Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert (https://www.trojaner-board.de/120739-computer-verletzung-gesetze-bundesrepublik-deutschland-wurde-blockiert.html)

Atrox 29.07.2012 19:52
Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
 
Hallo zusammen,

Ich habe seit heute mit meinem 2. Computer ein Problem und zwar erscheint jedesmal wenn ich ihn starte dieses Problem : Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert.

Ich habe mir die Website hier angeschaut und herausgefunden dass ich einen Scan mit Malwarebytes Anti-Malware machen kann und dann den Log posten soll,Ich hoffe dass ihr mir helfen könnt und ich alles richtig gemacht habe.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.03.05

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
atrox1000 :: ATROX1000-PC [Administrator]

29.07.2012 20:10:56
mbam-log-2012-07-29 (20-10-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 309371
Laufzeit: 12 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)






Wäre super wenn ihr mir helfen könntet danke :)

markusg 29.07.2012 20:05
hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Atrox 29.07.2012 21:21
OTL Logfile:
Code:
OTL logfile created on: 29.07.2012 21:46:40 - Run 2
OTL by OldTimer - Version 3.2.55.0    Folder = E:\
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,98 Gb Available Physical Memory | 85,04% Memory free
7,00 Gb Paging File | 6,55 Gb Available in Paging File | 93,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 240,19 Gb Free Space | 80,58% Space Free | Partition Type: NTFS
Drive D: | 213,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 1,88 Gb Total Space | 1,78 Gb Free Space | 94,35% Space Free | Partition Type: FAT
 
Computer Name: ATROX1000-PC | User Name: atrox1000 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ekrn) -- C:\Programme\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.362.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.362.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (PanService) -- C:\Programme\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WSWNA3100) -- C:\Programme\NETGEAR\WNA3100\WifiSvc.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (epfw) -- C:\Windows\System32\drivers\epfw.sys (ESET)
DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (epfwwfp) -- C:\Windows\System32\drivers\epfwwfp.sys (ESET)
DRV - (EpfwLWF) -- C:\Windows\System32\drivers\EpfwLWF.sys (ESET)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (BCMH43XX) -- C:\Windows\System32\drivers\bcmwlhigh6.sys (Broadcom Corporation)
DRV - (SCMNdisP) -- C:\Windows\System32\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfir.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F 86 B7 6D 0C 47 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfir.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9470DC73-0F69-466A-8235-D959CFD720A9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=PTV&o=15184&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=RY&apn_dtid=YYYYYYYYDE&apn_uid=01D69FA4-166D-4FB9-8E33-FE437D1B89E5&apn_sauid=12D8CF0E-AC2C-49D3-8417-91F88CBEE58F
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6R8vVEotnr&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "XfireXO Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2304157&SearchSource=13"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&apn_uid=01D69FA4-166D-4FB9-8E33-FE437D1B89E5&apn_ptnrs=RY&apn_sauid=12D8CF0E-AC2C-49D3-8417-91F88CBEE58F&apn_dtid=YYYYYYYYDE&&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.06.14 03:54:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.29 19:58:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.06.13 14:09:11 | 000,000,000 | ---D | M]
 
[2012.06.14 01:54:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\atrox1000\AppData\Roaming\mozilla\Extensions
[2012.07.16 10:01:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\atrox1000\AppData\Roaming\mozilla\Firefox\Profiles\59jwfqsu.default\extensions
[2012.07.16 10:01:44 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\atrox1000\AppData\Roaming\mozilla\Firefox\Profiles\59jwfqsu.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2012.06.14 03:54:08 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\atrox1000\AppData\Roaming\mozilla\Firefox\Profiles\59jwfqsu.default\extensions\ffxtlbr@incredibar.com
[2012.06.24 14:52:10 | 000,000,000 | ---D | M] ("KMPlayer Toolbar") -- C:\Users\atrox1000\AppData\Roaming\mozilla\Firefox\Profiles\59jwfqsu.default\extensions\toolbar@ask.com
[2012.07.28 12:48:30 | 000,002,572 | ---- | M] () -- C:\Users\atrox1000\AppData\Roaming\Mozilla\Firefox\Profiles\59jwfqsu.default\searchplugins\askcom.xml
[2012.06.30 14:49:18 | 000,000,917 | ---- | M] () -- C:\Users\atrox1000\AppData\Roaming\Mozilla\Firefox\Profiles\59jwfqsu.default\searchplugins\conduit.xml
[2012.06.14 03:53:55 | 000,002,203 | ---- | M] () -- C:\Users\atrox1000\AppData\Roaming\Mozilla\Firefox\Profiles\59jwfqsu.default\searchplugins\MyStart Search.xml
[2012.06.14 01:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.14 03:54:02 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012.07.29 19:58:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = hxxp://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR - homepage: Google
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKCU..\Run: [RpcPing] C:\Users\atrox1000\AppData\Local\Microsoft\Windows\2795\RpcPing.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\atrox1000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Programme\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2060B2A2-F787-429B-8962-57F3428FF4DD}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.07.07 12:09:24 | 000,233,344 | R--- | M] (ESET s.r.o.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011.06.30 16:42:12 | 000,000,133 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011.08.17 10:26:02 | 000,000,000 | ---D | M] - D:\AutorunConfig -- [ CDFS ]
O33 - MountPoints2\{5b6f241c-9b73-11e1-9c70-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5b6f241c-9b73-11e1-9c70-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2011.07.07 12:09:24 | 000,233,344 | R--- | M] (ESET s.r.o.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.29 20:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.29 20:10:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.29 20:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.29 20:05:04 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\AppData\Roaming\Malwarebytes
[2012.07.29 20:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.29 01:46:17 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\AppData\Roaming\hellomoto
[2012.07.05 15:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.07.05 15:06:17 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012.07.05 14:33:28 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\Documents\Battlefield 3
[2012.07.05 14:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Battlelog Web Plugins
[2012.07.05 02:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.07.05 02:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012.07.05 02:44:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012.07.05 02:44:11 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\EAInstaller
[2012.07.04 17:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2012.07.04 17:58:05 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\AppData\Local\Origin
[2012.07.04 17:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.07.04 17:56:22 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\AppData\Roaming\Origin
[2012.07.04 17:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012.07.04 17:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.07.04 17:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Origin
[2012.07.01 19:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012.07.01 18:30:47 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\AppData\Local\PunkBuster
[2012.07.01 17:42:41 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\AppData\Local\Google
[2012.07.01 17:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012.07.01 17:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\XfireXO
[2012.07.01 17:42:20 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\AppData\Local\Conduit
[2012.07.01 17:42:08 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\AppData\Roaming\Xfire
[2012.07.01 17:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
[2012.07.01 17:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2012.07.01 17:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2012.07.01 14:50:35 | 086,400,840 | ---- | C] (K2 Network, Inc.) -- C:\Users\atrox1000\APB_Reloaded_Installer.exe
[2012.07.01 14:49:55 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\AppData\Local\GamersFirst LIVE!
[2012.07.01 14:47:01 | 000,000,000 | ---D | C] -- C:\Users\atrox1000\AppData\Local\PMB Files
[2012.07.01 14:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.07.01 14:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2012.07.01 14:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst
[2012.07.01 14:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\GamersFirst
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.29 21:29:18 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.29 21:29:18 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.29 21:29:18 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.29 21:29:18 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.29 21:24:10 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.07.29 21:24:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.29 21:24:00 | 2817,925,120 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.29 20:10:07 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.29 02:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.29 01:48:51 | 000,019,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.29 01:48:51 | 000,019,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 18:07:48 | 000,140,800 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.07.09 18:07:40 | 000,283,304 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.07.09 18:07:15 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.07.05 02:44:12 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.07.05 02:43:55 | 000,138,056 | ---- | M] () -- C:\Users\atrox1000\AppData\Roaming\PnkBstrK.sys
[2012.07.04 17:56:22 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.01 20:04:44 | 000,000,066 | ---- | M] () -- C:\Users\atrox1000\Desktop\pbuser.htm
[2012.07.01 20:04:32 | 000,014,374 | ---- | M] () -- C:\Users\atrox1000\Desktop\pbgame.htm
[2012.07.01 20:03:50 | 000,846,336 | ---- | M] () -- C:\Users\atrox1000\Desktop\pbsetup.exe
[2012.07.01 19:10:32 | 000,000,399 | ---- | M] () -- C:\Users\atrox1000\Desktop\EnvironmentGame.ini
[2012.07.01 19:08:02 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.07.01 17:42:07 | 000,000,957 | ---- | M] () -- C:\Users\atrox1000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2012.07.01 17:42:07 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2012.07.01 17:33:35 | 3999,925,254 | ---- | M] () -- C:\Users\atrox1000\Client1.7.0.586601.7z
[2012.07.01 17:33:11 | 086,400,840 | ---- | M] (K2 Network, Inc.) -- C:\Users\atrox1000\APB_Reloaded_Installer.exe
[2012.07.01 14:50:53 | 000,001,118 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2012.07.01 14:50:53 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.29 20:10:07 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.05 15:05:50 | 000,011,190 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012.07.05 02:44:12 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.07.04 17:56:22 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.07.01 20:04:44 | 000,000,066 | ---- | C] () -- C:\Users\atrox1000\Desktop\pbuser.htm
[2012.07.01 20:04:32 | 000,014,374 | ---- | C] () -- C:\Users\atrox1000\Desktop\pbgame.htm
[2012.07.01 20:03:14 | 000,846,336 | ---- | C] () -- C:\Users\atrox1000\Desktop\pbsetup.exe
[2012.07.01 19:16:13 | 000,283,304 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.07.01 19:10:32 | 000,000,399 | ---- | C] () -- C:\Users\atrox1000\Desktop\EnvironmentGame.ini
[2012.07.01 19:08:02 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.07.01 19:08:02 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.07.01 18:28:53 | 000,140,800 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.07.01 18:28:48 | 000,138,056 | ---- | C] () -- C:\Users\atrox1000\AppData\Roaming\PnkBstrK.sys
[2012.07.01 18:28:28 | 000,283,304 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.07.01 18:28:28 | 000,280,904 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.07.01 18:28:16 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.07.01 17:42:07 | 000,000,957 | ---- | C] () -- C:\Users\atrox1000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2012.07.01 17:42:07 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2012.07.01 14:50:35 | 3999,925,254 | ---- | C] () -- C:\Users\atrox1000\Client1.7.0.586601.7z
[2012.07.01 14:46:47 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2012.07.01 14:46:47 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2012.05.26 21:25:55 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.06.24 20:51:18 | 000,036,352 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.04.12 03:30:05 | 000,643,628 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 03:30:05 | 000,126,188 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== LOP Check ==========
 
[2012.06.13 14:10:44 | 000,000,000 | ---D | M] -- C:\Users\atrox1000\AppData\Roaming\ESET
[2012.07.29 01:46:44 | 000,000,000 | ---D | M] -- C:\Users\atrox1000\AppData\Roaming\hellomoto
[2012.07.04 17:58:11 | 000,000,000 | ---D | M] -- C:\Users\atrox1000\AppData\Roaming\Origin
[2009.07.14 06:53:46 | 000,024,320 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.05.11 16:20:59 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.05.11 17:11:42 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.05.11 16:20:48 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.05.27 16:45:02 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.07.29 20:10:06 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.07.29 20:05:04 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.05.11 16:20:48 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.05.11 16:20:48 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.07.27 16:47:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.07.05 15:07:01 | 000,000,000 | R--D | M] -- C:\Users
[2012.07.29 19:39:26 | 000,000,000 | ---D | M] -- C:\Windows
[2012.05.11 17:06:18 | 000,000,000 | ---D | M] -- C:\Windows.old
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Windows.old\Windows\system32\drivers\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2004.08.04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\Windows.old\Windows\system32\dllcache\eventlog.dll
[2004.08.04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\Windows.old\Windows\system32\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=379098A96E6C165B659DE7E4328010EA -- C:\Windows.old\Windows\explorer.exe
[2004.08.04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=379098A96E6C165B659DE7E4328010EA -- C:\Windows.old\Windows\system32\dllcache\explorer.exe
[2010.11.20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010.11.20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2004.08.04 00:44:08 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=8BE1BEBB1447EFFAF5F2135DC098431E -- C:\Windows.old\Windows\system32\dllcache\netlogon.dll
[2004.08.04 00:44:08 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=8BE1BEBB1447EFFAF5F2135DC098431E -- C:\Windows.old\Windows\system32\netlogon.dll
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2004.08.04 00:44:10 | 000,185,344 | ---- | M] (Microsoft Corporation) MD5=3609496AE18FF399920C494270C526F9 -- C:\Windows.old\Windows\system32\dllcache\scecli.dll
[2004.08.04 00:44:10 | 000,185,344 | ---- | M] (Microsoft Corporation) MD5=3609496AE18FF399920C494270C526F9 -- C:\Windows.old\Windows\system32\scecli.dll
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 00:44:14 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=0C81764F50F32D376E6E4B9E9F4B01A0 -- C:\Windows.old\Windows\system32\dllcache\user32.dll
[2004.08.04 00:44:14 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=0C81764F50F32D376E6E4B9E9F4B01A0 -- C:\Windows.old\Windows\system32\user32.dll
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2004.08.04 00:44:30 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=BD768099B4C44AA631728CB74EB54396 -- C:\Windows.old\Windows\system32\dllcache\userinit.exe
[2004.08.04 00:44:30 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=BD768099B4C44AA631728CB74EB54396 -- C:\Windows.old\Windows\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\Windows.old\Windows\system32\dllcache\winlogon.exe
[2004.08.04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\Windows.old\Windows\system32\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.18 01:55:58 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\Windows.old\Windows\system32\dllcache\ws2ifsl.sys
[2001.08.18 01:55:58 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\Windows.old\Windows\system32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.07.01 17:33:11 | 086,400,840 | ---- | M] (K2 Network, Inc.) -- C:\Users\atrox1000\APB_Reloaded_Installer.exe
[2012.07.01 17:33:35 | 3999,925,254 | ---- | M] () -- C:\Users\atrox1000\Client1.7.0.586601.7z
[2012.07.29 21:48:42 | 001,572,864 | -HS- | M] () -- C:\Users\atrox1000\ntuser.dat
[2012.07.29 21:48:42 | 000,262,144 | -HS- | M] () -- C:\Users\atrox1000\ntuser.dat.LOG1
[2012.05.11 16:20:54 | 000,000,000 | -HS- | M] () -- C:\Users\atrox1000\ntuser.dat.LOG2
[2012.05.11 17:24:35 | 000,065,536 | -HS- | M] () -- C:\Users\atrox1000\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2012.05.11 17:24:35 | 000,524,288 | -HS- | M] () -- C:\Users\atrox1000\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2012.05.11 17:24:35 | 000,524,288 | -HS- | M] () -- C:\Users\atrox1000\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.05.28 01:14:59 | 000,065,536 | -HS- | M] () -- C:\Users\atrox1000\ntuser.dat{95a4f16a-a837-11e1-b303-204e7fea5e67}.TM.blf
[2012.05.28 01:14:59 | 000,524,288 | -HS- | M] () -- C:\Users\atrox1000\ntuser.dat{95a4f16a-a837-11e1-b303-204e7fea5e67}.TMContainer00000000000000000001.regtrans-ms
[2012.05.28 01:14:59 | 000,524,288 | -HS- | M] () -- C:\Users\atrox1000\ntuser.dat{95a4f16a-a837-11e1-b303-204e7fea5e67}.TMContainer00000000000000000002.regtrans-ms
[2012.05.11 16:20:54 | 000,000,020 | -HS- | M] () -- C:\Users\atrox1000\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 29.07.2012 21:27:52 - Run 1
OTL by OldTimer - Version 3.2.55.0    Folder = E:\
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 3,09 Gb Available Physical Memory | 88,45% Memory free
7,00 Gb Paging File | 6,61 Gb Available in Paging File | 94,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 240,31 Gb Free Space | 80,62% Space Free | Partition Type: NTFS
Drive D: | 213,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 1,88 Gb Total Space | 1,78 Gb Free Space | 94,37% Space Free | Partition Type: FAT
 
Computer Name: ATROX1000-PC | User Name: atrox1000 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C7F0A1F-6F80-481A-ABE1-EB91E5F8E682}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1E7E9867-6FDA-4F81-9D1F-613EFB6F3323}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{282685B2-E75D-4FD2-B17B-ED5322A254C1}" = rport=445 | protocol=6 | dir=out | app=system |
"{29AF880E-E03F-432F-98D5-CEBEA36BC723}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C40B608-5369-4E46-9DE0-90573B062B10}" = rport=138 | protocol=17 | dir=out | app=system |
"{2CD37AE7-58B7-43C1-973A-EB566E0E5BDF}" = lport=139 | protocol=6 | dir=in | app=system |
"{2D72A59B-BCA5-4450-99FE-0157E8E0BA25}" = rport=139 | protocol=6 | dir=out | app=system |
"{31312946-89BA-4C55-8885-34E851D5BB73}" = lport=445 | protocol=6 | dir=in | app=system |
"{38D80070-1EB7-4740-B2B8-0D642DFB095B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{40E4ECA4-D3FD-445B-ACD6-88789CFD9F31}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4A2372D3-0058-421A-A3D0-73CFF0F36277}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BD304B3-2284-409A-A69F-0619C603F469}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4CBB21C6-F854-4081-9237-40D36D990FB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4CF4AE00-C4ED-4291-B798-AA324578E425}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50574686-D7BC-4A08-B8CB-FDB06F1D1D2F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{50F4D7F2-A7A9-4DF8-BAC4-4E3865CB2294}" = lport=137 | protocol=17 | dir=in | app=system |
"{58B18388-1F31-42DB-8455-3E694954EBF9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F1A164E-E9DE-49EC-B790-624E976D9E22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63CD7C35-FD57-4CA5-8224-99054F49CC24}" = rport=137 | protocol=17 | dir=out | app=system |
"{69CD5F80-27E5-4CD6-AA67-43B6628CCC74}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{845BEC60-2DD4-4BD9-BA31-5293A3285E4B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9874474B-A8F6-4839-B1C8-0E1F039BCA13}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{98C7A8B2-ACD4-4F1B-8764-83C4472352AA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A329B406-CB41-41DF-9920-6D07C7A23792}" = lport=138 | protocol=17 | dir=in | app=system |
"{AF10F9FF-2681-49E2-BD37-318339875D9F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB61C967-AE00-468C-B243-279374528AAF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BE103E31-D16A-4A17-806F-A066A0A60B1B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BFA1C62B-1D43-4BE6-ADB5-3C53D6076E42}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C05896FE-9F57-47D2-BB59-28A5A6048E82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C595F72B-29A0-4585-8517-07BB93D84F0C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC041F4E-8F01-433D-9AD8-6C6B2798FEDE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D1AE52CD-CC9B-412B-9238-C182F78010AE}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D987C71B-C872-4237-8784-517CB4987EEB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E84C919D-85B3-4254-B39D-7B8DA37CFD07}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1F3CE51-F6BF-4A19-AD09-F7180A7D225A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F5915090-2213-416F-8368-7C686530170D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{F665FB46-EA91-41D4-BBF6-BF94C795064D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F78644D8-5F72-4435-874B-13C68CA45190}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD65FB5B-13A5-4725-A4D5-DC45A31DF2B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F91B60-E2BE-40D4-A772-0C4291BEBFBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{06421A87-909E-4ADD-B57C-41EF5D4DEC73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{06559611-0CFD-4D2D-952F-02EA94EA36EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{07F22E24-1C17-4D55-86EE-1ABE2C7E7E96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10AE989F-579E-4B13-A9E8-C71942E72CFB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{153E7B1C-3844-4C89-AE60-CEE16C5C91F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{18AD8DA3-6419-4781-83E3-7DCA69B1E1B9}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{1F453692-CF56-4F03-A44E-CF58229B33EC}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1FBC6CF5-FA0B-46F2-8604-BBA885D4E688}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{27C699ED-BA41-412F-A1D6-1E23688E02FA}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{28E8D959-A292-4A9D-A4DA-023EFBF73956}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2CFB4263-3AAC-4F50-9D81-716CEFA9EE91}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{308375B0-E6A5-45C9-B6C2-C33195A23451}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{30F52A17-144F-42D4-AF7D-B55C92F14D3A}" = protocol=17 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{31A01EBC-27D4-4B03-B90E-B1A02925962E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{372A1BB3-9654-406B-A58E-30CE712627A0}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{38518894-9633-45D5-91E4-C253C45CCF66}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{3DD07783-5077-487D-90E4-EBBF88858967}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{40468632-3EB5-4686-8B0A-147AB7E9FBBE}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5A607F64-2F31-4660-A010-39BCAEAD908A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6439DBB9-563D-44B9-9340-AE374D0C5609}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{69B1E271-68EE-400A-AF17-6FDA6319E11C}" = protocol=6 | dir=out | app=system |
"{70AA663A-D5A0-4794-84CD-C75EF28DE85F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{70CE5963-51D5-4318-8AD5-A906EE587D04}" = protocol=6 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{73BBCD6E-1BF2-4436-829C-ABB3F04C0309}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{7C7DE759-F814-4468-B903-60D3A3397027}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{85CC3716-4DA1-4CA1-A5EA-35E2405BDD69}" = protocol=6 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\apb.exe |
"{95678880-6B2A-4265-A8B1-9DE6EEF7C9DE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9733BB6C-12DB-452E-8543-46A84EABC6CD}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9D5F0A34-F7F1-4811-B0EE-0C6C71D16E33}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{9EBD7D84-07FC-4D0B-9824-EB4DBF3C1048}" = protocol=17 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\apb.exe |
"{A5836CF6-218C-411C-8CC7-8485C4F3A3BB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AB762D2D-6ACC-4E66-BA91-5CB0DA23844D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B0FD8DFE-C212-47DC-9E0F-FB5283AAFD28}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{B18DCE48-893E-45F3-8A89-C17EF99194CA}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B8455A61-CDD0-422C-BDBB-01EE7A00A727}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B930225F-6DE6-4E46-9095-1293C436CE0F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{BA37A206-D335-4D54-90F0-FD215ADA6677}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C601930B-4156-4391-A33D-14974DDC5680}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{C9A1290A-407B-43CE-BEC5-908FBB35B183}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{CE936ED1-BF89-4761-8A19-617FF3F786ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D06A94E4-F572-4226-95D7-465159EA5B54}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D3172ED9-F182-4933-BFA4-1B14AA27737B}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{D67060E0-0A25-40D3-99E7-FDF0EDD2AF8B}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |
"{DA1DE12D-5AF6-47BF-8144-CF790DED3D55}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DD8BB362-6065-4C09-98DB-0F80C4EE0475}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |
"{DF07185E-961D-426F-86B2-AE4C719579F6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{EA9B05B5-306A-40D7-A9D2-B64E678008F9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{EB1E7188-6509-4281-B6DC-15B7C29CF49E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F225C347-9EC2-48F2-8F24-5C6B351AC592}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{A3DDEF75-AF54-483C-9ADA-B09AF41FBEAB}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{7978CBC0-0184-4973-A692-05B3EB3BAB73}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{16793295-2366-40F7-A045-A3E42A81365E}" = Bing Bar
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.442
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = KMPlayer Toolbar
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C90B0A63-978E-406C-A2E0-CFACE9C13B87}" = ESET Smart Security
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"APB Reloaded" = APB Reloaded
"Battlelog Web Plugins" = Battlelog Web Plugins
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"GamersFirst LIVE!" = GamersFirst LIVE!
"incredibar" = Incredibar Toolbar  on IE and Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"TeamViewer 7" = TeamViewer 7
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VLC media player 2.0.1
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.07.2012 13:39:43 | Computer Name = atrox1000-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:  0x8007043C
 
Error - 29.07.2012 13:39:43 | Computer Name = atrox1000-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
 
Error - 29.07.2012 13:46:21 | Computer Name = atrox1000-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 29.07.2012 13:55:42 | Computer Name = atrox1000-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:  0x8007043C
 
Error - 29.07.2012 13:55:42 | Computer Name = atrox1000-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
 
Error - 29.07.2012 13:57:18 | Computer Name = atrox1000-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 29.07.2012 14:05:39 | Computer Name = atrox1000-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.62.0.87, Zeitstempel:
 0x4fc6d5ba  Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7b972  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001604c  ID des fehlerhaften
 Prozesses: 0x598  Startzeit der fehlerhaften Anwendung: 0x01cd6db4adaeefba  Pfad der
 fehlerhaften Anwendung: E:\Malwarebytes' Anti-Malware\mbam.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\OLEAUT32.dll  Berichtskennung: 0098418c-d9a8-11e1-b637-e0cb4ee7c9b7
 
Error - 29.07.2012 15:25:07 | Computer Name = atrox1000-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:  0x8007043C
 
Error - 29.07.2012 15:25:07 | Computer Name = atrox1000-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
 
Error - 29.07.2012 15:25:49 | Computer Name = atrox1000-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 29.07.2012 15:25:07 | Computer Name = atrox1000-PC | Source = DCOM | ID = 10005
Description =
 
Error - 29.07.2012 15:25:14 | Computer Name = atrox1000-PC | Source = DCOM | ID = 10005
Description =
 
Error - 29.07.2012 15:25:15 | Computer Name = atrox1000-PC | Source = DCOM | ID = 10005
Description =
 
Error - 29.07.2012 15:25:15 | Computer Name = atrox1000-PC | Source = DCOM | ID = 10005
Description =
 
Error - 29.07.2012 15:25:16 | Computer Name = atrox1000-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 29.07.2012 15:25:16 | Computer Name = atrox1000-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 29.07.2012 15:25:16 | Computer Name = atrox1000-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 29.07.2012 15:25:16 | Computer Name = atrox1000-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 29.07.2012 15:25:16 | Computer Name = atrox1000-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 29.07.2012 15:25:16 | Computer Name = atrox1000-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
 
< End of report >
--- --- ---

markusg 29.07.2012 21:29
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [RpcPing] C:\Users\atrox1000\AppData\Local\Microsoft\Windows\2795\RpcPing.exe ()
 :Files
C:\Users\atrox1000\AppData\Local\Microsoft\Windows\2795
:Commands
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)


für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel

Atrox 29.07.2012 21:50
so okey ich konnte das problemlos hochladen und bin jetz schon auf dem pc wieder drauf wo das problem war ist der jetz wieder frei von allem?

markusg 29.07.2012 22:18
nein, ich warte erst mal auf den upload vom java cache, danach gehts weiter.

Atrox 29.07.2012 22:20
okey ich bedanke mich schonmal herzlich

markusg 29.07.2012 22:24
bei name, natürlich deinen nutzernamen einsetzen.

Atrox 29.07.2012 22:30
ähm wie meinste das habe ich gemacht.. nutzername Atrox soll ich es nochmal machen?

markusg 29.07.2012 22:46
du sollst bitte den java cache hochladen, bisher ist "nur" moved files oben.
evtl. ist er zu groß,
dann:
File-Upload.net - Ihr kostenloser File Hoster!
dort hochladen, link als private nachicht an mich.

markusg 30.07.2012 17:42
ok
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Atrox 30.07.2012 17:48
sorry hatte nicht die seite 2 gesehen

File-Upload.net - ComboFix.txt

war das alles also ist der pc jetzt wieder frei?

ich muss nochmal blöd nachfragen ist der trojaner damit komplett entfernt? wenn ja vielen dank

markusg 02.08.2012 18:08
poste das log mal hier im forum

Atrox 02.08.2012 18:46
hxxp://www.file-upload.net/download-4627708/ComboFix.txt.html

http* ändert sich immer in xx keine ahnung warum

markusg 02.08.2012 19:27
du sollst das log hier im forum anhängen!


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:44 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131