

Edit: Sorry für den zweiten Post...sollte eigtl. in dne letzten rein:

Also stand der Dinge :

-noch immer Cummunication failure, ....Handshaking procedure failed with server...

Larusso · 01.08.2010, 12:47

Starte bitte Systemlook erneut.

Code:

ATTFilter

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PnkBstrB]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PnkBstrA]

Oronwe · 01.08.2010, 13:11

hier das LOG:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 14:10 on 01/08/2010 by Dizzy (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PnkBstrB]
"Description"="PunkBuster Service Component [v2.220 BC2] hxxp://www.evenbalance.com"
"DisplayName"="PnkBstrB"
"ErrorControl"= 0x0000000001 (1)
"ImagePath"="C:\Windows\system32\PnkBstrB.exe"
"ObjectName"="LocalSystem"
"Start"= 0x0000000002 (2)
"Type"= 0x0000000010 (16)
"WOW64"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PnkBstrA]
"Description"="PunkBuster Service Component [v1032] hxxp://www.evenbalance.com"
"DisplayName"="PnkBstrA"
"ErrorControl"= 0x0000000001 (1)
"ImagePath"="C:\Windows\system32\PnkBstrA.exe"
"ObjectName"="LocalSystem"
"Start"= 0x0000000002 (2)
"Type"= 0x0000000010 (16)
"WOW64"= 0x0000000001 (1)

-=End Of File=-

Larusso · 01.08.2010, 14:01

Sieht auch OK aus

Starte bitte OTL.exe und klicke auf den Quick Scan Button.

Oronwe · 01.08.2010, 14:18

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.08.2010 15:05:58 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Dizzy\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 37,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 92,62 Gb Free Space | 39,77% Space Free | Partition Type: NTFS
Drive D: | 153,38 Gb Total Space | 153,27 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive E: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MAINS
Current User Name: Dizzy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\SysWow64\PrintDisp.exe File not found
PRC - C:\Windows\SysWow64\PrintCtrl.exe File not found
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Users\Dizzy\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Games\League of Legends\game\League of Legends.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Games\League of Legends\air\LolClient.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Games\League of Legends\lol.launcher.exe (Solid State Networks)
PRC - C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)
PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Users\Dizzy\AppData\Local\Temp\Rar$EX00.869\pbsetup.exe ()
PRC - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Dizzy\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Logitech\SetPoint\x86\GameHook.dll (Logitech, Inc.)
MOD - C:\Programme\Logitech\SetPoint\x86\lgscroll.dll (Logitech, Inc.)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (Printer Control) -- C:\Windows\SysNative\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (WEBNTACCESS) -- C:\Windows\SysNative\NTACCESS.SYS File not found
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (LVUVC64) Logitech Webcam 250(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (WEBNTACCESS) -- C:\Windows\SysWOW64\Ntaccess.sys (Your Corporation)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F 44 56 28 2B F5 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {E4091D66-127C-11DB-903A-DE80D2EFDFE8}:1.6.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7
FF - prefs.js..extensions.enabledItems: tabscroll@mthamil:20100626
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.24 09:54:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.24 09:54:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.03.17 10:56:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.02.28 20:18:43 | 000,000,000 | ---D | M]
 
[2009.10.29 12:22:39 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\mozilla\Extensions
[2010.08.01 09:49:19 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\mozilla\Firefox\Profiles\jiekbg54.default\extensions
[2010.04.13 20:08:56 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Dizzy\AppData\Roaming\mozilla\Firefox\Profiles\jiekbg54.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2010.07.22 08:46:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dizzy\AppData\Roaming\mozilla\Firefox\Profiles\jiekbg54.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.29 22:42:20 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Dizzy\AppData\Roaming\mozilla\Firefox\Profiles\jiekbg54.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.05.27 08:49:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dizzy\AppData\Roaming\mozilla\Firefox\Profiles\jiekbg54.default\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
[2009.10.29 12:24:22 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\mozilla\Firefox\Profiles\jiekbg54.default\extensions\anycolor.pavlos256@gmail.com
[2010.04.17 14:23:28 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\mozilla\Firefox\Profiles\jiekbg54.default\extensions\firegestures@xuldev.org
[2010.07.01 12:29:54 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\mozilla\Firefox\Profiles\jiekbg54.default\extensions\tabscroll@mthamil
[2010.08.01 09:49:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.02.25 18:08:05 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.19 09:18:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll
[2010.03.16 12:43:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.16 12:43:10 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.16 12:43:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.16 12:43:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.16 12:43:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.28 23:25:09 | 000,415,700 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14347 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PrintDisp] C:\Windows\SysNative\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATICDE.EXE File not found
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Dizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 [2010.05.05 09:43:35 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 [2010.05.05 09:43:35 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2010.05.05 09:43:35 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2010.05.05 09:43:35 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2010.05.05 09:43:35 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010.05.05 09:43:35 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010.05.05 09:43:35 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1 [2010.05.05 09:43:35 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2010.05.05 09:43:35 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 [2010.06.25 09:30:02 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 08:21:09 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010.01.31 10:21:13 | 000,367,686 | R--- | M] () - E:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 04:55:03 | 009,965,568 | R--- | M] () - E:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 04:54:55 | 000,000,155 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{198c4d4f-c221-11de-b138-00040ecc8efb}\Shell - "" = AutoRun
O33 - MountPoints2\{198c4d4f-c221-11de-b138-00040ecc8efb}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{38da3731-c20a-11de-80ad-0024211dabfd}\Shell - "" = AutoRun
O33 - MountPoints2\{38da3731-c20a-11de-80ad-0024211dabfd}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
O33 - MountPoints2\{85f41f1d-c209-11de-ad50-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{85f41f1d-c209-11de-ad50-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.01 12:51:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2010.08.01 12:38:46 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\AppData\Local\PunkBuster
[2010.08.01 10:50:21 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\AppData\Roaming\Malwarebytes
[2010.08.01 10:50:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.08.01 10:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.01 10:50:13 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.08.01 10:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.07.31 09:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.07.29 18:25:59 | 000,000,000 | ---D | C] -- C:\Games
[2010.07.29 18:24:43 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\Desktop\LoL Stand
[2010.07.28 23:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.07.28 23:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.07.27 19:53:47 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\AppData\Local\76561197964233719
[2010.07.27 19:53:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010.07.26 13:08:11 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\Desktop\Gamunex
[2010.07.26 11:21:28 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\Documents\BFBC2
[2010.07.26 09:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2010.07.26 09:48:51 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\Desktop\Gamunex C4D Mail
[2010.07.12 23:02:17 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\Documents\Wizards of the Coast
[2010.07.12 12:40:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010.07.12 12:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2010.07.10 09:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\KingsIsle Entertainment
[2010.07.08 13:04:57 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\AppData\Roaming\Wizards of the Coast
[2010.07.08 13:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wizards of the Coast
[2010.06.26 12:46:47 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\AppData\Local\Ascaron Entertainment
[2010.06.26 12:45:08 | 000,000,000 | ---D | C] -- C:\Windows\506DDFBE983F4BC384B865F423B2D798.TMP
[2010.06.26 11:30:52 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.06.26 11:30:52 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.06.26 11:30:52 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.06.26 11:30:52 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.06.26 11:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ascaron Entertainment
[2010.06.26 11:00:05 | 000,000,000 | ---D | C] -- C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
[2010.06.26 10:57:11 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\Desktop\S2
[2010.06.23 16:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2010.06.23 15:32:26 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\RebusManagerProjects
[2010.06.23 15:27:43 | 000,000,000 | ---D | C] -- C:\Rebus
[2010.06.20 10:13:26 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\AppData\Roaming\Facebook
[2010.06.10 12:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Firefly Studios
[2010.06.10 11:59:46 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\Documents\Stronghold 2
[2010.06.10 11:59:34 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.06.10 11:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefly Studios
[2010.06.04 12:43:51 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\Documents\SightSpeed Recordings
[2010.06.04 12:37:17 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\AppData\Local\LogiShrd
[2010.06.04 12:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2010.06.02 15:55:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010.06.02 11:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.06.02 11:26:28 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\AppData\Roaming\ooVoo Details
[2010.06.02 11:26:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo
[2010.06.02 11:15:12 | 000,897,024 | ---- | C] (ActMask hxxp://www.all2pdf.com) -- C:\Windows\SysWow64\SaveTo.dll
[2010.06.02 11:15:01 | 002,535,424 | ---- | C] (DynaForms GmbH) -- C:\Windows\SysWow64\CPDF.dll
[2010.06.02 11:15:01 | 000,883,200 | ---- | C] (ActMask Co.,Ltd - hxxp://www.all2pdf.com) -- C:\Windows\SysNative\PrintDisp.exe
[2010.06.02 11:15:01 | 000,065,536 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\Windows\SysNative\PrintCtrl.exe
[2010.06.02 11:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2010.06.02 11:14:56 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ActPrint
[2010.06.02 11:14:54 | 001,170,944 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\Windows\SysNative\PrtClient.exe
[2010.06.02 11:14:54 | 000,826,880 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\Windows\SysNative\SetupDrv.exe
[2010.06.02 11:14:54 | 000,740,864 | ---- | C] (ActMask - hxxp://www.all2pdf.com) -- C:\Windows\SysNative\PrtTools.exe
[2010.06.02 11:14:54 | 000,375,808 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\Windows\SysNative\SetPrinter.exe
[2010.06.02 11:14:51 | 000,000,000 | ---D | C] -- C:\Programme\iVisit
[2010.06.02 02:21:24 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\Desktop\Dantherm
[2010.05.20 11:47:12 | 000,000,000 | ---D | C] -- C:\Riot Games
[2010.05.20 11:25:24 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\AppData\Local\PMB Files
[2010.05.20 11:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010.05.17 11:38:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010.05.12 16:22:20 | 000,000,000 | ---D | C] -- C:\Users\Dizzy\AppData\Roaming\LolClient
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.01 15:07:14 | 006,553,600 | -HS- | M] () -- C:\Users\Dizzy\NTUSER.DAT
[2010.08.01 14:34:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.01 13:17:48 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.08.01 13:03:04 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.08.01 13:01:03 | 000,794,408 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.08.01 13:01:03 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.08.01 12:53:35 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.01 12:53:35 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.01 12:52:17 | 001,501,000 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.01 12:52:17 | 000,654,096 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.01 12:52:17 | 000,615,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.01 12:52:17 | 000,130,952 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.01 12:52:17 | 000,107,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.01 12:51:08 | 000,001,297 | ---- | M] () -- C:\Users\Dizzy\Desktop\Revo Uninstaller.lnk
[2010.08.01 12:47:42 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.01 12:46:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.01 12:46:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010.08.01 12:46:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.01 12:46:13 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.01 12:45:07 | 012,240,916 | -H-- | M] () -- C:\Users\Dizzy\AppData\Local\IconCache.db
[2010.08.01 12:25:10 | 000,100,908 | ---- | M] () -- C:\Users\Dizzy\Desktop\SystemLook.exe
[2010.08.01 10:50:17 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.01 10:46:49 | 000,001,040 | ---- | M] () -- C:\Users\Dizzy\Desktop\CCleaner.lnk
[2010.07.29 18:27:28 | 000,001,726 | ---- | M] () -- C:\Users\Dizzy\Desktop\Start League of Legends.lnk
[2010.07.28 23:25:09 | 000,415,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.07.28 23:04:59 | 000,001,291 | ---- | M] () -- C:\Users\Dizzy\Desktop\Spybot - Search & Destroy.lnk
[2010.07.28 07:07:24 | 000,000,221 | ---- | M] () -- C:\Users\Dizzy\Desktop\Disciples III Renaissance - Demo.url
[2010.07.27 19:53:03 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.07.27 19:53:03 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.07.27 19:53:02 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.07.27 19:53:02 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.07.13 16:39:25 | 000,038,729 | ---- | M] () -- C:\Users\Dizzy\Desktop\1-af18aa73243cb6a8191b58e896f89e94.jpg
[2010.07.11 01:53:10 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.07.10 09:44:41 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Play Wizard101.lnk
[2010.07.10 09:26:21 | 000,035,432 | ---- | M] () -- C:\Users\Dizzy\Documents\cc_20100710_092616.reg
[2010.07.09 13:20:18 | 222,713,280 | ---- | M] () -- C:\Users\Dizzy\Documents\reg_backup.reg
[2010.07.08 13:06:29 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\BattleForge™.lnk
[2010.06.26 21:45:40 | 002,875,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.26 12:59:39 | 000,059,000 | ---- | M] () -- C:\Users\Dizzy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.23 16:39:33 | 000,001,040 | ---- | M] () -- C:\Users\Dizzy\Desktop\SpeedFan.lnk
[2010.06.23 16:39:33 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010.06.12 20:59:40 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Vid.lnk
[2010.06.10 11:59:34 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.05.31 19:10:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.05.14 21:56:06 | 010,830,680 | ---- | M] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010.05.14 21:56:06 | 010,830,680 | ---- | M] () -- C:\Windows\SysNative\LogiDPP.dll
[2010.05.14 21:56:06 | 000,102,744 | ---- | M] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010.05.14 21:56:06 | 000,102,744 | ---- | M] () -- C:\Windows\SysNative\LogiDPPApp.exe
[2010.05.14 21:55:58 | 000,290,648 | ---- | M] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010.05.14 21:55:58 | 000,290,648 | ---- | M] () -- C:\Windows\SysNative\DevManagerCore.dll
[2010.05.14 21:47:38 | 000,266,828 | ---- | M] () -- C:\Windows\SysNative\drivers\LVAFT.cfg
[2010.05.12 09:58:39 | 000,000,460 | ---- | M] () -- C:\Users\Dizzy\Documents\cc_20100512_095834.reg
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.01 13:16:49 | 000,218,808 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.08.01 13:13:20 | 000,846,336 | ---- | C] () -- C:\Users\Dizzy\Desktop\pbsetup.exe
[2010.08.01 13:01:03 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.08.01 12:51:08 | 000,001,297 | ---- | C] () -- C:\Users\Dizzy\Desktop\Revo Uninstaller.lnk
[2010.08.01 12:36:36 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.08.01 12:25:10 | 000,100,908 | ---- | C] () -- C:\Users\Dizzy\Desktop\SystemLook.exe
[2010.08.01 10:50:17 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.29 18:27:28 | 000,001,726 | ---- | C] () -- C:\Users\Dizzy\Desktop\Start League of Legends.lnk
[2010.07.28 23:04:59 | 000,001,291 | ---- | C] () -- C:\Users\Dizzy\Desktop\Spybot - Search & Destroy.lnk
[2010.07.27 20:12:46 | 000,000,221 | ---- | C] () -- C:\Users\Dizzy\Desktop\Disciples III Renaissance - Demo.url
[2010.07.13 16:39:24 | 000,038,729 | ---- | C] () -- C:\Users\Dizzy\Desktop\1-af18aa73243cb6a8191b58e896f89e94.jpg
[2010.07.11 01:53:10 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.07.10 09:44:41 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Play Wizard101.lnk
[2010.07.10 09:26:19 | 000,035,432 | ---- | C] () -- C:\Users\Dizzy\Documents\cc_20100710_092616.reg
[2010.07.09 13:20:07 | 222,713,280 | ---- | C] () -- C:\Users\Dizzy\Documents\reg_backup.reg
[2010.07.08 13:06:29 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\BattleForge™.lnk
[2010.06.23 16:39:33 | 000,001,040 | ---- | C] () -- C:\Users\Dizzy\Desktop\SpeedFan.lnk
[2010.06.23 16:39:32 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010.06.14 18:58:53 | 000,218,808 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.06.04 12:34:43 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid.lnk
[2010.06.04 12:33:42 | 000,082,289 | ---- | C] () -- C:\Windows\SysNative\lvcoin64.ini
[2010.06.04 12:33:42 | 000,034,068 | ---- | C] () -- C:\Windows\SysNative\Repository.reg
[2010.06.04 12:32:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010.06.02 11:15:01 | 001,391,616 | ---- | C] () -- C:\Windows\SysWow64\ActPDF.dll
[2010.06.02 11:14:55 | 000,524,288 | ---- | C] () -- C:\Windows\SysNative\PrtPass.exe
[2010.06.02 11:14:54 | 000,691,200 | ---- | C] () -- C:\Windows\SysNative\PrintLog.exe
[2010.05.31 19:10:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.05.14 21:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010.05.14 21:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\SysNative\LogiDPP.dll
[2010.05.14 21:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010.05.14 21:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\SysNative\LogiDPPApp.exe
[2010.05.14 21:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010.05.14 21:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\SysNative\DevManagerCore.dll
[2010.05.14 21:47:38 | 000,266,828 | ---- | C] () -- C:\Windows\SysNative\drivers\LVAFT.cfg
[2010.05.12 09:58:37 | 000,000,460 | ---- | C] () -- C:\Users\Dizzy\Documents\cc_20100512_095834.reg
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.02.26 07:59:16 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009.11.12 00:52:25 | 001,526,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.02.01 09:18:14 | 000,009,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\FlashSys.sys
 
========== LOP Check ==========
 
[2009.10.26 14:40:09 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\DAEMON Tools Lite
[2010.03.10 10:55:37 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\EveHQ
[2010.03.06 14:04:41 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\EVEMon
[2010.06.20 10:13:26 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\Facebook
[2010.03.20 02:20:20 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\GetRightToGo
[2009.10.26 11:59:42 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\Leadertech
[2010.05.12 16:22:20 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\LolClient
[2009.10.26 12:34:52 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009.11.12 00:50:12 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\MAXON
[2010.06.02 11:28:21 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\ooVoo Details
[2009.10.26 12:02:04 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\Thunderbird
[2009.12.08 17:03:10 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\Tropico 3
[2010.02.07 22:43:24 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\TS3Client
[2010.03.20 10:41:03 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\Turbine
[2009.10.26 15:20:29 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\Ubisoft
[2010.07.08 13:08:55 | 000,000,000 | ---D | M] -- C:\Users\Dizzy\AppData\Roaming\Wizards of the Coast
[2010.05.13 08:10:37 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

Edit, habs eben nochmal probiert....zumindest 1 server, von dem ich gekickt wurde, hats diesmal nich gemacht...ich test gleich den nächsten aus. danke.

Larusso · 01.08.2010, 15:07

Kurze zwischenfrage.

Hast du PPSVC mit Rechtsklick "als Admin starten" installiert ?
Ist auch in einem Admin Konto zu tun.

Hier noch was zu lesen http://www.bf-games.net/forum/index.php?showtopic=45431

Oronwe · 01.08.2010, 15:14

hmm....ich glaub nicht..habs aber jetzt gemacht....
ich les mir das grad mal alles durch..aber wie gesagt..bis jetzt gehts...

Update: Wieder nicht, es ist zum verzweifeln....ich veruschs nochmal mit dem Removal, dann einfach jeweils reinstall,update jewiels beides mit Admin... *seufz*

Update 2 : Auch diesmal isses wieder nicht funktional, wenigstens hab ich jetzt einen Server gefunden bei dem ich auf jeden Fall gekickt werde, falls es nicht geht.
Bin echt am verzweifeln mit diesem 3rd-party-programm.

Oronwe · 01.08.2010, 16:07

der neueste Systemlook:

-erste Eingabe :

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:05 on 01/08/2010 by Dizzy (Administrator - Elevation successful)

========== filefind ==========

Searching for "PnkBstrB*"
C:\Windows\Prefetch\PNKBSTRB.EXE-5A939BCA.pf --a--- 24428 bytes [10:37 01/08/2010] [15:05 01/08/2010] 8861F0BCC6CC831CD8FE2AA6F650C22F
C:\Windows\System32\LogFiles\PunkBuster\PnkBstrB.log --a--- 198 bytes [15:05 01/08/2010] [15:05 01/08/2010] F287931A0FC810D226F57F21A024C9A4
C:\Windows\System32\PnkBstrB.exe --a--- 111928 bytes [15:04 01/08/2010] [15:05 01/08/2010] 13F068305D0D1BDB781D8433E364378F
C:\Windows\System32\PnkBstrB.xtr --a--- 218808 bytes [16:58 14/06/2010] [15:01 01/08/2010] 70AE060AB277961835E0CE7CF7C9D689
C:\Windows\SysWOW64\PnkBstrB.exe --a--- 111928 bytes [15:04 01/08/2010] [15:05 01/08/2010] 13F068305D0D1BDB781D8433E364378F
C:\Windows\SysWOW64\PnkBstrB.xtr --a--- 218808 bytes [16:58 14/06/2010] [15:01 01/08/2010] 70AE060AB277961835E0CE7CF7C9D689

========== regfind ==========

Searching for "PnkBstrB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Even Balance\PnkBstrB]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PnkBstrB]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PnkBstrB]
"ImagePath"="C:\Windows\system32\PnkBstrB.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PnkBstrB]
"ImagePath"="C:\Windows\system32\PnkBstrB.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PnkBstrB]
"ImagePath"="C:\Windows\system32\PnkBstrB.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PnkBstrB]
"ImagePath"="C:\Windows\system32\PnkBstrB.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PnkBstrB]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PnkBstrB]
"ImagePath"="C:\Windows\system32\PnkBstrB.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PnkBstrB]
"ImagePath"="C:\Windows\system32\PnkBstrB.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PnkBstrB]
"ImagePath"="C:\Windows\system32\PnkBstrB.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PnkBstrB]
"ImagePath"="C:\Windows\system32\PnkBstrB.exe"

-=End Of File=-

zweite eingabe:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:07 on 01/08/2010 by Dizzy (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PnkBstrB]
"Description"="PunkBuster Service Component [v2.110 BF1942] hxxp://www.evenbalance.com"
"DisplayName"="PnkBstrB"
"ErrorControl"= 0x0000000001 (1)
"ImagePath"="C:\Windows\system32\PnkBstrB.exe"
"ObjectName"="LocalSystem"
"Start"= 0x0000000002 (2)
"Type"= 0x0000000010 (16)
"WOW64"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PnkBstrA]
"Description"="PunkBuster Service Component [v1032] hxxp://www.evenbalance.com"
"DisplayName"="PnkBstrA"
"ErrorControl"= 0x0000000001 (1)
"ImagePath"="C:\Windows\system32\PnkBstrA.exe"
"ObjectName"="LocalSystem"
"Start"= 0x0000000002 (2)
"Type"= 0x0000000010 (16)
"WOW64"= 0x0000000001 (1)

-=End Of File=-

Larusso · 01.08.2010, 16:12

Kannst einmal wirklich nur Probeweise deine AntiViren Software sowie firewall abstellen ?
Entweder das oder da hats was mit dem Server.

Oronwe · 01.08.2010, 16:27

Avira Antivir und die Windows Firewall hab ich beide beim testen immer ausgemacht, um das vornherein auszuschliessen.

In der Firewall an sich sind aber eh Einträge für PB drin, von daher...

01.08.2010, 14:01	#9
Larusso /// Selecta Jahrusso	Problem beim starten eines Prozesses (evtl. Trojaner, etc.) Sieht auch OK aus Starte bitte OTL.exe und klicke auf den Quick Scan Button. __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

Problem beim starten eines Prozesses (evtl. Trojaner, etc.)

Plagegeister aller Art und deren Bekämpfung: Problem beim starten eines Prozesses (evtl. Trojaner, etc.)