OTL Logfile: Code:
OTL logfile created on: 29.07.2012 21:46:40 - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = E:\
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,98 Gb Available Physical Memory | 85,04% Memory free
7,00 Gb Paging File | 6,55 Gb Available in Paging File | 93,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 240,19 Gb Free Space | 80,58% Space Free | Partition Type: NTFS
Drive D: | 213,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 1,88 Gb Total Space | 1,78 Gb Free Space | 94,35% Space Free | Partition Type: FAT
Computer Name: ATROX1000-PC | User Name: atrox1000 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ekrn) -- C:\Programme\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.362.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.362.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (PanService) -- C:\Programme\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WSWNA3100) -- C:\Programme\NETGEAR\WNA3100\WifiSvc.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (epfw) -- C:\Windows\System32\drivers\epfw.sys (ESET)
DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (epfwwfp) -- C:\Windows\System32\drivers\epfwwfp.sys (ESET)
DRV - (EpfwLWF) -- C:\Windows\System32\drivers\EpfwLWF.sys (ESET)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (BCMH43XX) -- C:\Windows\System32\drivers\bcmwlhigh6.sys (Broadcom Corporation)
DRV - (SCMNdisP) -- C:\Windows\System32\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfir.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F 86 B7 6D 0C 47 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfir.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9470DC73-0F69-466A-8235-D959CFD720A9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=PTV&o=15184&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=RY&apn_dtid=YYYYYYYYDE&apn_uid=01D69FA4-166D-4FB9-8E33-FE437D1B89E5&apn_sauid=12D8CF0E-AC2C-49D3-8417-91F88CBEE58F
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6R8vVEotnr&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "XfireXO Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2304157&SearchSource=13"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&apn_uid=01D69FA4-166D-4FB9-8E33-FE437D1B89E5&apn_ptnrs=RY&apn_sauid=12D8CF0E-AC2C-49D3-8417-91F88CBEE58F&apn_dtid=YYYYYYYYDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.06.14 03:54:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.29 19:58:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.06.13 14:09:11 | 000,000,000 | ---D | M]
[2012.06.14 01:54:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\atrox1000\AppData\Roaming\mozilla\Extensions
[2012.07.16 10:01:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\atrox1000\AppData\Roaming\mozilla\Firefox\Profiles\59jwfqsu.default\extensions
[2012.07.16 10:01:44 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\atrox1000\AppData\Roaming\mozilla\Firefox\Profiles\59jwfqsu.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2012.06.14 03:54:08 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\atrox1000\AppData\Roaming\mozilla\Firefox\Profiles\59jwfqsu.default\extensions\ffxtlbr@incredibar.com
[2012.06.24 14:52:10 | 000,000,000 | ---D | M] ("KMPlayer Toolbar") -- C:\Users\atrox1000\AppData\Roaming\mozilla\Firefox\Profiles\59jwfqsu.default\extensions\toolbar@ask.com
[2012.07.28 12:48:30 | 000,002,572 | ---- | M] () -- C:\Users\atrox1000\AppData\Roaming\Mozilla\Firefox\Profiles\59jwfqsu.default\searchplugins\askcom.xml
[2012.06.30 14:49:18 | 000,000,917 | ---- | M] () -- C:\Users\atrox1000\AppData\Roaming\Mozilla\Firefox\Profiles\59jwfqsu.default\searchplugins\conduit.xml
[2012.06.14 03:53:55 | 000,002,203 | ---- | M] () -- C:\Users\atrox1000\AppData\Roaming\Mozilla\Firefox\Profiles\59jwfqsu.default\searchplugins\MyStart Search.xml
[2012.06.14 01:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.14 03:54:02 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012.07.29 19:58:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = hxxp://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR - homepage: Google
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKCU..\Run: [RpcPing] C:\Users\atrox1000\AppData\Local\Microsoft\Windows\2795\RpcPing.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\atrox1000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Programme\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2060B2A2-F787-429B-8962-57F3428FF4DD}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.07.07 12:09:24 | 000,233,344 | R--- | M] (ESET s.r.o.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011.06.30 16:42:12 | 000,000,133 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011.08.17 10:26:02 | 000,000,000 | ---D | M] - D:\AutorunConfig -- [ CDFS ]
O33 - MountPoints2\{5b6f241c-9b73-11e1-9c70-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5b6f241c-9b73-11e1-9c70-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2011.07.07 12:09:24 | 000,233,344 | R--- | M] (ESET s.r.o.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.29 20:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.29 20:10:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.29 20:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.29 20:05:04 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\AppData\Roaming\Malwarebytes
[2012.07.29 20:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.29 01:46:17 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\AppData\Roaming\hellomoto
[2012.07.05 15:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.07.05 15:06:17 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012.07.05 14:33:28 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\Documents\Battlefield 3
[2012.07.05 14:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Battlelog Web Plugins
[2012.07.05 02:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.07.05 02:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012.07.05 02:44:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012.07.05 02:44:11 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\EAInstaller
[2012.07.04 17:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2012.07.04 17:58:05 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\AppData\Local\Origin
[2012.07.04 17:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.07.04 17:56:22 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\AppData\Roaming\Origin
[2012.07.04 17:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012.07.04 17:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.07.04 17:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Origin
[2012.07.01 19:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012.07.01 18:30:47 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\AppData\Local\PunkBuster
[2012.07.01 17:42:41 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\AppData\Local\Google
[2012.07.01 17:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012.07.01 17:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\XfireXO
[2012.07.01 17:42:20 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\AppData\Local\Conduit
[2012.07.01 17:42:08 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\AppData\Roaming\Xfire
[2012.07.01 17:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
[2012.07.01 17:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2012.07.01 17:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2012.07.01 14:50:35 | 086,400,840 | ---- | C] (K2 Network, Inc.) -- C:\Users\atrox1000\APB_Reloaded_Installer.exe
[2012.07.01 14:49:55 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\AppData\Local\GamersFirst LIVE!
[2012.07.01 14:47:01 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\AppData\Local\PMB Files
[2012.07.01 14:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.07.01 14:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2012.07.01 14:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst
[2012.07.01 14:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\GamersFirst
========== Files - Modified Within 30 Days ==========
[2012.07.29 21:29:18 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.29 21:29:18 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.29 21:29:18 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.29 21:29:18 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.29 21:24:10 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.07.29 21:24:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.29 21:24:00 | 2817,925,120 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.29 20:10:07 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.29 02:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.29 01:48:51 | 000,019,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.29 01:48:51 | 000,019,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 18:07:48 | 000,140,800 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.07.09 18:07:40 | 000,283,304 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.07.09 18:07:15 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.07.05 02:44:12 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.07.05 02:43:55 | 000,138,056 | ---- | M] () -- C:\Users\atrox1000\AppData\Roaming\PnkBstrK.sys
[2012.07.04 17:56:22 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.01 20:04:44 | 000,000,066 | ---- | M] () -- C:\Users\atrox1000\Desktop\pbuser.htm
[2012.07.01 20:04:32 | 000,014,374 | ---- | M] () -- C:\Users\atrox1000\Desktop\pbgame.htm
[2012.07.01 20:03:50 | 000,846,336 | ---- | M] () -- C:\Users\atrox1000\Desktop\pbsetup.exe
[2012.07.01 19:10:32 | 000,000,399 | ---- | M] () -- C:\Users\atrox1000\Desktop\EnvironmentGame.ini
[2012.07.01 19:08:02 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.07.01 17:42:07 | 000,000,957 | ---- | M] () -- C:\Users\atrox1000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2012.07.01 17:42:07 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2012.07.01 17:33:35 | 3999,925,254 | ---- | M] () -- C:\Users\atrox1000\Client1.7.0.586601.7z
[2012.07.01 17:33:11 | 086,400,840 | ---- | M] (K2 Network, Inc.) -- C:\Users\atrox1000\APB_Reloaded_Installer.exe
[2012.07.01 14:50:53 | 000,001,118 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2012.07.01 14:50:53 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
========== Files Created - No Company Name ==========
[2012.07.29 20:10:07 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.05 15:05:50 | 000,011,190 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012.07.05 02:44:12 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.07.04 17:56:22 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.07.01 20:04:44 | 000,000,066 | ---- | C] () -- C:\Users\atrox1000\Desktop\pbuser.htm
[2012.07.01 20:04:32 | 000,014,374 | ---- | C] () -- C:\Users\atrox1000\Desktop\pbgame.htm
[2012.07.01 20:03:14 | 000,846,336 | ---- | C] () -- C:\Users\atrox1000\Desktop\pbsetup.exe
[2012.07.01 19:16:13 | 000,283,304 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.07.01 19:10:32 | 000,000,399 | ---- | C] () -- C:\Users\atrox1000\Desktop\EnvironmentGame.ini
[2012.07.01 19:08:02 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.07.01 19:08:02 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.07.01 18:28:53 | 000,140,800 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.07.01 18:28:48 | 000,138,056 | ---- | C] () -- C:\Users\atrox1000\AppData\Roaming\PnkBstrK.sys
[2012.07.01 18:28:28 | 000,283,304 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.07.01 18:28:28 | 000,280,904 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.07.01 18:28:16 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.07.01 17:42:07 | 000,000,957 | ---- | C] () -- C:\Users\atrox1000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2012.07.01 17:42:07 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2012.07.01 14:50:35 | 3999,925,254 | ---- | C] () -- C:\Users\atrox1000\Client1.7.0.586601.7z
[2012.07.01 14:46:47 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2012.07.01 14:46:47 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2012.05.26 21:25:55 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.06.24 20:51:18 | 000,036,352 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.04.12 03:30:05 | 000,643,628 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 03:30:05 | 000,126,188 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
========== LOP Check ==========
[2012.06.13 14:10:44 | 000,000,000 | ---D | M] -- C:\Users\atrox1000\AppData\Roaming\ESET
[2012.07.29 01:46:44 | 000,000,000 | ---D | M] -- C:\Users\atrox1000\AppData\Roaming\hellomoto
[2012.07.04 17:58:11 | 000,000,000 | ---D | M] -- C:\Users\atrox1000\AppData\Roaming\Origin
[2009.07.14 06:53:46 | 000,024,320 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012.05.11 16:20:59 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.05.11 17:11:42 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.05.11 16:20:48 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.05.27 16:45:02 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.07.29 20:10:06 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.07.29 20:05:04 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.05.11 16:20:48 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.05.11 16:20:48 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.07.27 16:47:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.07.05 15:07:01 | 000,000,000 | R--D | M] -- C:\Users
[2012.07.29 19:39:26 | 000,000,000 | ---D | M] -- C:\Windows
[2012.05.11 17:06:18 | 000,000,000 | ---D | M] -- C:\Windows.old
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2004.08.04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2004.08.04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Windows.old\Windows\system32\drivers\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2004.08.04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\Windows.old\Windows\system32\dllcache\eventlog.dll
[2004.08.04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\Windows.old\Windows\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004.08.04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=379098A96E6C165B659DE7E4328010EA -- C:\Windows.old\Windows\explorer.exe
[2004.08.04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=379098A96E6C165B659DE7E4328010EA -- C:\Windows.old\Windows\system32\dllcache\explorer.exe
[2010.11.20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010.11.20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
< MD5 for: IASTORV.SYS >
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2004.08.04 00:44:08 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=8BE1BEBB1447EFFAF5F2135DC098431E -- C:\Windows.old\Windows\system32\dllcache\netlogon.dll
[2004.08.04 00:44:08 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=8BE1BEBB1447EFFAF5F2135DC098431E -- C:\Windows.old\Windows\system32\netlogon.dll
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
< MD5 for: SCECLI.DLL >
[2004.08.04 00:44:10 | 000,185,344 | ---- | M] (Microsoft Corporation) MD5=3609496AE18FF399920C494270C526F9 -- C:\Windows.old\Windows\system32\dllcache\scecli.dll
[2004.08.04 00:44:10 | 000,185,344 | ---- | M] (Microsoft Corporation) MD5=3609496AE18FF399920C494270C526F9 -- C:\Windows.old\Windows\system32\scecli.dll
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: USER32.DLL >
[2004.08.04 00:44:14 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=0C81764F50F32D376E6E4B9E9F4B01A0 -- C:\Windows.old\Windows\system32\dllcache\user32.dll
[2004.08.04 00:44:14 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=0C81764F50F32D376E6E4B9E9F4B01A0 -- C:\Windows.old\Windows\system32\user32.dll
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2004.08.04 00:44:30 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=BD768099B4C44AA631728CB74EB54396 -- C:\Windows.old\Windows\system32\dllcache\userinit.exe
[2004.08.04 00:44:30 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=BD768099B4C44AA631728CB74EB54396 -- C:\Windows.old\Windows\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\Windows.old\Windows\system32\dllcache\winlogon.exe
[2004.08.04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\Windows.old\Windows\system32\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2001.08.18 01:55:58 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\Windows.old\Windows\system32\dllcache\ws2ifsl.sys
[2001.08.18 01:55:58 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\Windows.old\Windows\system32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %USERPROFILE%\*.* >
[2012.07.01 17:33:11 | 086,400,840 | ---- | M] (K2 Network, Inc.) -- C:\Users\atrox1000\APB_Reloaded_Installer.exe
[2012.07.01 17:33:35 | 3999,925,254 | ---- | M] () -- C:\Users\atrox1000\Client1.7.0.586601.7z
[2012.07.29 21:48:42 | 001,572,864 | -HS- | M] () -- C:\Users\atrox1000\ntuser.dat
[2012.07.29 21:48:42 | 000,262,144 | -HS- | M] () -- C:\Users\atrox1000\ntuser.dat.LOG1
[2012.05.11 16:20:54 | 000,000,000 | -HS- | M] () -- C:\Users\atrox1000\ntuser.dat.LOG2
[2012.05.11 17:24:35 | 000,065,536 | -HS- | M] () -- C:\Users\atrox1000\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2012.05.11 17:24:35 | 000,524,288 | -HS- | M] () -- C:\Users\atrox1000\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2012.05.11 17:24:35 | 000,524,288 | -HS- | M] () -- C:\Users\atrox1000\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.05.28 01:14:59 | 000,065,536 | -HS- | M] () -- C:\Users\atrox1000\ntuser.dat{95a4f16a-a837-11e1-b303-204e7fea5e67}.TM.blf
[2012.05.28 01:14:59 | 000,524,288 | -HS- | M] () -- C:\Users\atrox1000\ntuser.dat{95a4f16a-a837-11e1-b303-204e7fea5e67}.TMContainer00000000000000000001.regtrans-ms
[2012.05.28 01:14:59 | 000,524,288 | -HS- | M] () -- C:\Users\atrox1000\ntuser.dat{95a4f16a-a837-11e1-b303-204e7fea5e67}.TMContainer00000000000000000002.regtrans-ms
[2012.05.11 16:20:54 | 000,000,020 | -HS- | M] () -- C:\Users\atrox1000\ntuser.ini
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
< End of report > --- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 29.07.2012 21:27:52 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = E:\
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 3,09 Gb Available Physical Memory | 88,45% Memory free
7,00 Gb Paging File | 6,61 Gb Available in Paging File | 94,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 240,31 Gb Free Space | 80,62% Space Free | Partition Type: NTFS
Drive D: | 213,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 1,88 Gb Total Space | 1,78 Gb Free Space | 94,37% Space Free | Partition Type: FAT
Computer Name: ATROX1000-PC | User Name: atrox1000 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C7F0A1F-6F80-481A-ABE1-EB91E5F8E682}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1E7E9867-6FDA-4F81-9D1F-613EFB6F3323}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{282685B2-E75D-4FD2-B17B-ED5322A254C1}" = rport=445 | protocol=6 | dir=out | app=system |
"{29AF880E-E03F-432F-98D5-CEBEA36BC723}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C40B608-5369-4E46-9DE0-90573B062B10}" = rport=138 | protocol=17 | dir=out | app=system |
"{2CD37AE7-58B7-43C1-973A-EB566E0E5BDF}" = lport=139 | protocol=6 | dir=in | app=system |
"{2D72A59B-BCA5-4450-99FE-0157E8E0BA25}" = rport=139 | protocol=6 | dir=out | app=system |
"{31312946-89BA-4C55-8885-34E851D5BB73}" = lport=445 | protocol=6 | dir=in | app=system |
"{38D80070-1EB7-4740-B2B8-0D642DFB095B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{40E4ECA4-D3FD-445B-ACD6-88789CFD9F31}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4A2372D3-0058-421A-A3D0-73CFF0F36277}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BD304B3-2284-409A-A69F-0619C603F469}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4CBB21C6-F854-4081-9237-40D36D990FB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4CF4AE00-C4ED-4291-B798-AA324578E425}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50574686-D7BC-4A08-B8CB-FDB06F1D1D2F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{50F4D7F2-A7A9-4DF8-BAC4-4E3865CB2294}" = lport=137 | protocol=17 | dir=in | app=system |
"{58B18388-1F31-42DB-8455-3E694954EBF9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F1A164E-E9DE-49EC-B790-624E976D9E22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63CD7C35-FD57-4CA5-8224-99054F49CC24}" = rport=137 | protocol=17 | dir=out | app=system |
"{69CD5F80-27E5-4CD6-AA67-43B6628CCC74}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{845BEC60-2DD4-4BD9-BA31-5293A3285E4B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9874474B-A8F6-4839-B1C8-0E1F039BCA13}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{98C7A8B2-ACD4-4F1B-8764-83C4472352AA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A329B406-CB41-41DF-9920-6D07C7A23792}" = lport=138 | protocol=17 | dir=in | app=system |
"{AF10F9FF-2681-49E2-BD37-318339875D9F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB61C967-AE00-468C-B243-279374528AAF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BE103E31-D16A-4A17-806F-A066A0A60B1B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BFA1C62B-1D43-4BE6-ADB5-3C53D6076E42}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C05896FE-9F57-47D2-BB59-28A5A6048E82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C595F72B-29A0-4585-8517-07BB93D84F0C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC041F4E-8F01-433D-9AD8-6C6B2798FEDE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D1AE52CD-CC9B-412B-9238-C182F78010AE}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D987C71B-C872-4237-8784-517CB4987EEB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E84C919D-85B3-4254-B39D-7B8DA37CFD07}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1F3CE51-F6BF-4A19-AD09-F7180A7D225A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F5915090-2213-416F-8368-7C686530170D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{F665FB46-EA91-41D4-BBF6-BF94C795064D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F78644D8-5F72-4435-874B-13C68CA45190}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD65FB5B-13A5-4725-A4D5-DC45A31DF2B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F91B60-E2BE-40D4-A772-0C4291BEBFBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{06421A87-909E-4ADD-B57C-41EF5D4DEC73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{06559611-0CFD-4D2D-952F-02EA94EA36EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{07F22E24-1C17-4D55-86EE-1ABE2C7E7E96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10AE989F-579E-4B13-A9E8-C71942E72CFB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{153E7B1C-3844-4C89-AE60-CEE16C5C91F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{18AD8DA3-6419-4781-83E3-7DCA69B1E1B9}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{1F453692-CF56-4F03-A44E-CF58229B33EC}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1FBC6CF5-FA0B-46F2-8604-BBA885D4E688}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{27C699ED-BA41-412F-A1D6-1E23688E02FA}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{28E8D959-A292-4A9D-A4DA-023EFBF73956}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2CFB4263-3AAC-4F50-9D81-716CEFA9EE91}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{308375B0-E6A5-45C9-B6C2-C33195A23451}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{30F52A17-144F-42D4-AF7D-B55C92F14D3A}" = protocol=17 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{31A01EBC-27D4-4B03-B90E-B1A02925962E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{372A1BB3-9654-406B-A58E-30CE712627A0}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{38518894-9633-45D5-91E4-C253C45CCF66}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{3DD07783-5077-487D-90E4-EBBF88858967}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{40468632-3EB5-4686-8B0A-147AB7E9FBBE}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5A607F64-2F31-4660-A010-39BCAEAD908A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6439DBB9-563D-44B9-9340-AE374D0C5609}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{69B1E271-68EE-400A-AF17-6FDA6319E11C}" = protocol=6 | dir=out | app=system |
"{70AA663A-D5A0-4794-84CD-C75EF28DE85F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{70CE5963-51D5-4318-8AD5-A906EE587D04}" = protocol=6 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{73BBCD6E-1BF2-4436-829C-ABB3F04C0309}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{7C7DE759-F814-4468-B903-60D3A3397027}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{85CC3716-4DA1-4CA1-A5EA-35E2405BDD69}" = protocol=6 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\apb.exe |
"{95678880-6B2A-4265-A8B1-9DE6EEF7C9DE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9733BB6C-12DB-452E-8543-46A84EABC6CD}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9D5F0A34-F7F1-4811-B0EE-0C6C71D16E33}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{9EBD7D84-07FC-4D0B-9824-EB4DBF3C1048}" = protocol=17 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\apb.exe |
"{A5836CF6-218C-411C-8CC7-8485C4F3A3BB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AB762D2D-6ACC-4E66-BA91-5CB0DA23844D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B0FD8DFE-C212-47DC-9E0F-FB5283AAFD28}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{B18DCE48-893E-45F3-8A89-C17EF99194CA}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B8455A61-CDD0-422C-BDBB-01EE7A00A727}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B930225F-6DE6-4E46-9095-1293C436CE0F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{BA37A206-D335-4D54-90F0-FD215ADA6677}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C601930B-4156-4391-A33D-14974DDC5680}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{C9A1290A-407B-43CE-BEC5-908FBB35B183}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{CE936ED1-BF89-4761-8A19-617FF3F786ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D06A94E4-F572-4226-95D7-465159EA5B54}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D3172ED9-F182-4933-BFA4-1B14AA27737B}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{D67060E0-0A25-40D3-99E7-FDF0EDD2AF8B}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |
"{DA1DE12D-5AF6-47BF-8144-CF790DED3D55}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DD8BB362-6065-4C09-98DB-0F80C4EE0475}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |
"{DF07185E-961D-426F-86B2-AE4C719579F6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{EA9B05B5-306A-40D7-A9D2-B64E678008F9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{EB1E7188-6509-4281-B6DC-15B7C29CF49E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F225C347-9EC2-48F2-8F24-5C6B351AC592}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{A3DDEF75-AF54-483C-9ADA-B09AF41FBEAB}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{7978CBC0-0184-4973-A692-05B3EB3BAB73}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{16793295-2366-40F7-A045-A3E42A81365E}" = Bing Bar
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.442
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = KMPlayer Toolbar
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C90B0A63-978E-406C-A2E0-CFACE9C13B87}" = ESET Smart Security
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"APB Reloaded" = APB Reloaded
"Battlelog Web Plugins" = Battlelog Web Plugins
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"GamersFirst LIVE!" = GamersFirst LIVE!
"incredibar" = Incredibar Toolbar on IE and Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"TeamViewer 7" = TeamViewer 7
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VLC media player 2.0.1
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.07.2012 13:39:43 | Computer Name = atrox1000-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: 0x8007043C
Error - 29.07.2012 13:39:43 | Computer Name = atrox1000-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
Error - 29.07.2012 13:46:21 | Computer Name = atrox1000-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.07.2012 13:55:42 | Computer Name = atrox1000-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: 0x8007043C
Error - 29.07.2012 13:55:42 | Computer Name = atrox1000-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
Error - 29.07.2012 13:57:18 | Computer Name = atrox1000-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.07.2012 14:05:39 | Computer Name = atrox1000-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.62.0.87, Zeitstempel:
0x4fc6d5ba Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7b972 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001604c ID des fehlerhaften
Prozesses: 0x598 Startzeit der fehlerhaften Anwendung: 0x01cd6db4adaeefba Pfad der
fehlerhaften Anwendung: E:\Malwarebytes' Anti-Malware\mbam.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\OLEAUT32.dll Berichtskennung: 0098418c-d9a8-11e1-b637-e0cb4ee7c9b7
Error - 29.07.2012 15:25:07 | Computer Name = atrox1000-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: 0x8007043C
Error - 29.07.2012 15:25:07 | Computer Name = atrox1000-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
Error - 29.07.2012 15:25:49 | Computer Name = atrox1000-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 29.07.2012 15:25:07 | Computer Name = atrox1000-PC | Source = DCOM | ID = 10005
Description =
Error - 29.07.2012 15:25:14 | Computer Name = atrox1000-PC | Source = DCOM | ID = 10005
Description =
Error - 29.07.2012 15:25:15 | Computer Name = atrox1000-PC | Source = DCOM | ID = 10005
Description =
Error - 29.07.2012 15:25:15 | Computer Name = atrox1000-PC | Source = DCOM | ID = 10005
Description =
Error - 29.07.2012 15:25:16 | Computer Name = atrox1000-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 29.07.2012 15:25:16 | Computer Name = atrox1000-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 29.07.2012 15:25:16 | Computer Name = atrox1000-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 29.07.2012 15:25:16 | Computer Name = atrox1000-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 29.07.2012 15:25:16 | Computer Name = atrox1000-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 29.07.2012 15:25:16 | Computer Name = atrox1000-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report > --- --- --- |