| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weißer Bildschirm beim Starten von Windows 7(64bit)!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.03.2013, 13:58
| #1 |
| |  Weißer Bildschirm beim Starten von Windows 7(64bit)! Hallo Trojaner Board Team, seit gestern ist beim Dowloaden aus dem Internet mein Bildschirm weiß geworden und selbst nach mehreren Hochfahrversuchen ändert sich nichts. Der Abgesicherte Modus funktioniert nur mit Eingabeaufforderung. Aus diesem habe ich einen Abzug mit FRST gemacht: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 10 days old) Ran by SYSTEM at 23-03-2013 13:00:45 Running from K:\ Windows 7 Home Premium (X64) OS Language: German Standard The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM-x32\...\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin) HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [281768 2010-11-03] (Avira GmbH) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1646216 2013-01-24] (Ask) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated) HKU\Kevin Rupprecht\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1597864 2013-02-15] (Valve Corporation) HKU\Kevin Rupprecht\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x] HKU\Kevin Rupprecht\...\Run: [ICQ] "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 [133432 2011-01-05] (ICQ, LLC.) HKU\Kevin Rupprecht\...\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S88EE.tmp" /EF "HKCU" [224768 2009-09-14] (SEIKO EPSON CORPORATION) HKU\Kevin Rupprecht\...\Run: [fedja] c:\users\kevinr~1\appdata\local\temp\gagx.ee [x] HKU\Kevin Rupprecht\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17706088 2013-02-07] (Skype Technologies S.A.) HKU\Kevin Rupprecht\...\Winlogon: [Shell] explorer.exe,C:\Users\Kevin Rupprecht\AppData\Roaming\skype.dat [102400 2011-11-17] () Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Startup: C:\ProgramData\Start Menu\Programs\Startup\EIZO ScreenSlicer.lnk ShortcutTarget: EIZO ScreenSlicer.lnk -> C:\Windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe (Macrovision Corporation) Startup: C:\Users\Kevin Rupprecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\Kevin Rupprecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Kevin Rupprecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Socialbox.lnk ShortcutTarget: Socialbox.lnk -> C:\Program Files (x86)\Socialbox\Socialbox.exe (No File) ==================== Services (Whitelisted) =================== 2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [136360 2011-05-14] (Avira GmbH) 2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [269480 2011-07-28] (Avira GmbH) 2 AVM IGD CTRL Service; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [81920 2005-11-21] (AVM Berlin) 2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin) 3 de_serv; C:\Program Files (x86)\Common Files\AVM\de_serv.exe [315392 2005-11-21] (AVM Berlin) 2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [246520 2010-03-28] () 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-08-08] () ==================== Drivers (Whitelisted) ===================== 2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2010-01-31] () 2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [88288 2011-07-28] (Avira GmbH) 1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [123784 2011-07-28] (Avira GmbH) 3 avmeject; C:\Windows\System32\Drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin) 3 EagleX64; C:\Windows\System32\Drivers\EagleX64.sys [116312 2010-08-02] (AhnLab, Inc.) 3 FWLANUSB; C:\Windows\System32\Drivers\FWLANUSB.sys [460800 2009-03-20] (AVM GmbH) 1 kl1; C:\Windows\System32\Drivers\kl1.sys [156688 2009-06-15] (Kaspersky Lab) 1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [26640 2009-05-15] (Kaspersky Lab) 2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2010-01-31] () 2 PLCNDIS5; C:\Windows\system32\plcndis5.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-03-23 13:00 - 2013-03-23 13:00 - 00000000 ____D C:\FRST 2013-03-22 21:20 - 2013-03-22 21:27 - 00000004 ____A C:\Users\Kevin Rupprecht\AppData\Roaming\skype.ini 2013-03-16 17:41 - 2013-02-02 08:31 - 17815040 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-03-16 17:41 - 2013-02-02 07:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-03-16 17:41 - 2013-02-02 07:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-03-16 17:41 - 2013-02-02 07:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-03-16 17:41 - 2013-02-02 07:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-03-16 17:41 - 2013-02-02 07:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-03-16 17:41 - 2013-02-02 07:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-03-16 17:41 - 2013-02-02 07:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-03-16 17:41 - 2013-02-02 07:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-03-16 17:41 - 2013-02-02 07:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-03-16 17:41 - 2013-02-02 07:41 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-03-16 17:41 - 2013-02-02 07:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-03-16 17:41 - 2013-02-02 07:39 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-03-16 17:41 - 2013-02-02 07:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-03-16 17:41 - 2013-02-02 07:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-03-16 17:41 - 2013-02-02 07:34 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-03-16 17:41 - 2013-02-02 05:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-03-16 17:41 - 2013-02-02 04:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-03-16 17:41 - 2013-02-02 04:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-03-16 17:41 - 2013-02-02 04:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-03-16 17:41 - 2013-02-02 04:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-03-16 17:41 - 2013-02-02 04:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-03-16 17:41 - 2013-02-02 04:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-03-16 17:41 - 2013-02-02 04:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-03-16 17:41 - 2013-02-02 04:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-03-16 17:41 - 2013-02-02 04:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-03-16 17:41 - 2013-02-02 04:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-03-16 17:41 - 2013-02-02 04:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-03-16 17:41 - 2013-02-02 04:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-03-16 17:41 - 2013-02-02 04:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-03-16 17:41 - 2013-02-02 04:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-03-16 17:41 - 2013-02-02 04:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll ==================== One Month Modified Files and Folders ======= 2013-03-23 13:00 - 2013-03-23 13:00 - 00000000 ____D C:\FRST 2013-03-22 21:27 - 2013-03-22 21:20 - 00000004 ____A C:\Users\Kevin Rupprecht\AppData\Roaming\skype.ini 2013-03-22 21:27 - 2012-12-17 21:11 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-03-22 21:27 - 2010-05-22 19:55 - 00000000 ____D C:\Users\Kevin Rupprecht\AppData\Roaming\Skype 2013-03-22 21:27 - 2010-05-10 12:43 - 00000000 ____D C:\Program Files (x86)\Steam 2013-03-22 21:26 - 2010-02-09 18:51 - 00000000 ____D C:\ProgramData\NVIDIA 2013-03-22 21:26 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-03-22 21:26 - 2009-07-14 05:51 - 03376214 ____A C:\Windows\setupact.log 2013-03-22 21:25 - 2010-12-07 22:23 - 00000000 ____D C:\Users\Kevin Rupprecht\AppData\Local\Deployment 2013-03-22 21:12 - 2012-06-26 17:18 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-03-22 20:28 - 2012-12-17 21:11 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-03-22 18:30 - 2009-07-14 05:45 - 00014928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-03-22 18:30 - 2009-07-14 05:45 - 00014928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-03-22 18:28 - 2010-01-26 15:34 - 01145668 ____A C:\Windows\WindowsUpdate.log 2013-03-21 19:56 - 2011-10-27 14:45 - 00000000 ____D C:\Program Files (x86)\Origin 2013-03-20 18:14 - 2012-08-24 14:17 - 00000000 ____D C:\Program Files (x86)\Diablo III 2013-03-18 18:41 - 2009-07-14 18:58 - 01313378 ____A C:\Windows\System32\perfh007.dat 2013-03-18 18:41 - 2009-07-14 18:58 - 00335868 ____A C:\Windows\System32\perfc007.dat 2013-03-18 18:41 - 2009-07-14 06:13 - 00005210 ____A C:\Windows\System32\PerfStringBackup.INI 2013-03-16 19:52 - 2011-08-28 10:43 - 00000000 ____D C:\Users\Kevin Rupprecht\Documents\StarCraft II 2013-03-16 19:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-03-16 19:20 - 2011-08-28 10:43 - 00000000 ____D C:\Program Files (x86)\StarCraft II 2013-03-16 17:43 - 2010-02-01 16:39 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-03-16 17:38 - 2012-12-17 21:12 - 00002190 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-03-16 16:15 - 2012-06-26 17:18 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-03-16 16:15 - 2011-11-30 15:06 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-03-04 18:25 - 2010-06-08 14:19 - 00000000 ____D C:\Users\Kevin Rupprecht\Desktop\Spiele 2013-02-28 00:55 - 2009-07-14 06:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-03-17 19:20:44 Restore point made on: 2013-03-22 18:26:47 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 4095.24 MB Available physical RAM: 3510.55 MB Total Pagefile: 4093.39 MB Available Pagefile: 3497.5 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Partitions ============================= 1 Drive c: (Windows) (Fixed) (Total:465.56 GB) (Free:71.68 GB) NTFS 7 Drive j: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS 8 Drive k: (Cruzer) (Removable) (Total:3.74 GB) (Free:0.3 GB) FAT32 9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 10 Drive y: (System) (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)] Datentr„ger ### Status Gr”áe Frei Dyn GPT --------------- ------------- ------- ------- --- --- Datentr„ger 0 Online 465 GB 0 B Datentr„ger 1 Kein Medium 0 B 0 B Datentr„ger 2 Kein Medium 0 B 0 B Datentr„ger 3 Kein Medium 0 B 0 B Datentr„ger 4 Kein Medium 0 B 0 B Datentr„ger 5 Online 3835 MB 0 B Partitions of Disk 0: =============== Datentr„ger-ID: 5E56817A Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 200 MB 1024 KB Partition 2 Prim„r 465 GB 201 MB ================================================================================== Disk: 0 Partition 1 Typ : 07 Versteckt: Nein Aktiv : Ja Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 Y System NTFS Partition 200 MB Fehlerfre ========================================================= Disk: 0 Partition 2 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C Windows NTFS Partition 465 GB Fehlerfre ========================================================= Partitions of Disk 5: =============== Datentr„ger-ID: 00000000 Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 3827 MB 19 KB ================================================================================== Disk: 5 Partition 1 Typ : 0B Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 8 K Cruzer FAT32 Wechselmed 3827 MB Fehlerfre ========================================================= ============================== MBR Partition Table ================== ============================== Partitions of Disk 0: =============== Disk ID: 5E56817A Partition 1: ========= Hex: 80202100079F06190008000000400600 Active: YES Type: 07 (NTFS) Size: 200 MB Partition 2: ========= Hex: 009F071907FEFFFF004806000010323A Active: NO Type: 07 (NTFS) Size: 466 GB ============================== Partitions of Disk 5: =============== Disk ID: 00000000 Partition 1: ========= Hex: 000027000BFE7FE726000000C29F7700 Active: NO Type: 0B Size: 4 GB Last Boot: 2013-03-16 19:30 ==================== End Of Log ============================= Bitte um schnelle Hilfe und Rat! |
|
23.03.2013, 15:00
| #2 |
| /// TB-Ausbilder   | Weißer Bildschirm beim Starten von Windows 7(64bit)! Hallo Keru20 und
__________________ Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten. Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist. Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.  Hinweise zum Ablauf
Schritt 1 entfernt den Sperrbildschirm, so dass du die weiteren Schritte wieder im normalen Modus ausführen kannst. Schritt 1 Drücke auf einem Zweitrechner bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument: Code:
ATTFilter HKU\Kevin Rupprecht\...\Run: [fedja] c:\users\kevinr~1\appdata\local\temp\gagx.ee [x]
HKU\Kevin Rupprecht\...\Winlogon: [Shell] explorer.exe,C:\Users\Kevin Rupprecht\AppData\Roaming\skype.dat [102400 2011-11-17] ()
C:\Users\Kevin Rupprecht\AppData\Roaming\skype.dat
2013-03-22 21:20 - 2013-03-22 21:27 - 00000004 ____A C:\Users\Kevin Rupprecht\AppData\Roaming\skype.ini
Schritt 2 Downloade dir bitte defogger (von jpshortstuff) auf deinen Desktop.
Schritt 3 Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
Schritt 4 Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ |
|
23.03.2013, 22:29
| #3 |
| | Weißer Bildschirm beim Starten von Windows 7(64bit)! Danke schonmal bis hierhin Leo,
__________________das ist der text der Fixdatei: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013 Ran by Kevin Rupprecht at 2013-03-23 22:22:06 Run:1 Running from F:\ ATTENTION: THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY. ============================================== HKEY_USERS\Kevin Rupprecht\Software\Microsoft\Windows\CurrentVersion\Run\\fedja Value not found. HKEY_USERS\Kevin Rupprecht\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value not found. C:\Users\Kevin Rupprecht\AppData\Roaming\skype.dat moved successfully. C:\Users\Kevin Rupprecht\AppData\Roaming\skype.ini moved successfully. ==== End of Fixlog ==== Eine Frage zu den Nächsten Schritten soll ich die Dateien auf den infizierten rechner auf den Desktop ziehen oder auf den 2ten Rechner? |
|
23.03.2013, 22:43
| #4 | |
| /// TB-Ausbilder | Weißer Bildschirm beim Starten von Windows 7(64bit)! Hallo, kannst du jetzt den infizierten Rechner wieder normal aufstarten? Zitat:
__________________ cheers, Leo |
|
24.03.2013, 11:14
| #5 |
| | Weißer Bildschirm beim Starten von Windows 7(64bit)! Hallo, ja ich kann den Rechner normal hochfahren, nur beim scannen mit GMER allerdings entsteht während des scannens ein Bluescreen ich versuche es nochmal. Falls das problem bleiben solltewie soll ich dann agieren? Hallo, habe es geschafft den Scan von GMER zu beenden: Gmer.txt:GMER Logfile: Code:
ATTFilter GMER 2.1.19155 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-03-24 11:57:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 STM3500418AS rev.CC38 465,76GB
Running: brsq2onb.exe; Driver: C:\Users\KEVINR~1\AppData\Local\Temp\awloqpod.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[2152] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073da1a22 2 bytes [DA, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2152] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073da1ad0 2 bytes [DA, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2152] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073da1b08 2 bytes [DA, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2152] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073da1bba 2 bytes [DA, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2152] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073da1bda 2 bytes [DA, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077bc1465 2 bytes [BC, 77]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077bc14bb 2 bytes [BC, 77]
.text ... * 2
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077bc1465 2 bytes [BC, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077bc14bb 2 bytes [BC, 77]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077bc1465 2 bytes [BC, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077bc14bb 2 bytes [BC, 77]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167c5c890
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167c5c890@bc4760aaf65d 0xF2 0x6B 0x7D 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167c5c890 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167c5c890@bc4760aaf65d 0xF2 0x6B 0x7D 0x37 ...
---- EOF - GMER 2.1 ----
OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.03.2013 12:13:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kevin Rupprecht\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 64,56% Memory free 8,00 Gb Paging File | 6,11 Gb Available in Paging File | 76,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,56 Gb Total Space | 70,99 Gb Free Space | 15,25% Space Free | Partition Type: NTFS Drive E: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 3,74 Gb Total Space | 0,30 Gb Free Space | 8,10% Space Free | Partition Type: FAT32 Computer Name: KEVIN-PC | User Name: Kevin Rupprecht | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.24 12:11:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin Rupprecht\Desktop\OTL.exe PRC - [2013.03.16 16:15:42 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe PRC - [2013.02.15 13:08:24 | 001,597,864 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe PRC - [2013.02.15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2013.01.24 14:18:46 | 001,646,216 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.08.25 14:10:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.08.08 16:37:07 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.07.28 17:37:26 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.14 13:45:26 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.03 14:52:17 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.03.28 15:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.02.01 12:12:48 | 000,673,456 | ---- | M] (EIZO NANAO CORPORATION) -- C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe PRC - [2009.08.19 10:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2009.08.19 10:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2009.03.20 02:03:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2005.11.21 11:34:24 | 000,081,920 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE ========== Modules (No Company Name) ========== MOD - [2013.03.16 16:15:41 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll MOD - [2013.02.15 13:08:20 | 000,988,584 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2013.01.22 04:22:06 | 020,320,680 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012.12.18 18:28:50 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL.dll MOD - [2012.12.11 09:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012.12.11 09:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012.12.11 09:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2012.08.25 14:10:18 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2009.08.18 15:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Services (SafeList) ========== SRV - [2013.03.16 16:15:43 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.08.25 14:10:18 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.08 16:37:07 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.07.28 17:37:26 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.14 13:45:26 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.28 15:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.09.14 04:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) SRV - [2009.09.14 04:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2005.11.21 11:34:24 | 000,081,920 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service) SRV - [2005.11.21 10:48:06 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\AVM\de_serv.exe -- (de_serv) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.07.28 17:37:26 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.28 17:37:26 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.02 13:58:14 | 000,116,312 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EagleX64.sys -- (EagleX64) DRV:64bit: - [2010.01.31 13:43:49 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.01.31 13:43:49 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.15 14:01:06 | 000,156,688 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.15 18:50:26 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009.03.20 02:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2004.05.17 10:21:54 | 000,017,280 | ---- | M] (Intellon, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\plcndis5.sys -- (PLCNDIS5) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = PC-Systeme, Billige Computer, PC Komponenten, PC-Shop - CSL Computer Online-Shop IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\SearchScopes\{5A1C37E2-366D-4A76-9E38-741E76530254}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IEOB04 IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\SearchScopes\{FB692D14-C96C-4019-B5A5-1C9B838D3A43}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=3efb83ab-7c10-46af-9b33-47a49d8f10b0&apn_sauid=CEF59B14-592A-44EE-9CDE-0E64DC25E687 IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com/?l=dis&o=1586&gct=hp" FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.9 FF - prefs.js..extensions.enabledAddons: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}:10.14.65.43 FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.5 FF - prefs.js..extensions.enabledAddons: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.18.0.7 FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.1.6 FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.15.100013 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.25 14:10:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.23 11:49:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.25 14:10:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.23 11:49:59 | 000,000,000 | ---D | M] [2010.02.01 16:20:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\Extensions [2013.03.24 12:03:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\Firefox\Profiles\q1z609gz.default\extensions [2013.03.24 12:03:31 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\Firefox\Profiles\q1z609gz.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} [2012.04.10 10:14:52 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\Firefox\Profiles\q1z609gz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2013.03.24 12:03:36 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\Firefox\Profiles\q1z609gz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.05.07 11:55:40 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\Firefox\Profiles\q1z609gz.default\extensions\engine@conduit.com [2013.02.16 12:48:38 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\Firefox\Profiles\q1z609gz.default\extensions\toolbar@ask.com [2013.03.24 12:02:26 | 000,549,639 | ---- | M] () (No name found) -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\extensions\toolbar@web.de.xpi [2012.12.13 21:01:06 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.03.24 12:03:55 | 000,001,050 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\11-suche.xml [2013.03.24 11:09:17 | 000,002,404 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\askcom.xml [2010.08.02 18:27:11 | 000,000,873 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\conduit.xml [2013.03.24 12:03:55 | 000,002,418 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\englische-ergebnisse.xml [2013.03.24 12:03:55 | 000,010,701 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\gmx-suche.xml [2013.03.24 11:10:50 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-1.xml [2011.03.23 21:28:10 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-10.xml [2011.04.30 09:43:18 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-11.xml [2011.05.05 21:07:44 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-12.xml [2011.06.24 09:24:28 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-13.xml [2011.07.20 14:07:47 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-14.xml [2011.08.17 15:03:24 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-15.xml [2011.08.28 10:12:14 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-16.xml [2011.09.01 17:41:49 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-17.xml [2011.09.09 06:05:22 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-18.xml [2011.10.01 18:34:42 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-19.xml [2010.07.24 10:32:15 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-2.xml [2011.10.03 20:34:50 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-20.xml [2011.11.08 14:18:40 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-21.xml [2011.11.12 12:32:52 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-22.xml [2011.12.01 22:26:13 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-23.xml [2011.12.21 20:38:27 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-24.xml [2012.01.25 12:18:36 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-25.xml [2012.02.19 18:10:57 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-26.xml [2012.04.12 15:51:42 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-27.xml [2012.05.03 19:51:24 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-28.xml [2012.05.17 10:29:26 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-29.xml [2010.07.26 13:34:10 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-3.xml [2012.06.19 10:18:00 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-30.xml [2012.06.22 22:32:16 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-31.xml [2012.09.06 17:56:39 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-32.xml [2010.08.08 17:10:53 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-4.xml [2010.10.31 13:21:28 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-5.xml [2010.11.04 15:15:30 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-6.xml [2010.12.16 15:50:43 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-7.xml [2011.03.02 15:44:23 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-8.xml [2011.03.05 16:57:17 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-9.xml [2010.06.29 18:24:01 | 000,001,056 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin.xml [2013.03.24 12:03:55 | 000,002,432 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\lastminute.xml [2013.03.24 12:03:54 | 000,005,682 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\webde-suche.xml [2012.02.19 13:39:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.18 18:19:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.08.25 14:10:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.04.12 15:51:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.12 15:51:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.12 15:51:14 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.12 15:51:14 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.12 15:51:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.12 15:51:14 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: Google CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S88EE.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000..\Run: [fedja] c:\users\kevinr~1\appdata\local\temp\gagx.ee File not found O4 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Kevin Rupprecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\Kevin Rupprecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Kevin Rupprecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Socialbox.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kevin Rupprecht\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kevin Rupprecht\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F69F1E49-2552-4A3B-8FF6-E6D59CEAE498}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000 Winlogon: Shell - (C:\Users\Kevin Rupprecht\AppData\Roaming\skype.dat) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.06 13:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{873e6b01-0a7e-11df-81f5-0030672e0c7b}\Shell - "" = AutoRun O33 - MountPoints2\{873e6b01-0a7e-11df-81f5-0030672e0c7b}\Shell\AutoRun\command - "" = I:\pushinst.exe O33 - MountPoints2\{94630b5a-0e22-11e2-b5d3-001f3f005902}\Shell - "" = AutoRun O33 - MountPoints2\{94630b5a-0e22-11e2-b5d3-001f3f005902}\Shell\AutoRun\command - "" = IomegaEncryptionSetup v1.3.exe O33 - MountPoints2\{a528bc2d-0d93-11df-af6a-0030672e0c7b}\Shell - "" = AutoRun O33 - MountPoints2\{a528bc2d-0d93-11df-af6a-0030672e0c7b}\Shell\AutoRun\command - "" = J:\pushinst.exe O33 - MountPoints2\{d2d26752-56b2-11df-b6c6-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d2d26752-56b2-11df-b6c6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007.10.23 08:45:39 | 001,336,632 | R--- | M] () O33 - MountPoints2\{e6ac0c9b-cca7-11df-af74-00040eca3bec}\Shell - "" = AutoRun O33 - MountPoints2\{e6ac0c9b-cca7-11df-af74-00040eca3bec}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007.10.23 08:45:39 | 001,336,632 | R--- | M] () O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007.10.23 08:45:39 | 001,336,632 | R--- | M] () O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.24 12:11:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin Rupprecht\Desktop\OTL.exe [2013.03.23 13:00:41 | 000,000,000 | ---D | C] -- C:\FRST [2013.03.16 17:41:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.16 17:41:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.16 17:41:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.16 17:41:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.16 17:41:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.16 17:41:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.16 17:41:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.16 17:41:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.16 17:41:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.16 17:41:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.16 17:41:52 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.16 17:41:52 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.16 17:41:50 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.16 17:41:50 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.16 17:41:50 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.24 12:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.24 12:11:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin Rupprecht\Desktop\OTL.exe [2013.03.24 12:09:19 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 12:09:19 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 12:00:27 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.24 12:00:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.24 12:00:09 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2013.03.24 11:28:10 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.24 11:11:06 | 000,377,856 | ---- | M] () -- C:\Users\Kevin Rupprecht\Desktop\brsq2onb.exe [2013.03.24 11:02:28 | 861,817,464 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.23 22:42:10 | 000,000,000 | ---- | M] () -- C:\Users\Kevin Rupprecht\defogger_reenable [2013.03.18 18:41:57 | 001,313,378 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.18 18:41:57 | 000,811,514 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.18 18:41:57 | 000,335,868 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.18 18:41:57 | 000,291,056 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.18 18:41:57 | 000,005,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.16 17:38:01 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.16 16:15:42 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.16 16:15:42 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.24 11:11:02 | 000,377,856 | ---- | C] () -- C:\Users\Kevin Rupprecht\Desktop\brsq2onb.exe [2013.03.23 22:42:10 | 000,000,000 | ---- | C] () -- C:\Users\Kevin Rupprecht\defogger_reenable [2013.02.07 15:31:35 | 000,007,606 | ---- | C] () -- C:\Users\Kevin Rupprecht\AppData\Local\Resmon.ResmonCfg [2013.02.06 15:18:00 | 000,002,802 | ---- | C] () -- C:\ProgramData\8824285.js [2013.02.06 15:18:00 | 000,000,153 | ---- | C] () -- C:\ProgramData\8824285.reg [2013.02.06 15:18:00 | 000,000,063 | ---- | C] () -- C:\ProgramData\8824285.bat [2013.02.06 15:17:59 | 095,023,320 | ---- | C] () -- C:\ProgramData\8824285.pad [2012.12.12 21:27:51 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.01.28 19:20:35 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010.05.22 19:57:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > OTL Extra:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.03.2013 12:13:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kevin Rupprecht\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 64,56% Memory free
8,00 Gb Paging File | 6,11 Gb Available in Paging File | 76,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,56 Gb Total Space | 70,99 Gb Free Space | 15,25% Space Free | Partition Type: NTFS
Drive E: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 3,74 Gb Total Space | 0,30 Gb Free Space | 8,10% Space Free | Partition Type: FAT32
Computer Name: KEVIN-PC | User Name: Kevin Rupprecht | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1005622917-2267154051-3518905094-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0737AB26-3458-4523-BDA2-F3BD18648F59}" = lport=2869 | protocol=6 | dir=in | app=system |
"{18CFE4D6-8524-40C2-9030-479FC7906DE8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2EBA891E-EB71-47D7-AAF1-75F27B3BA894}" = rport=445 | protocol=6 | dir=out | app=system |
"{38365BAE-3D37-426D-9ABB-CEEA55497323}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{434D72C5-3B87-487A-9C37-8BBA49701F41}" = rport=137 | protocol=17 | dir=out | app=system |
"{4B9CE39C-3B96-4AFD-9245-E79BA01DB8D1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4E20D78D-6833-48CF-99F9-000EF7FED156}" = lport=10243 | protocol=6 | dir=in | app=system |
"{537B64D7-062B-4979-8B04-C9A411FB7210}" = lport=138 | protocol=17 | dir=in | app=system |
"{5D7EA4A1-FF41-47A9-B726-A2AE4E239697}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{65381E3A-36AF-44F8-9FC3-9F3B04132CBD}" = rport=139 | protocol=6 | dir=out | app=system |
"{84359739-E897-467C-8AA9-EE9871D7F755}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8ED814B0-50D2-4405-8121-6056E082EB6E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9C4045EC-407C-48A7-809F-0B5793B940AE}" = lport=445 | protocol=6 | dir=in | app=system |
"{A4701801-0ACB-4B5B-BC73-4C2475EB80D3}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{ABD9B792-8F69-412C-A8FF-1B454863C49A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AE357CC3-EC03-4364-B384-68EBFD684ADA}" = rport=138 | protocol=17 | dir=out | app=system |
"{BE848624-4133-4DDA-A176-6DC1571D8A4B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C8954530-F66C-4C05-A5E2-7AB82C0C7771}" = lport=139 | protocol=6 | dir=in | app=system |
"{CCF2F4FF-662F-4FE8-9864-A9FB93810D8C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CE5BF3F8-164E-4870-82B5-AE739AC47CBE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D561B2CD-0BAA-4E66-BC49-8F5845824D53}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D7678F75-998F-4F67-8A27-E4B4B13B45DF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E4167873-F1FF-4CAB-BD86-F17E6AAD658A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EF5B6706-723B-448E-B63E-42AF59791F06}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0249FE82-60D0-4DD1-9C79-72793659E4C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{039453DF-1590-48D3-B915-1132D16F6CF0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{04784CED-DE4F-439D-92F1-1DF5C6F0DAB9}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{04928028-6E38-42A0-A3D1-FB25FEF0FFA1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{0DBC00A4-7FA4-4735-B3A6-BB8E02C1937B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{0EF1B0C8-51DA-487F-96E1-AA6B549147F0}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{102C3834-0C6E-45FE-BBBE-D40A3501AF8F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{1310868D-3E67-43B0-99B3-35B0AB87A7E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{17EA3800-C7C1-43D5-9BA8-BE1829DCAEA3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{19BCCBEF-BAFD-4590-B15C-46DAF8229830}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe |
"{1FB0FDED-C06C-4EA0-843C-BDE326399D82}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{1FC1F0E0-3C48-4F7E-89F7-D0B3DCB1C789}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{22FB4A16-D9AC-47F5-A56C-31701D4B1378}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{24085D5C-C151-439E-99DB-DF785F53B5A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2460D172-D816-469A-AAD0-319CE52EF85A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2C480D3A-0499-479A-BBA0-EA8B8EAA7B5A}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{2CE9904A-BCD5-4BBC-A43E-2765EB1BDB8E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{32E48C74-0263-4691-A8BD-CA4BFC1D0171}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{342454D2-1B09-427F-8A82-C7EE9865C83E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{3D6CFF36-A8E0-48FF-9511-31F899E76514}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{3E1293CC-2285-4422-9E27-52BD501DBBE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{3F1E6F31-6B5D-4858-ADD0-C7ECD2F2E4CC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{3F56C874-6596-4125-946A-2132330E3A9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{405013A8-B035-419A-9216-F6DCCF8D7388}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{40897212-A451-47A9-8BF5-0643E2695100}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{40FF9518-538F-4EC3-9D16-A8A8CD95C6D0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{43C2A959-A84E-45A6-9AA6-46FCFC1EA0BF}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{452367AD-CCCA-44C6-B7F2-560EF04126E3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{458B8D23-C2B2-40BA-B856-BCC0D0270312}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{4662E043-02C5-41B2-9DC7-CF0B5E9D9E4F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe |
"{4726C9CA-3466-4115-B3D6-33C9BBD57CFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{47EE115D-9268-4F0C-BA1B-91F822571A7D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{487DE61B-C8E7-4ED5-9CD5-4A474BEE929A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{4C6BD111-FD17-4B59-A1C1-12B67732F3D1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{4CB60283-D22A-42B2-9B6A-3DB034819425}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"{4F38513B-02D7-4DCF-86E3-C8D8A100B3F7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{4F72BA23-08F6-49A8-98DE-F50E408F4D99}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{50353F86-C651-4C71-B078-47EBC1EC41B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{538D3602-750C-4002-80BA-EB259115B919}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{587C6D81-A335-42B0-840E-EDDFC0003311}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{5B9A603A-EC78-4605-8B29-434A3E159DA8}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5C2B5D63-2773-4805-89B8-40B4BCA7FF88}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{612FA584-0383-4053-9272-CE20664197A6}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{64665C6C-876D-46C8-AD0B-BCED00412136}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{6730F9A0-3F09-4ED9-B2AF-7FD784E9193F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"{69E87F3B-9BBD-4E10-AB27-2713BCA6804E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{7078819F-7106-45E6-9B2E-D7DC400CF3F1}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{7524D911-87A0-46F6-A309-91774A98F089}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{769EA510-12D4-4595-849E-22D88FC98D54}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{774ABAED-8BBB-40CE-8B8F-B0E3793C4386}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{778C5FA0-3C5E-404E-9F54-321C66D9B004}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{787DC5A8-F136-4BC8-BE68-F8F2EAAE7E45}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{7D607F3F-8A72-4DBE-8063-0CD328A3EC8D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{820A1D3D-1B6C-4424-BC14-9F6280B07D48}" = protocol=6 | dir=out | app=system |
"{8440599D-89F3-4B39-87A7-1000475E760F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{84A896AF-B439-4752-9B80-5038D165C5B2}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{869DAB9E-3407-41AD-B2BD-F295902098C8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8E61D22F-16E9-472E-AB9B-D7EBC838F1B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E76206B-6D15-4A24-8D2A-8B2509FC7461}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{91398C7E-7610-49ED-AA05-F9999A97B800}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{92054382-A874-4327-BCDB-68125BCFE62A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{965DCC16-B5C7-4628-A79B-6CF43D9D5002}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{98D6F32D-30FC-4A27-A71B-4D6A7258C94C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{9E5B2966-A627-4F0E-A1FC-D9899509A25B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{9FCAC27B-D1F5-48BE-8498-CBEA3B8FEB58}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A125BC13-919E-487D-83BF-235BEA00AC6C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{A17661FD-4276-41A4-9933-F68C1B80CBED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5A47B43-4A44-4199-8806-FD7FFD08D755}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{A73B85D8-5DE3-4752-92E0-A4F1567E7AC6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A7428F67-FA2C-494D-BB0E-E8549E6700A1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A79A7290-6A43-48C7-8691-546982D4D131}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{AC5042B7-0DDA-4030-BA46-7DE95013E708}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B203072F-C637-4D66-9417-1596F0830F97}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B377B100-0C80-4927-9ABE-8123082B1B4C}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{B38889F6-7E84-494E-B49A-4C23C8139260}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{B64DEA85-3DE5-4142-B6E0-6AC77F8F0E3E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{B6629D1D-7D39-4E91-86FE-74A1FA1FCD8E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B722C4C8-4788-489A-8102-3869FDD01DAB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{BA5FFEF3-4F43-484D-8936-AF8D11374259}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"{BB2439C2-41A2-46B9-8336-25F8F249D007}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{BC66FCC3-83CB-4FD3-90D2-2549B58BAC61}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{BCC3E896-4019-4FA1-AFB3-D3EA3ADD2CAA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{BEF3DDBD-F829-4DAA-9207-F010414A372F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{BFD6484C-CDC9-4469-823E-0E5DC9F6D438}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C1A542DF-1CF0-41E6-83A1-41B7B5AB6E88}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{C4792008-5B06-4E1A-95F8-3432B9FC314D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C5AE0EC0-9CB9-4B57-AE4F-ECCD99EB11A4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{C77B5786-E495-46EF-B69A-511B4043ECCF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{C85A271A-CCD2-42EF-B7DB-0CAAA953A838}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CA3CCDC8-D517-4163-AD53-7065A4B98DC2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CC4B1811-135D-41BC-AB54-A004B7677523}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF07E7A2-50E3-4000-B7FD-CDF899AB5567}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"{CFD1065E-8A1A-4489-899D-50E8FD2529E2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{D2CF5260-16DB-46AA-8841-65B14A2B01C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D6BFDB55-ACFE-4E92-802D-493C248B9D06}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{D744D15B-C916-4172-89AF-8D5FA4A5BD71}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{DCAC835F-4E6A-431C-BCE2-5EA0F1C150A2}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{E0C8952C-42D0-4F59-8869-8B717B909200}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{E0E605D8-CCDE-4B8B-8FC1-272F55A31B11}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{E31714F8-250D-4072-8C73-B1A5275640EC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{E743CA97-D509-4CF7-B849-F480B65ECB7A}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{E988574C-2F43-4B80-862A-875E3C55CD6A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{EA33E27B-988E-43BA-8FB1-83B86B47BCDA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EAC037B4-7CD1-4CA2-8C85-36FB09E4A12E}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{EAC4DBEA-25E5-4B80-9C5C-EC8BC8D482F5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ECADF484-95AB-4395-AB69-66A1FF9564C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{F06E7FE6-3C5A-4BDE-9ADB-6FBDA28AC95C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{F0C708D7-3A2F-4E10-B293-80BB92E7AB28}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{F199C8B1-1143-42CC-8BA1-B23B41530675}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{F534CC38-46D2-4D9F-81FF-707BC87A77B7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F65A7785-1BB1-4140-839D-DFD19D4DE398}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FB55D9E9-7FBC-4EF2-9CD6-8327D5A2EF59}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FB705FEB-4B18-4258-AD27-0607FE4BCCFA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{01D468D9-7ED9-4B13-8242-6FFC48F0F44F}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{0CB2B74E-9555-47A1-91FC-9A7EFDE20E92}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"TCP Query User{0D49B20E-4065-42A1-A3CD-81868CE9643D}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{10E815B8-A2B1-464D-B340-4E833A73328A}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{1181332A-A3B4-4B1A-AAFF-F37E42A23250}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{161D8E85-C440-4775-AD67-9221BA74C0A8}C:\program files (x86)\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"TCP Query User{1B36FAE8-362E-43A3-99BE-10608276C1FB}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{1E0768AF-85BA-4E01-B2AF-2B41D726859A}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe |
"TCP Query User{36F863E1-E5D0-4554-86EF-8DFFA9B668E1}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe |
"TCP Query User{392908F0-B281-4894-AA71-653B1FFD39FC}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{3EBF8CB5-CE47-4B3A-8C8B-D75A9B83E587}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{4415540F-72D6-496A-836A-0697A01EAB1B}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"TCP Query User{4999E796-BC86-4331-AF79-C6BEE03597C2}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"TCP Query User{4A925B5F-44E0-4BA5-902A-6177530CFC63}C:\program files (x86)\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"TCP Query User{55B34791-7DE8-485C-8956-F5F43D405502}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{57E86690-6310-4050-91CC-78D36C3D7B42}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe |
"TCP Query User{59FEF450-B98B-4461-BDAE-CA6F39C9EE0D}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"TCP Query User{5CEF923E-09C5-4FC4-834F-09527236DCD2}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"TCP Query User{5D6D0FD1-A32F-4792-B67A-55B2427ECFDB}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{5FAE8001-324F-4EAF-9C55-25259E24DB24}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{661152F8-8195-4855-A4D6-7833D45DCA8C}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{66F7E17C-0518-4048-A4C0-27638E29DEF5}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{73457720-49BB-4563-899C-DA248AF13656}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{7400268E-C0F3-4AD8-9650-27A3B8E4AA24}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"TCP Query User{7650E8E6-0609-461F-BAA3-815B7C441A41}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"TCP Query User{7744EE4B-369D-449D-9D87-51A2B059358B}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"TCP Query User{7C9FD77F-CCA6-4B4B-AED9-B988316DD9EA}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"TCP Query User{7DBA6E30-FD17-4335-B0E6-9680D987227F}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{81673919-B459-4421-9759-2BEDB93B1392}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"TCP Query User{8355E4E6-95D6-412A-9901-7EF41AEAAAA7}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{835C9125-C1D6-4079-AA33-5624CA7C1073}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"TCP Query User{89641B3F-D493-4F04-94BB-D20B1F4F0B05}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe |
"TCP Query User{8A312435-385D-48C9-BA55-8BC4700BB729}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"TCP Query User{93D1A094-77F4-44FF-BBA3-9A1A3BF91A3F}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{9532FFE3-93DB-4DA5-B240-D5F4501B2A0F}C:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"TCP Query User{982E326A-991F-42BA-AD65-920F66C7BB9B}C:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{A17F931F-D4F0-4DF8-A4A5-DAED3A605FA1}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{A5A1A270-57CB-466A-99B2-66A0757F4319}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{AC492A1F-2D08-4438-8DF4-48E9FF8EC90C}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"TCP Query User{C31E71C8-63FF-4845-BAA1-3006DF581A4D}C:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"TCP Query User{C40CC659-519D-4EAE-8F23-ECA76BF57532}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{CB9F2254-7958-47C9-A3B8-188F1C122F6C}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"TCP Query User{CC0F738A-22C2-407D-83C9-85D4F19B38CE}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{CF4F8BDF-43E5-41DB-8458-BCEDFA29A890}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{E0F8FA94-9B22-46E2-B898-961C6E60E5B4}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{F0C1178C-A54B-45A1-8FAE-76D3890978ED}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{F8134212-0DD8-418C-9AF0-2D6B7B5D27B9}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"TCP Query User{FA3DC1A0-A00D-46B4-8147-A25800621FF0}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe |
"TCP Query User{FD2D05BD-58DB-4A51-B69B-A921243328BA}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
"TCP Query User{FF1B546B-D7FF-4F84-A8D2-382B87CE0B74}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"UDP Query User{062C6708-FFB0-4997-8A91-FA47C94C8C54}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{065BD18D-5888-4ADB-9B81-421DD8244464}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"UDP Query User{09E531F4-F6BF-44BF-8B4A-DDA368689D91}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{0CCDA8C6-4669-4B00-AC27-2FB6D4D40659}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{1255DEFA-AD3B-4931-B421-C16A27636C1F}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
"UDP Query User{14FF067D-7568-44A8-A6D2-4F604F4A195F}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{194FFD4C-E794-48F1-A3CA-95AF0B9DB8F2}C:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"UDP Query User{1C62F28B-04C6-455A-B454-247F09798F5E}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{22A72E8D-9A9B-4A2B-8AE8-B75B959AB262}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{252CDABA-389B-4347-9B18-77B6192E49E4}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{2981E151-C371-4342-BBE6-3D3BC033DB8C}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"UDP Query User{2BC139D9-B83E-44D6-BE5F-8F6EED72D333}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{2C006983-7FF6-4766-A192-D8990D227AD2}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"UDP Query User{2CE3621C-A61E-46F2-9A2B-FB4324A70E7D}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{3DEFFD5C-3014-416E-BBEC-77EF6D7A3701}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe |
"UDP Query User{3EDD7F7B-9602-4568-93E6-E0AD0B393411}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"UDP Query User{48CBF48D-5136-4AFF-AEF9-02487EB7E99B}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{48CF1397-7D9E-4AB0-88A1-443682DDA39D}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{4DB517F6-1054-4309-806B-CD226AEA77CC}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{501DD578-00A4-4D8F-A1A4-D8A7126389B3}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"UDP Query User{52068C34-F18D-40E1-B00E-34DFCF227F37}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"UDP Query User{58F5A8A4-FBBA-42CA-90C6-FDCF4071C7FF}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{5B643BCE-A854-4962-B063-2FCB7F88F792}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{5D1C78F8-6F29-4844-AC8F-C0D5954F40E6}C:\program files (x86)\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"UDP Query User{6258197A-556D-4352-AC8B-D16EF735C9FA}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"UDP Query User{6CD8D0FE-D973-41F5-9AB6-EE65E3483750}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{6CF40664-76F2-476A-B45D-780463677225}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{6EF06750-BE54-4231-AC5D-2B91B6F55F6D}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"UDP Query User{7843BAB2-7886-472A-AD1A-D37C421CA2E3}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{8837406B-DC1C-45AB-94E7-710C8A61F148}C:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{91379C33-75FB-4547-A820-D2E0E15CBC70}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{97730B9F-B366-45F3-80E3-433482BA9A86}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"UDP Query User{9D9EA88A-79CC-447B-AFE4-068B7B13F46B}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe |
"UDP Query User{9EF0709E-64F8-4FFE-B850-47292A937387}C:\program files (x86)\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"UDP Query User{A1745CB9-C2EB-4A4E-88A5-F5CDD7D95BF9}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"UDP Query User{B49C3647-DE0E-4CD3-B7F0-C42903603890}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{B6A4D041-6D16-49D8-A701-2265B2C8E657}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{BB396BDD-1504-4658-B2C6-5DEAF6E6D141}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"UDP Query User{C407ED3B-FEA4-4ED9-9602-EBE7D70663C1}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{C5134421-E694-4C16-8FDE-DDEE3BFCC659}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"UDP Query User{C75B4C66-9F06-4D24-BEF2-B5CD9658E4E8}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{C78EC5F9-8C39-4B17-9682-6787ED9E1F4B}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"UDP Query User{CA527B93-E9E0-4635-BA78-47DE67195328}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"UDP Query User{CD023123-F5AD-4711-8670-1E6859B6A639}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe |
"UDP Query User{DF0D9387-7E4D-47F7-A358-8FAA8ADFE68B}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{E761AF43-5594-4B11-92C1-E13320021842}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{EA0EBAAA-F712-47C8-9FE1-284A698348DB}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe |
"UDP Query User{FAB8A3D0-50B7-42EF-98D6-CB5E6562BAE3}C:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"UDP Query User{FB3AC2A3-003A-484B-9BFB-77AFB6D6A635}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{FBB54D30-07F2-4B4B-B51F-246A6915F8CD}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON SX420W Series" = Druckerdeinstallation für EPSON SX420W Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{292A177D-723F-4537-9985-BC8BFCD8B63D}" = EIZO ScreenSlicer
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{775DC704-AAE3-4A79-981F-EA1CBAF96EB7}" = Gothic III - Götterdämmerung
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EE74D039-45D7-44E9-BF95-B9CFB015964F_P1Sec}_is1" = ArcaniA - Gothic 4 Patch
"{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1" = ArcaniA - Gothic 4 Hotfix
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"AVMWLANCLI" = AVM FRITZ!WLAN
"Battlelog Web Plugins" = Battlelog Web Plugins
"BestPractice" = BestPractice (remove only)
"Diablo III" = Diablo III
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"ESN Sonar-0.70.4" = ESN Sonar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"FRITZ!DSL" = AVM FRITZ!DSL
"GII_Win7_Nvidia_Workaround" = GII_Win7_Nvidia_Workaround
"Google Chrome" = Google Chrome
"ICQToolbar" = ICQ Toolbar
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Patrizier II Gold_is1" = Patrizier II Gold
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 39160" = Dungeon Siege III
"Steam App 40390" = Risen 2 - Dark Waters
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 50130" = Mafia II
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"World of Warcraft" = World of Warcraft
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1005622917-2267154051-3518905094-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"101a9f93b8f0bb6f" = Curse Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.03.2013 15:23:09 | Computer Name = Kevin-PC | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 2.0.6.25180 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 128 Startzeit:
01ce24d698f8f990 Endzeit: 150 Anwendungspfad: C:\Program Files (x86)\StarCraft II\Versions\Base24944\SC2.exe
Berichts-ID:
Error - 19.03.2013 16:24:11 | Computer Name = Kevin-PC | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 2.0.6.25180 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 94c Startzeit:
01ce24d7364da5b0 Endzeit: 140 Anwendungspfad: C:\Program Files (x86)\StarCraft II\Versions\Base24944\SC2.exe
Berichts-ID:
Error - 20.03.2013 10:33:35 | Computer Name = Kevin-PC | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 2.0.6.25180 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ae0 Startzeit:
01ce2574c9ee3648 Endzeit: 512 Anwendungspfad: C:\Program Files (x86)\StarCraft II\Versions\Base24944\SC2.exe
Berichts-ID:
Error - 20.03.2013 13:00:58 | Computer Name = Kevin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.697,
Zeitstempel: 0x506b3bc0 Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.697,
Zeitstempel: 0x506b3bc0 Ausnahmecode: 0x40000015 Fehleroffset: 0x0000000000153481
ID
des fehlerhaften Prozesses: 0x12c Startzeit der fehlerhaften Anwendung: 0x01ce258c4e7487c0
Pfad
der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Berichtskennung:
bbfe00a0-917f-11e2-94a2-001f3f005902
Error - 20.03.2013 13:12:07 | Computer Name = Kevin-PC | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 2.0.6.25180 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1154 Startzeit:
01ce258cce678900 Endzeit: 472 Anwendungspfad: C:\Program Files (x86)\StarCraft II\Versions\Base24944\SC2.exe
Berichts-ID:
Error - 20.03.2013 15:21:37 | Computer Name = Kevin-PC | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 2.0.6.25180 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e98 Startzeit:
01ce259c0ad70280 Endzeit: 220 Anwendungspfad: C:\Program Files (x86)\StarCraft II\Versions\Base24944\SC2.exe
Berichts-ID:
Error - 21.03.2013 10:54:55 | Computer Name = Kevin-PC | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 2.0.6.25180 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1258 Startzeit:
01ce26401123b3f0 Endzeit: 632 Anwendungspfad: C:\Program Files (x86)\StarCraft II\Versions\Base24944\SC2.exe
Berichts-ID:
Error - 21.03.2013 11:32:33 | Computer Name = Kevin-PC | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 2.0.6.25180 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12bc Startzeit:
01ce264431bb86c0 Endzeit: 164 Anwendungspfad: C:\Program Files (x86)\StarCraft II\Versions\Base24944\SC2.exe
Berichts-ID:
Error - 22.03.2013 11:26:57 | Computer Name = Kevin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.697,
Zeitstempel: 0x506b3bc0 Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.697,
Zeitstempel: 0x506b3bc0 Ausnahmecode: 0x40000015 Fehleroffset: 0x0000000000153481
ID
des fehlerhaften Prozesses: 0x4e0 Startzeit der fehlerhaften Anwendung: 0x01ce270885e6cc40
Pfad
der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Berichtskennung:
eec48cf8-9304-11e2-b044-001f3f005902
Error - 23.03.2013 17:55:43 | Computer Name = Kevin-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.2.0.3525 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9b8 Startzeit:
01ce280eb5057510 Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\ICQ7.2\ICQ.exe
Berichts-ID:
[ System Events ]
Error - 24.03.2013 06:02:33 | Computer Name = Kevin-PC | Source = BugCheck | ID = 1001
Description =
Error - 24.03.2013 06:03:05 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
KLIM6
Error - 24.03.2013 06:05:49 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PLCNDIS5 NDIS Protocol Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 24.03.2013 06:07:49 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
KLIM6
Error - 24.03.2013 06:10:05 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 24.03.2013 06:10:05 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 24.03.2013 07:00:15 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PLCNDIS5 NDIS Protocol Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 24.03.2013 07:00:44 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
KLIM6
Error - 24.03.2013 07:03:06 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 24.03.2013 07:03:06 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
|
|
24.03.2013, 13:42
| #6 | |
| /// TB-Ausbilder | Weißer Bildschirm beim Starten von Windows 7(64bit)! Hi, prima, weiter geht's: Schritt 1 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 2 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ --> Weißer Bildschirm beim Starten von Windows 7(64bit)! |
|
24.03.2013, 20:54
| #7 |
| | Weißer Bildschirm beim Starten von Windows 7(64bit)! Zu Schritt 1:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 24/03/2013 um 20:49:07 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Kevin Rupprecht - KEVIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Kevin Rupprecht\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : ICQ Service
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\searchplugins\icqplugin-3.xml
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Kevin Rupprecht\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Kevin Rupprecht\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Kevin Rupprecht\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Kevin Rupprecht\AppData\LocalLow\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Users\Kevin Rupprecht\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Kevin Rupprecht\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\Conduit
Ordner Gelöscht : C:\Users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\ConduitCommon
Ordner Gelöscht : C:\Users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\ConduitEngine
Ordner Gelöscht : C:\Users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\CT2269050
Ordner Gelöscht : C:\Users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\CT2625848
Ordner Gelöscht : C:\Users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
Ordner Gelöscht : C:\Users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Ordner Gelöscht : C:\Users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\extensions\engine@conduit.com
Ordner Gelöscht : C:\Users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\Smartbar
Ordner Gelöscht : C:\Users\Kevin Rupprecht\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AC6D830-FF6F-4328-A921-D4EAC7AC7B98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{79DEC26B-062A-4FEC-893B-DCDAA5F60609}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v14.0.1 (de)
Datei : C:\Users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\prefs.js
C:\Users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2269050..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_1359634297000", true);
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "24-3-2013");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Sun Mar 24 2013 11:09:38 GMT+0100");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Sun Aug 08 2010 18:35:57 GMT+0200");
Gelöscht : user_pref("CT2269050.FirstServerDate", "2-8-2010");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2269050.InstalledDate", "Mon Aug 02 2010 19:27:11 GMT+0200");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Sun Mar 24 2013 11:09:38 GMT+0100");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.7.0.14", "Sun Aug 08 2010 18:10:56 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.12.0.7", "Fri Apr 27 2012 09:52:45 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.12.2.3", "Mon Jun 04 2012 14:28:21 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.13.0.6", "Sun Jul 01 2012 13:37:21 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.14.1.0", "Sat Aug 25 2012 13:03:25 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.15.1.0", "Wed Nov 07 2012 10:18:36 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.16.0.100", "Sun Mar 24 2013 11:09:26 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.16.0.3", "Thu Jan 10 2013 17:25:05 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.18.0.7", "Sun Mar 24 2013 17:44:22 GMT+0100");
Gelöscht : user_pref("CT2269050.LatestVersion", "3.18.0.7");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Sun Aug 08 2010 18:10:55 GMT+0200");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2269050.SavedHomepage", "hxxp://start.icq.com/");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sun Mar 24 2013 11:09:23 GMT+0100");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Sun Mar 24 2013 11:09:24 GMT+0100");
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Sun Mar 24 2013 17:44:14 GMT+0100");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1364130766");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Mon Aug 02 2010 19:27:10 GMT+0200");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Gelöscht : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2269050.UserID", "UN94709549746733157");
Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 0);
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Sun Aug 08 2010 18:10:56 GMT+0200");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.initDone", true);
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.testingCtid", "");
Gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sun Mar 24 2013 11:09:38 GMT+0100");
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2269050.usagesFlag", 2);
Gelöscht : user_pref("CT2625848.1000082.isDisplayHidden", "true");
Gelöscht : user_pref("CT2625848.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gelöscht : user_pref("CT2625848.2625848a129894023611240511000000paramsGK1", "eyJ1cGRhdGVSZXFUaW1lIjoxMzUxNzkwNz[...]
Gelöscht : user_pref("CT2625848.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2625848.FirstTime", "true");
Gelöscht : user_pref("CT2625848.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2625848.LoginRevertSettingsEnabled", true);
Gelöscht : user_pref("CT2625848.RevertSettingsEnabled", true);
Gelöscht : user_pref("CT2625848.UserID", "UN14657259573242276");
Gelöscht : user_pref("CT2625848.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2625848.autoDisableScopes", -1);
Gelöscht : user_pref("CT2625848.defaultSearch", "false");
Gelöscht : user_pref("CT2625848.enableAlerts", "false");
Gelöscht : user_pref("CT2625848.enableFix404ByUser", "TRUE");
Gelöscht : user_pref("CT2625848.enableSearchFromAddressBar", "true");
Gelöscht : user_pref("CT2625848.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2625848.fixPageNotFoundError", "true");
Gelöscht : user_pref("CT2625848.fixPageNotFoundErrorByUser", "true");
Gelöscht : user_pref("CT2625848.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2625848.fixUrls", true);
Gelöscht : user_pref("CT2625848.installId", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2625848.installType", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2625848.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT2625848.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT2625848.isNewTabEnabled", false);
Gelöscht : user_pref("CT2625848.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2625848.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2625848.lastVersion", "10.14.65.43");
Gelöscht : user_pref("CT2625848.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT2625848.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.trojaner-boa[...]
Gelöscht : user_pref("CT2625848.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.openThankYouPage", "false");
Gelöscht : user_pref("CT2625848.openUninstallPage", "true");
Gelöscht : user_pref("CT2625848.search.searchAppId", "129181467799155027");
Gelöscht : user_pref("CT2625848.search.searchCount", "0");
Gelöscht : user_pref("CT2625848.searchInNewTabEnabled", "false");
Gelöscht : user_pref("CT2625848.searchInNewTabEnabledByUser", "false");
Gelöscht : user_pref("CT2625848.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2625848.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2625848.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1351790851643");
Gelöscht : user_pref("CT2625848.serviceLayer_services_appsMetadata_lastUpdate", "1351790851404");
Gelöscht : user_pref("CT2625848.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1350591835768");
Gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.13.1.99_lastUpdate", "1352990092055");
Gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.13.40.15_lastUpdate", "1364119900017");
Gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364143585142");
Gelöscht : user_pref("CT2625848.serviceLayer_services_optimizer_lastUpdate", "1348580933598");
Gelöscht : user_pref("CT2625848.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1350591835719");
Gelöscht : user_pref("CT2625848.serviceLayer_services_searchAPI_lastUpdate", "1351790851576");
Gelöscht : user_pref("CT2625848.serviceLayer_services_serviceMap_lastUpdate", "1364119899724");
Gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarContextMenu_lastUpdate", "1350591835629");
Gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarSettings_lastUpdate", "1364143585053");
Gelöscht : user_pref("CT2625848.serviceLayer_services_translation_lastUpdate", "1364119900157");
Gelöscht : user_pref("CT2625848.settingsINI", true);
Gelöscht : user_pref("CT2625848.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT2625848.smartbar.CTID", "CT2625848");
Gelöscht : user_pref("CT2625848.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2625848.smartbar.isHidden", true);
Gelöscht : user_pref("CT2625848.smartbar.toolbarName", "DVDVideoSoftTB DE ");
Gelöscht : user_pref("CT2625848.startPage", "false");
Gelöscht : user_pref("CT2625848.toolbarBornServerTime", "16-9-2012");
Gelöscht : user_pref("CT2625848.toolbarCurrentServerTime", "24-3-2013");
Gelöscht : user_pref("CT2625848_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=666138&fid=661999", "\"0\""[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"4be[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu May 05 2011 22:07:53 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 09:22:44 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 09:22:35 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "{c2e42d0d-d507-4108-850e-5885b36658b0}");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Aug 08 2010 18:10:55 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "cb2c820e-2f77-48df-82b0-1c04ec89c341");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Jun 21 2011 14:54:42 GMT+0200");
Gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu Jun 23 2011 01:26:51 GMT+0200");
Gelöscht : user_pref("ConduitEngine.FirstServerDate", "05/05/2011 23");
Gelöscht : user_pref("ConduitEngine.FirstTime", true);
Gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gelöscht : user_pref("ConduitEngine.Initialize", true);
Gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gelöscht : user_pref("ConduitEngine.InstalledDate", "Thu May 05 2011 22:07:58 GMT+0200");
Gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri Jun 24 2011 09:22:37 GMT+0200");
Gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Fri Jun 24 2011 09:22:37 GMT+0200");
Gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri Jun 24 2011 09:22:37 GMT+0200");
Gelöscht : user_pref("ConduitEngine.UserID", "UN05123102977718608");
Gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri Jun 24 2011 09:22:37 GMT+0200");
Gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Fri Jun 24 2011 09:22:37 GMT+0200");
Gelöscht : user_pref("ConduitEngine.initDone", true);
Gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Gelöscht : user_pref("ConduitEngine.usagesFlag", 2);
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://de.ask.com/?l=dis&o=1586&gct=hp");
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Gelöscht : user_pref("extensions.asktb.abar-war-timeout", "4000");
Gelöscht : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Gelöscht : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Gelöscht : user_pref("extensions.asktb.cbid", "^AAA");
Gelöscht : user_pref("extensions.asktb.config-updated", false);
Gelöscht : user_pref("extensions.asktb.crumb", "2011.07.20+06.02.33-toolbar009iad-DE-R2llc3NlbixHZXJtYW55");
Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Gelöscht : user_pref("extensions.asktb.displaybehavior", "");
Gelöscht : user_pref("extensions.asktb.displaytext", "");
Gelöscht : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Gelöscht : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Gelöscht : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0250");
Gelöscht : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.icq.com/search/afe_results.php?[...]
Gelöscht : user_pref("extensions.asktb.ff19-config-first-run", "true");
Gelöscht : user_pref("extensions.asktb.first-launch-url", "hxxps://battlelog.battlefield.com/sso/Ciyvab0tregdVs[...]
Gelöscht : user_pref("extensions.asktb.fresh-install", false);
Gelöscht : user_pref("extensions.asktb.guid", "3efb83ab-7c10-46af-9b33-47a49d8f10b0");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelöscht : user_pref("extensions.asktb.if", "first");
Gelöscht : user_pref("extensions.asktb.keyword-toggled-in-session", false);
Gelöscht : user_pref("extensions.asktb.l", "dis");
Gelöscht : user_pref("extensions.asktb.last-config-req", "1364119757709");
Gelöscht : user_pref("extensions.asktb.last-search-timestamp", "1338938386700");
Gelöscht : user_pref("extensions.asktb.locale", "de_DE");
Gelöscht : user_pref("extensions.asktb.location", "Giessen,Germany");
Gelöscht : user_pref("extensions.asktb.lstation", "");
Gelöscht : user_pref("extensions.asktb.new-tab-opt-out", true);
Gelöscht : user_pref("extensions.asktb.news-native-on", true);
Gelöscht : user_pref("extensions.asktb.o", "1586");
Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gelöscht : user_pref("extensions.asktb.pstate", "");
Gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Gelöscht : user_pref("extensions.asktb.r", "19");
Gelöscht : user_pref("extensions.asktb.sa", "YES");
Gelöscht : user_pref("extensions.asktb.saguid", "CEF59B14-592A-44EE-9CDE-0E64DC25E687");
Gelöscht : user_pref("extensions.asktb.search-history-queries", "avril lavigne||mark wahlberg");
Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Gelöscht : user_pref("extensions.asktb.socialmini-first", true);
Gelöscht : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gelöscht : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gelöscht : user_pref("extensions.asktb.socialmini-max-items", "30");
Gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
Gelöscht : user_pref("extensions.asktb.socialmini-speed", "5000");
Gelöscht : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Gelöscht : user_pref("extensions.asktb.themeid", "");
Gelöscht : user_pref("extensions.asktb.timeinstalled", "19.04.2012 22:35:58");
Gelöscht : user_pref("extensions.asktb.to", "");
Gelöscht : user_pref("extensions.asktb.v", "3.15.15.100013");
Gelöscht : user_pref("extensions.asktb.version", "5.15.15.35882");
Gelöscht : user_pref("extensions.asktb.volume", "");
Gelöscht : user_pref("extensions.enabledAddons", "{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.9,{0027da2d-c9f2[...]
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", false);
Gelöscht : user_pref("icqtoolbar.geolastmodified", 1364119754);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelöscht : user_pref("icqtoolbar.history", "csl||aquarena%20dillenburg||trojaner%20board||moviepilot||the%20num[...]
Gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Gelöscht : user_pref("icqtoolbar.installTime", "1334049298");
Gelöscht : user_pref("icqtoolbar.installsource", "1");
Gelöscht : user_pref("icqtoolbar.itbsitescount", 0);
Gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 3);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "14.0.1");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uniqueID", "127702617112770259351277049322130");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1364119765);
Gelöscht : user_pref("icqtoolbar.version", "2.0.1.6");
Gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");
-\\ Google Chrome v25.0.1364.172
Datei : C:\Users\Kevin Rupprecht\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [38488 octets] - [24/03/2013 20:49:07]
########## EOF - C:\AdwCleaner[S1].txt - [38549 octets] ##########
|
|
24.03.2013, 20:58
| #8 |
| /// TB-Ausbilder | Weißer Bildschirm beim Starten von Windows 7(64bit)! Noch Combofix und OTL und dann fahren wir fort.
__________________ cheers, Leo |
|
24.03.2013, 21:14
| #9 |
| | Weißer Bildschirm beim Starten von Windows 7(64bit)! Zu Schritt 2 Combofix Logfile: Code:
ATTFilter ComboFix 13-03-24.03 - Kevin Rupprecht 24.03.2013 20:59:16.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2558 [GMT 1:00]
ausgeführt von:: c:\users\Kevin Rupprecht\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\8824285.bat
c:\programdata\8824285.js
c:\programdata\8824285.pad
c:\programdata\8824285.reg
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-24 bis 2013-03-24 ))))))))))))))))))))))))))))))
.
.
2013-03-24 20:08 . 2013-03-24 20:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-24 20:08 . 2013-03-24 20:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-24 20:04 . 2013-03-24 20:04 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2228BFAE-3C8A-4472-A1BD-F7314B033127}\offreg.dll
2013-03-23 12:00 . 2013-03-23 12:00 -------- d-----w- C:\FRST
2013-03-22 17:27 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2228BFAE-3C8A-4472-A1BD-F7314B033127}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-16 16:43 . 2010-02-01 15:39 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-16 15:15 . 2012-06-26 16:18 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-16 15:15 . 2011-11-30 14:06 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 05:45 . 2013-03-16 15:24 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-16 15:24 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-16 15:24 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-16 15:24 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-16 15:24 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-16 15:24 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-18 14:23 . 2012-12-12 20:27 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-01-18 14:23 . 2010-03-15 15:27 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-01-18 14:23 . 2010-01-26 15:01 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-01-17 00:28 . 2010-02-01 15:30 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-02-13 19:00 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 19:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 19:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 19:05 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 19:05 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 19:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 18:59 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 19:05 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 19:05 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 19:05 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 19:05 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 18:51 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 18:51 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-02-15 1597864]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-07 17706088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\Kevin Rupprecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-9-28 0]
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
Socialbox.lnk - c:\program files (x86)\Socialbox\Socialbox.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
EIZO ScreenSlicer.lnk - c:\windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe [2012-3-23 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-05-15 26640]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\plcndis5.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2009-03-20 14120]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [2010-08-02 116312]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-14 136360]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2009-03-20 460800]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - KLBG
*Deregistered* - KLIF
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-16 16:30 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 15:15]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17 20:11]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17 20:11]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to Mp3 Converter - c:\users\Kevin Rupprecht\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Kevin Rupprecht\AppData\Roaming\Mozilla\Firefox\Profiles\q1z609gz.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-FRITZ!DSL - c:\windows\IsUn0407.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{EE74D039-45D7-44E9-BF95-B9CFB015964F_P1Sec}_is1 - c:\program files (x86)\JoWooD Entertainment AG\ArcaniA - Gothic 4\unins001.exe
AddRemove-{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1 - c:\program files (x86)\JoWooD Entertainment AG\ArcaniA - Gothic 4\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1005622917-2267154051-3518905094-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,84,5e,40,ee,05,a5,2c,b5,e8,84,8e,1a,88,29,79,ef,b0,3e,13,a2,
ec,15,69,73,ae,44,5d,5d,38,5e,bf,40,c0,56,b2,75,56,0a,36,ea,1a,f7,c6,e7,48,\
"rkeysecu"=hex:62,a0,79,e1,be,17,ad,b7,2a,4e,dd,ee,74,e6,f2,59
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-24 21:13:04
ComboFix-quarantined-files.txt 2013-03-24 20:13
.
Vor Suchlauf: 11 Verzeichnis(se), 76.471.951.360 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 77.244.416.000 Bytes frei
.
- - End Of File - - BCF4A8146A183ECE6E2C29F051761A95
Zu Schritt 3OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.03.2013 21:15:26 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kevin Rupprecht\Desktop\Tools 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 60,72% Memory free 8,00 Gb Paging File | 6,39 Gb Available in Paging File | 79,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,56 Gb Total Space | 72,02 Gb Free Space | 15,47% Space Free | Partition Type: NTFS Drive E: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 3,74 Gb Total Space | 0,30 Gb Free Space | 8,10% Space Free | Partition Type: FAT32 Computer Name: KEVIN-PC | User Name: Kevin Rupprecht | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.24 12:11:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin Rupprecht\Desktop\Tools\OTL.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.08.08 16:37:07 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.07.28 17:37:26 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.14 13:45:26 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.03 14:52:17 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.01 12:12:48 | 000,673,456 | ---- | M] (EIZO NANAO CORPORATION) -- C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe PRC - [2009.08.19 10:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2009.08.19 10:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2009.03.20 02:03:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2005.11.21 11:34:24 | 000,081,920 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE ========== Modules (No Company Name) ========== MOD - [2009.08.18 15:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Services (SafeList) ========== SRV - [2013.03.16 16:15:43 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.08.25 14:10:18 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.08 16:37:07 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.07.28 17:37:26 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.14 13:45:26 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.09.14 04:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) SRV - [2009.09.14 04:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2005.11.21 11:34:24 | 000,081,920 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service) SRV - [2005.11.21 10:48:06 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\AVM\de_serv.exe -- (de_serv) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.07.28 17:37:26 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.28 17:37:26 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.02 13:58:14 | 000,116,312 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EagleX64.sys -- (EagleX64) DRV:64bit: - [2010.01.31 13:43:49 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.01.31 13:43:49 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.15 14:01:06 | 000,156,688 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.15 18:50:26 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009.03.20 02:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2004.05.17 10:21:54 | 000,017,280 | ---- | M] (Intellon, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\plcndis5.sys -- (PLCNDIS5) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\SearchScopes\{5A1C37E2-366D-4A76-9E38-741E76530254}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IEOB04 IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\SearchScopes\{FB692D14-C96C-4019-B5A5-1C9B838D3A43}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=3efb83ab-7c10-46af-9b33-47a49d8f10b0&apn_sauid=CEF59B14-592A-44EE-9CDE-0E64DC25E687 IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.25 14:10:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.23 11:49:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.25 14:10:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.23 11:49:59 | 000,000,000 | ---D | M] [2010.02.01 16:20:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\Extensions [2013.03.24 20:49:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\Firefox\Profiles\q1z609gz.default\extensions [2013.03.24 12:02:26 | 000,549,639 | ---- | M] () (No name found) -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\extensions\toolbar@web.de.xpi [2012.12.13 21:01:06 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.03.24 12:03:55 | 000,002,418 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\englische-ergebnisse.xml [2013.03.24 12:03:55 | 000,010,701 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\gmx-suche.xml [2011.03.23 21:28:10 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-10.xml [2011.04.30 09:43:18 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-11.xml [2011.05.05 21:07:44 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-12.xml [2011.06.24 09:24:28 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-13.xml [2011.07.20 14:07:47 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-14.xml [2011.08.17 15:03:24 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-15.xml [2011.08.28 10:12:14 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-16.xml [2011.09.01 17:41:49 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-17.xml [2011.09.09 06:05:22 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-18.xml [2011.10.01 18:34:42 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-19.xml [2011.10.03 20:34:50 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-20.xml [2011.11.08 14:18:40 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-21.xml [2011.11.12 12:32:52 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-22.xml [2011.12.01 22:26:13 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-23.xml [2011.12.21 20:38:27 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-24.xml [2012.01.25 12:18:36 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-25.xml [2012.02.19 18:10:57 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-26.xml [2012.04.12 15:51:42 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-27.xml [2012.05.03 19:51:24 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-28.xml [2012.05.17 10:29:26 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-29.xml [2012.06.19 10:18:00 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-30.xml [2012.06.22 22:32:16 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-31.xml [2012.09.06 17:56:39 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-32.xml [2010.08.08 17:10:53 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-4.xml [2010.10.31 13:21:28 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-5.xml [2010.11.04 15:15:30 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-6.xml [2010.12.16 15:50:43 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-7.xml [2011.03.02 15:44:23 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-8.xml [2011.03.05 16:57:17 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-9.xml [2013.03.24 12:03:55 | 000,002,432 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\lastminute.xml [2013.03.24 12:03:54 | 000,005,682 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\webde-suche.xml [2012.02.19 13:39:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.18 18:19:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} File not found (No name found) -- C:\USERS\KEVIN RUPPRECHT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1Z609GZ.DEFAULT\EXTENSIONS\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} File not found (No name found) -- C:\USERS\KEVIN RUPPRECHT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1Z609GZ.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} File not found (No name found) -- C:\USERS\KEVIN RUPPRECHT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1Z609GZ.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} File not found (No name found) -- C:\USERS\KEVIN RUPPRECHT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1Z609GZ.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM [2012.08.25 14:10:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.04.12 15:51:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.12 15:51:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.12 15:51:14 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.12 15:51:14 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.12 15:51:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.12 15:51:14 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: Google CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll O1 HOSTS File: ([2013.03.24 21:09:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Kevin Rupprecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\Kevin Rupprecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Kevin Rupprecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Socialbox.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kevin Rupprecht\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kevin Rupprecht\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F69F1E49-2552-4A3B-8FF6-E6D59CEAE498}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.06 13:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.24 21:13:06 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.24 20:56:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.24 20:56:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.24 20:56:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.24 20:56:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.24 20:56:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.24 17:48:21 | 005,044,071 | R--- | C] (Swearware) -- C:\Users\Kevin Rupprecht\Desktop\ComboFix.exe [2013.03.23 13:00:41 | 000,000,000 | ---D | C] -- C:\FRST [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.24 21:12:54 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.24 21:09:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.24 20:59:35 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 20:59:35 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 20:51:39 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.24 20:50:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.24 20:50:49 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2013.03.24 20:28:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.24 17:48:02 | 005,044,071 | R--- | M] (Swearware) -- C:\Users\Kevin Rupprecht\Desktop\ComboFix.exe [2013.03.24 17:45:52 | 000,609,993 | ---- | M] () -- C:\Users\Kevin Rupprecht\Desktop\adwcleaner.exe [2013.03.24 11:02:28 | 861,817,464 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.23 22:42:10 | 000,000,000 | ---- | M] () -- C:\Users\Kevin Rupprecht\defogger_reenable [2013.03.18 18:41:57 | 001,313,378 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.18 18:41:57 | 000,811,514 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.18 18:41:57 | 000,335,868 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.18 18:41:57 | 000,291,056 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.18 18:41:57 | 000,005,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.16 17:38:01 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.24 20:56:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.24 20:56:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.24 20:56:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.24 20:56:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.24 20:56:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.24 17:46:10 | 000,609,993 | ---- | C] () -- C:\Users\Kevin Rupprecht\Desktop\adwcleaner.exe [2013.03.23 22:42:10 | 000,000,000 | ---- | C] () -- C:\Users\Kevin Rupprecht\defogger_reenable [2013.02.07 15:31:35 | 000,007,606 | ---- | C] () -- C:\Users\Kevin Rupprecht\AppData\Local\Resmon.ResmonCfg [2012.12.12 21:27:51 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.01.28 19:20:35 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010.05.22 19:57:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.09.16 19:34:41 | 000,000,000 | ---D | M] -- C:\Users\Kevin Rupprecht\AppData\Roaming\com.socialbox.socialbox [2012.09.23 20:22:08 | 000,000,000 | ---D | M] -- C:\Users\Kevin Rupprecht\AppData\Roaming\DVDVideoSoft [2012.03.23 16:09:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin Rupprecht\AppData\Roaming\EIZO [2010.01.26 19:09:02 | 000,000,000 | ---D | M] -- C:\Users\Kevin Rupprecht\AppData\Roaming\FRITZ! [2012.03.23 16:04:46 | 000,000,000 | ---D | M] -- C:\Users\Kevin Rupprecht\AppData\Roaming\ICQ [2010.03.03 18:13:40 | 000,000,000 | ---D | M] -- C:\Users\Kevin Rupprecht\AppData\Roaming\OpenOffice.org [2012.12.01 19:06:30 | 000,000,000 | ---D | M] -- C:\Users\Kevin Rupprecht\AppData\Roaming\Origin [2011.09.07 15:34:52 | 000,000,000 | ---D | M] -- C:\Users\Kevin Rupprecht\AppData\Roaming\SignupShield [2013.02.03 20:35:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin Rupprecht\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > Zu Schritt 3OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.03.2013 21:15:26 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kevin Rupprecht\Desktop\Tools 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 60,72% Memory free 8,00 Gb Paging File | 6,39 Gb Available in Paging File | 79,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,56 Gb Total Space | 72,02 Gb Free Space | 15,47% Space Free | Partition Type: NTFS Drive E: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 3,74 Gb Total Space | 0,30 Gb Free Space | 8,10% Space Free | Partition Type: FAT32 Computer Name: KEVIN-PC | User Name: Kevin Rupprecht | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.24 12:11:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin Rupprecht\Desktop\Tools\OTL.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.08.08 16:37:07 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.07.28 17:37:26 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.14 13:45:26 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.03 14:52:17 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.01 12:12:48 | 000,673,456 | ---- | M] (EIZO NANAO CORPORATION) -- C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe PRC - [2009.08.19 10:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2009.08.19 10:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2009.03.20 02:03:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2005.11.21 11:34:24 | 000,081,920 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE ========== Modules (No Company Name) ========== MOD - [2009.08.18 15:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Services (SafeList) ========== SRV - [2013.03.16 16:15:43 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.08.25 14:10:18 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.08 16:37:07 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.07.28 17:37:26 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.14 13:45:26 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.09.14 04:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) SRV - [2009.09.14 04:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2005.11.21 11:34:24 | 000,081,920 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service) SRV - [2005.11.21 10:48:06 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\AVM\de_serv.exe -- (de_serv) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.07.28 17:37:26 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.28 17:37:26 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.02 13:58:14 | 000,116,312 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EagleX64.sys -- (EagleX64) DRV:64bit: - [2010.01.31 13:43:49 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.01.31 13:43:49 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.15 14:01:06 | 000,156,688 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.15 18:50:26 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009.03.20 02:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2004.05.17 10:21:54 | 000,017,280 | ---- | M] (Intellon, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\plcndis5.sys -- (PLCNDIS5) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\SearchScopes\{5A1C37E2-366D-4A76-9E38-741E76530254}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IEOB04 IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\SearchScopes\{FB692D14-C96C-4019-B5A5-1C9B838D3A43}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=3efb83ab-7c10-46af-9b33-47a49d8f10b0&apn_sauid=CEF59B14-592A-44EE-9CDE-0E64DC25E687 IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.25 14:10:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.23 11:49:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.25 14:10:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.23 11:49:59 | 000,000,000 | ---D | M] [2010.02.01 16:20:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\Extensions [2013.03.24 20:49:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\Firefox\Profiles\q1z609gz.default\extensions [2013.03.24 12:02:26 | 000,549,639 | ---- | M] () (No name found) -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\extensions\toolbar@web.de.xpi [2012.12.13 21:01:06 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.03.24 12:03:55 | 000,002,418 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\englische-ergebnisse.xml [2013.03.24 12:03:55 | 000,010,701 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\gmx-suche.xml [2011.03.23 21:28:10 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-10.xml [2011.04.30 09:43:18 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-11.xml [2011.05.05 21:07:44 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-12.xml [2011.06.24 09:24:28 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-13.xml [2011.07.20 14:07:47 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-14.xml [2011.08.17 15:03:24 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-15.xml [2011.08.28 10:12:14 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-16.xml [2011.09.01 17:41:49 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-17.xml [2011.09.09 06:05:22 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-18.xml [2011.10.01 18:34:42 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-19.xml [2011.10.03 20:34:50 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-20.xml [2011.11.08 14:18:40 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-21.xml [2011.11.12 12:32:52 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-22.xml [2011.12.01 22:26:13 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-23.xml [2011.12.21 20:38:27 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-24.xml [2012.01.25 12:18:36 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-25.xml [2012.02.19 18:10:57 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-26.xml [2012.04.12 15:51:42 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-27.xml [2012.05.03 19:51:24 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-28.xml [2012.05.17 10:29:26 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-29.xml [2012.06.19 10:18:00 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-30.xml [2012.06.22 22:32:16 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-31.xml [2012.09.06 17:56:39 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-32.xml [2010.08.08 17:10:53 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-4.xml [2010.10.31 13:21:28 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-5.xml [2010.11.04 15:15:30 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-6.xml [2010.12.16 15:50:43 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-7.xml [2011.03.02 15:44:23 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-8.xml [2011.03.05 16:57:17 | 000,000,950 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\icqplugin-9.xml [2013.03.24 12:03:55 | 000,002,432 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\lastminute.xml [2013.03.24 12:03:54 | 000,005,682 | ---- | M] () -- C:\Users\Kevin Rupprecht\AppData\Roaming\mozilla\firefox\profiles\q1z609gz.default\searchplugins\webde-suche.xml [2012.02.19 13:39:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.18 18:19:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} File not found (No name found) -- C:\USERS\KEVIN RUPPRECHT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1Z609GZ.DEFAULT\EXTENSIONS\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} File not found (No name found) -- C:\USERS\KEVIN RUPPRECHT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1Z609GZ.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} File not found (No name found) -- C:\USERS\KEVIN RUPPRECHT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1Z609GZ.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} File not found (No name found) -- C:\USERS\KEVIN RUPPRECHT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1Z609GZ.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM [2012.08.25 14:10:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.04.12 15:51:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.12 15:51:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.12 15:51:14 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.12 15:51:14 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.12 15:51:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.12 15:51:14 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: Google CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll O1 HOSTS File: ([2013.03.24 21:09:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Kevin Rupprecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\Kevin Rupprecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Kevin Rupprecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Socialbox.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kevin Rupprecht\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kevin Rupprecht\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F69F1E49-2552-4A3B-8FF6-E6D59CEAE498}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.06 13:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.24 21:13:06 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.24 20:56:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.24 20:56:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.24 20:56:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.24 20:56:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.24 20:56:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.24 17:48:21 | 005,044,071 | R--- | C] (Swearware) -- C:\Users\Kevin Rupprecht\Desktop\ComboFix.exe [2013.03.23 13:00:41 | 000,000,000 | ---D | C] -- C:\FRST [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.24 21:12:54 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.24 21:09:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.24 20:59:35 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 20:59:35 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 20:51:39 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.24 20:50:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.24 20:50:49 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2013.03.24 20:28:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.24 17:48:02 | 005,044,071 | R--- | M] (Swearware) -- C:\Users\Kevin Rupprecht\Desktop\ComboFix.exe [2013.03.24 17:45:52 | 000,609,993 | ---- | M] () -- C:\Users\Kevin Rupprecht\Desktop\adwcleaner.exe [2013.03.24 11:02:28 | 861,817,464 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.23 22:42:10 | 000,000,000 | ---- | M] () -- C:\Users\Kevin Rupprecht\defogger_reenable [2013.03.18 18:41:57 | 001,313,378 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.18 18:41:57 | 000,811,514 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.18 18:41:57 | 000,335,868 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.18 18:41:57 | 000,291,056 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.18 18:41:57 | 000,005,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.16 17:38:01 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.24 20:56:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.24 20:56:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.24 20:56:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.24 20:56:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.24 20:56:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.24 17:46:10 | 000,609,993 | ---- | C] () -- C:\Users\Kevin Rupprecht\Desktop\adwcleaner.exe [2013.03.23 22:42:10 | 000,000,000 | ---- | C] () -- C:\Users\Kevin Rupprecht\defogger_reenable [2013.02.07 15:31:35 | 000,007,606 | ---- | C] () -- C:\Users\Kevin Rupprecht\AppData\Local\Resmon.ResmonCfg [2012.12.12 21:27:51 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.01.28 19:20:35 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010.05.22 19:57:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.09.16 19:34:41 | 000,000,000 | ---D | M] -- C:\Users\Kevin Rupprecht\AppData\Roaming\com.socialbox.socialbox [2012.09.23 20:22:08 | 000,000,000 | ---D | M] -- C:\Users\Kevin Rupprecht\AppData\Roaming\DVDVideoSoft [2012.03.23 16:09:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin Rupprecht\AppData\Roaming\EIZO [2010.01.26 19:09:02 | 000,000,000 | ---D | M] -- C:\Users\Kevin Rupprecht\AppData\Roaming\FRITZ! [2012.03.23 16:04:46 | 000,000,000 | ---D | M] -- C:\Users\Kevin Rupprecht\AppData\Roaming\ICQ [2010.03.03 18:13:40 | 000,000,000 | ---D | M] -- C:\Users\Kevin Rupprecht\AppData\Roaming\OpenOffice.org [2012.12.01 19:06:30 | 000,000,000 | ---D | M] -- C:\Users\Kevin Rupprecht\AppData\Roaming\Origin [2011.09.07 15:34:52 | 000,000,000 | ---D | M] -- C:\Users\Kevin Rupprecht\AppData\Roaming\SignupShield [2013.02.03 20:35:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin Rupprecht\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > |
|
24.03.2013, 21:28
| #10 |
| /// TB-Ausbilder | Weißer Bildschirm beim Starten von Windows 7(64bit)! Gut. Wie läuft der Rechner? Schritt 1
Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\SearchScopes\{5A1C37E2-366D-4A76-9E38-741E76530254}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IEOB04
IE - HKU\S-1-5-21-1005622917-2267154051-3518905094-1000\..\SearchScopes\{FB692D14-C96C-4019-B5A5-1C9B838D3A43}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=3efb83ab-7c10-46af-9b33-47a49d8f10b0&apn_sauid=CEF59B14-592A-44EE-9CDE-0E64DC25E687
:commands
[emptytemp]
Schritt 2
Schritt 3 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 4 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
25.03.2013, 11:01
| #11 |
| | Weißer Bildschirm beim Starten von Windows 7(64bit)! Der Rechner läuft wieder richtig gut Danke! Zu Schritt 1: All processes killed ========== OTL ========== Registry key HKEY_USERS\S-1-5-21-1005622917-2267154051-3518905094-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5A1C37E2-366D-4A76-9E38-741E76530254}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A1C37E2-366D-4A76-9E38-741E76530254}\ not found. Registry key HKEY_USERS\S-1-5-21-1005622917-2267154051-3518905094-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FB692D14-C96C-4019-B5A5-1C9B838D3A43}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB692D14-C96C-4019-B5A5-1C9B838D3A43}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56468 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Kevin Rupprecht ->Temp folder emptied: 620515 bytes ->Temporary Internet Files folder emptied: 3172588232 bytes ->Java cache emptied: 23588407 bytes ->FireFox cache emptied: 269893524 bytes ->Google Chrome cache emptied: 65596724 bytes ->Flash cache emptied: 202202 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56468 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 401408 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 3.369,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 03252013_105009 Files\Folders moved on Reboot... C:\Users\Kevin Rupprecht\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Zu Schritt 2: Malwarebytes Anti-Malware 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.03.25.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kevin Rupprecht :: KEVIN-PC [Administrator] 25.03.2013 11:11:52 mbam-log-2013-03-25 (11-11-52).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 232490 Laufzeit: 2 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
25.03.2013, 14:08
| #12 |
| /// TB-Ausbilder | Weißer Bildschirm beim Starten von Windows 7(64bit)! Fehlen nur noch ESET und SecurityCheck und dann sind wir auch schon fast fertig.
__________________ cheers, Leo |
|
25.03.2013, 22:29
| #13 |
| | Weißer Bildschirm beim Starten von Windows 7(64bit)! Ok scanne jetzt mit ESET wird dauern. |
|
25.03.2013, 22:32
| #14 |
| /// TB-Ausbilder | Weißer Bildschirm beim Starten von Windows 7(64bit)! Ja, der Scan könnte etwas dauern. Danach sind wir dann fast fertig.
__________________ cheers, Leo |
|
26.03.2013, 01:02
| #15 |
| | Weißer Bildschirm beim Starten von Windows 7(64bit)! ESET Scan: C:\FRST\Quarantine\skype.dat a variant of Win32/Kryptik.AXHX trojan C:\Qoobox\Quarantine\C\ProgramData\8824285.js.vir JS/Agent.NID trojan Security Check: Results of screen317's Security Check version 0.99.59 Windows 7 Service Pack 1 x64 Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` AntiVir Desktop Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Java(TM) 6 Update 29 Java version out of Date! Adobe Flash Player 11.6.602.180 Adobe Reader XI Mozilla Firefox 14.0.1 Firefox out of Date! Google Chrome 25.0.1364.152 Google Chrome 25.0.1364.172 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
| Themen zu Weißer Bildschirm beim Starten von Windows 7(64bit)! |
| adobe, antivir, association, attention, avg, avira, beim starten, bildschirm, desktop, dsl, farbar, farbar recovery scan tool, flash player, home, internet, kaspersky, registry, services.exe, starten, stick, svchost.exe, system, temp, trojaner, trojaner board, usb, windows, winlogon.exe |
Textbox.
Linear-Darstellung
