Firefox öffnet "e.ligatus..." automatisch

Nordeisregen · 12.04.2013, 10:03

Hallo, liebe Community!

Vorneweg, auf den Gebieten des PCs und der Schädlingsbekämpfung würde ich mich nicht gerade als "Pro" bezeichnen. Aber nun zu meinem Problem.

Gestern hat sich ohne jede Vorwarnung ein neuer Tab in Firefox mit folgendem Link geöffnet: "http: //e. ligatus.com/Ligatus Fallback .gif?ids= 34088" (habe ich aus Google kopiert, da mir der genaue Link nicht mehr geläufig ist). Ich habe keine Ahnung, was das ist - habe in Google unter anderem etwas von Virus gefunden, aber auch nichts Konkretes. Während des Surfens habe ich eigentlich immer neben Virenscanner und Windows-Firewall NoScript und Adblock aktiv und meide unseriös klingende Seiten, falls das helfen sollte. Weiterhin habe ich auch schon einen Beitrag dazu im Forum gefunden, aber wollte nicht einfach wild drauflosdoktorn.

Hier die Scans:

OTL:

Code:

ATTFilter

OTL logfile created on: 12.04.2013 10:14:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Meruu\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,33 Gb Available Physical Memory | 79,53% Memory free
15,91 Gb Paging File | 14,39 Gb Available in Paging File | 90,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 72,63 Gb Free Space | 60,91% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 896,27 Gb Free Space | 96,22% Space Free | Partition Type: NTFS
Drive E: | 7,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 100,00 Mb Total Space | 71,86 Mb Free Space | 71,87% Space Free | Partition Type: NTFS
Drive G: | 511,62 Gb Total Space | 384,99 Gb Free Space | 75,25% Space Free | Partition Type: NTFS
Drive H: | 1351,29 Gb Total Space | 1072,07 Gb Free Space | 79,34% Space Free | Partition Type: NTFS
Drive I: | 2,00 Gb Total Space | 0,65 Gb Free Space | 32,59% Space Free | Partition Type: FAT
 
Computer Name: MERUU-PC | User Name: Meruu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.12 10:02:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meruu\Desktop\OTL.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.07.19 19:00:56 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.07.19 19:00:54 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.07.19 19:00:30 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.05.30 14:00:00 | 000,284,480 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.03.27 10:14:28 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.13 21:26:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.10 04:24:45 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\a9f8b35698a9a28f22861f7b814b79bc\IAStorCommon.ni.dll
MOD - [2013.01.10 04:24:44 | 000,489,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c484ce0997e68573a00dc6cddf16e2ac\IAStorUtil.ni.dll
MOD - [2013.01.10 04:21:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 04:21:27 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 04:21:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.10 04:21:18 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 04:21:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 04:21:15 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 04:21:13 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010.11.21 08:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.03 00:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.19 19:00:56 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.07.19 19:00:54 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.07.19 19:00:30 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.06.19 19:10:34 | 000,634,632 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.12.20 10:28:14 | 000,341,800 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.10 17:56:25 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.09 05:01:18 | 000,445,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2012.07.03 17:25:18 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.07.03 00:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.05.30 13:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.04.12 00:30:00 | 000,708,200 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.03.27 10:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.03.27 10:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.03.27 10:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.02 08:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.07.26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008.07.26 15:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008.07.26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008.07.26 15:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {92F54EEC-695B-4CD8-ACB8-8521188424CD}
IE:64bit: - HKLM\..\SearchScopes\{92F54EEC-695B-4CD8-ACB8-8521188424CD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {92F54EEC-695B-4CD8-ACB8-8521188424CD}
IE - HKLM\..\SearchScopes\{92F54EEC-695B-4CD8-ACB8-8521188424CD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS;
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {92F54EEC-695B-4CD8-ACB8-8521188424CD}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Itunesnew\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: H:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: H:\Firefox\components [2013.03.09 13:14:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: H:\Firefox\plugins
 
[2012.09.01 13:10:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meruu\AppData\Roaming\mozilla\Extensions
[2013.03.29 15:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meruu\AppData\Roaming\mozilla\Firefox\Profiles\voycfkip.default\extensions
[2013.03.29 15:22:32 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\Meruu\AppData\Roaming\mozilla\firefox\profiles\voycfkip.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.14 21:28:18 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Meruu\AppData\Roaming\mozilla\firefox\profiles\voycfkip.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Java\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA5D05F9-DFAE-4D53-8E89-B8AE828EE494}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.25 22:54:19 | 000,013,128 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011.04.22 17:13:49 | 000,000,074 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4b290048-f41e-11e1-be35-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4b290048-f41e-11e1-be35-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2011.04.25 22:54:19 | 000,013,128 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.12 10:02:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Meruu\Desktop\OTL.exe
[2013.04.11 23:50:35 | 000,000,000 | ---D | C] -- C:\Users\Meruu\AppData\Roaming\Malwarebytes
[2013.04.11 23:50:05 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.11 23:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.11 23:49:21 | 000,000,000 | ---D | C] -- C:\Users\Meruu\AppData\Local\Programs
[2013.03.30 18:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.03.14 01:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.14 01:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.14 01:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.12 10:02:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meruu\Desktop\OTL.exe
[2013.04.12 09:50:52 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 09:50:52 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 09:48:53 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.12 09:48:53 | 000,654,602 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.12 09:48:53 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.12 09:48:53 | 000,130,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.12 09:48:53 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.12 09:43:44 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.12 09:43:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.12 09:43:38 | 2111,344,639 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.19 18:04:48 | 000,002,245 | ---- | M] () -- C:\Users\Meruu\Documents\nachforschungsauftrag.rtf
[2013.03.14 20:21:23 | 000,243,954 | ---- | M] () -- C:\Users\Meruu\Documents\lebenslaufneu.rtf
[2013.03.14 20:12:34 | 000,001,692 | ---- | M] () -- C:\Users\Meruu\Documents\bewerbungflorstadt.rtf
[2013.03.14 01:52:32 | 000,002,033 | ---- | M] () -- C:\Users\Meruu\Documents\bewerbungprospekt.rtf
 
========== Files Created - No Company Name ==========
 
[2013.03.19 18:04:48 | 000,002,245 | ---- | C] () -- C:\Users\Meruu\Documents\nachforschungsauftrag.rtf
[2013.03.14 20:07:36 | 000,001,692 | ---- | C] () -- C:\Users\Meruu\Documents\bewerbungflorstadt.rtf
[2013.03.13 22:32:48 | 000,002,033 | ---- | C] () -- C:\Users\Meruu\Documents\bewerbungprospekt.rtf
[2013.01.24 20:03:18 | 001,017,955 | ---- | C] () -- C:\Users\Meruu\Scannen0005.jpg
[2013.01.24 20:03:18 | 000,461,634 | ---- | C] () -- C:\Users\Meruu\Scannen0006.jpg
[2012.09.01 17:05:39 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.19 18:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.04.27 15:21:44 | 000,002,048 | ---- | C] () -- C:\Windows\hidcon.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.10 18:17:57 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\.minecraft
[2012.10.15 11:35:47 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\Downloaded Installations
[2013.04.11 22:08:59 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\ICQ
[2012.11.05 20:47:16 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\Leadertech
[2012.09.09 14:45:24 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\LolClient
[2013.04.11 20:47:41 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\Mumble
[2013.04.04 12:32:10 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\Nitro PDF
[2013.03.22 02:26:49 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\SoftGrid Client
[2012.10.24 21:03:46 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\TP
[2012.09.09 18:57:42 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\ts3overlay
 
========== Purity Check ==========
 
 

< End of report >

OTL Extras:

Code:

ATTFilter

OTL Extras logfile created on: 12.04.2013 10:14:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Meruu\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,33 Gb Available Physical Memory | 79,53% Memory free
15,91 Gb Paging File | 14,39 Gb Available in Paging File | 90,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 72,63 Gb Free Space | 60,91% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 896,27 Gb Free Space | 96,22% Space Free | Partition Type: NTFS
Drive E: | 7,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 100,00 Mb Total Space | 71,86 Mb Free Space | 71,87% Space Free | Partition Type: NTFS
Drive G: | 511,62 Gb Total Space | 384,99 Gb Free Space | 75,25% Space Free | Partition Type: NTFS
Drive H: | 1351,29 Gb Total Space | 1072,07 Gb Free Space | 79,34% Space Free | Partition Type: NTFS
Drive I: | 2,00 Gb Total Space | 0,65 Gb Free Space | 32,59% Space Free | Partition Type: FAT
 
Computer Name: MERUU-PC | User Name: Meruu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- H:\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07116827-C965-4514-925D-57FCE0FFBBFA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{10B93ECD-F8B4-4950-9B86-C97730E121E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1921E80D-A64B-4E67-BF79-0F7E0608E353}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3E177F11-4CF1-4611-949B-6FAC489974C0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4AA54BBD-AE4C-449A-A03B-7ADA47871AF1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{51B18C89-5306-4067-BFD5-D2BF85E0EF14}" = rport=138 | protocol=17 | dir=out | app=system | 
"{567BD6B5-5A20-4851-821A-D8B9FBC0277E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{569F60A4-B355-4924-97DC-92368669BC4B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{599AD2D3-5816-4D8D-A55C-1A9FFB27E487}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5C362C6D-10ED-407E-A731-A87A0F84EB09}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5E4921E6-3602-42A1-AD6E-512DEE98211C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{64A0F9C7-70BC-4876-9194-CED239448F2B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{75D65371-344F-4E28-8C39-FB2AE277B9BB}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{96A52E0F-9E9D-405B-B92C-47F6D1452468}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{9D507A2A-BE73-40BC-9113-729A0FFD4F98}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{A3B71B45-9D4C-42CE-BB7E-AC9796BDC52D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ABA89E5B-79BE-4C18-8389-600A5B777D58}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AC24C16F-3556-44F2-9052-0B07C876DDF9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AE973D08-9DC7-498C-81BD-CF21858EC62B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B23EBE35-F4A4-41E0-B57E-84B0AC411836}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BA4AA268-6A07-4119-8B77-0A1D366D935B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BCD7BE9D-3864-45BE-B898-31D27AC9F4C3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C1B738F6-D756-486D-A609-7156A37B9E58}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C751DAC7-2E0B-4A81-A73E-7D6F1B880B60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CADDFD5C-9C4B-4865-B8D2-AD28555432AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CB0F7061-7745-4956-8762-B7CD62D26634}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DB835E92-24E5-47B7-985E-13766C552142}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F2DAAD5D-E747-44C0-A1FA-DD019D177EC2}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{FE5A6EEA-2632-42A2-A953-6FB707E109F2}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{090BBC7B-D907-4F8B-A298-256A77F69B99}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{09631EF2-FB5B-4037-80AF-2CB8EE5E6875}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0A0234D2-899E-4886-8ADC-58037698EE82}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0E561CDE-A00E-4EBD-A736-EC8CEBEB32C2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0EF0EA30-A287-4D1F-B71C-F66745B92327}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{10BA3D1A-5A6F-4FF3-9BF5-25851E4A4A3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1716D2BF-63F1-489D-9DDA-2AC8F1D5A908}" = protocol=58 | dir=in | app=system | 
"{197E0C96-EBCA-4AA6-BE8D-5A9538DD101D}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{1AC7F30F-E36F-49FE-B83C-4FBBE199231D}" = protocol=6 | dir=out | app=system | 
"{1C92FE8F-41E4-470F-883D-2BF68547C146}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F492E16-D8CB-493A-9B7F-402B5AF5C9AC}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\ys origin demo\yso_dm_win.exe | 
"{2141A870-F42F-48D8-8AEA-1E66CE656F9D}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam.exe | 
"{25916554-00BE-46C7-B3AE-AC11E9C2C407}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampionsloader.exe | 
"{270B6C79-72F3-47F4-9C36-35D303A5F471}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2CBE0309-D7E7-494F-882F-9D3D988B63D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E802FF5-54BC-438F-93F8-435D7B3F7EAF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2F5B3C85-B817-4114-A58B-9A6D87D1C3E6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{311F30CD-B344-451D-BDF0-D546B6BC0B7E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{3C4DD8CC-6B7A-40BD-95F7-BC9CB1A0FDFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4903B354-E82D-4305-91D2-123B51AD2233}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\day of defeat source\hl2.exe | 
"{49D6128B-7F14-4385-80D9-CD3AE3C89569}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\day of defeat source\hl2.exe | 
"{4A52401B-A025-435B-B889-77C92BD0939D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4C4E9927-5E24-4A46-9D93-D5CAAD1202E9}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampionsloader.exe | 
"{4D24481C-14F8-4020-8316-CCF632F66A7A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4E9E1080-3697-4F1F-AB04-22B173BBCB14}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\day of defeat source\hl2.exe | 
"{558CA7BB-138D-4C4B-9DC9-2F41CE61A5DE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5B61BEC5-B3BE-45E2-A013-958A62608137}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{70CA1907-67B0-47E1-A5DD-329188F08ACB}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\ys origin demo\config_dm.exe | 
"{76388048-0159-482D-9D40-AD4A40E7489A}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\day of defeat source\hl2.exe | 
"{7C52E84F-EA52-4BF9-8E69-19D8EC7A3E92}" = protocol=6 | dir=in | app=h:\wolfenstein\wolfenstein - enemy territory\et.exe | 
"{82DA44CA-171A-4F57-BBF5-6172B4DDB7BB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{83DFFFE7-FB6C-4665-AD69-7F2F6170993B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8911C983-9A8B-4A95-8077-3DFEAD9AC7B0}" = dir=in | app=h:\itunesnew\itunes.exe | 
"{8A379AD7-A923-4987-9A9B-D9886E55847F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8F95BC8D-B294-478B-A27E-CAE63874C44F}" = protocol=6 | dir=in | app=h:\hunted\binaries\win32\p4dftre.dll | 
"{8FA1DF2C-D65A-4CFC-99AF-BD6FBE214571}" = protocol=17 | dir=in | app=h:\hunted\binaries\win32\p4dftre.dll | 
"{912DBFEA-123E-47E0-8965-B8B3A0267C2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{95DDAA80-60F1-456A-A4F8-AAB9B559796B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9B7279B7-915C-4130-8BC0-97B4236D363C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9D14BF6E-33C5-4157-8DF3-BD179E63B1D2}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\ys origin demo\yso_dm_win.exe | 
"{9DD13FE0-01C0-48B9-BD5E-DDE0A16D5FAE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A99A1845-95DF-4FDD-B9DA-DB4F92227BDA}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{AC107865-D910-459E-9F3E-EA832F3E3FD6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BD9598D7-DC89-46C1-854E-B7DA56473B00}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam.exe | 
"{BE8C0BAB-A8A5-49E1-B7AC-897A3870453A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C0EBB2C3-786B-4BE0-B3EE-192E2BE7B684}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C388FD61-2D9E-4B1D-97DC-6CE5FF2E27C6}" = protocol=17 | dir=in | app=h:\wolfenstein\wolfenstein - enemy territory\et.exe | 
"{C85965EA-7A9C-483A-8A75-F1724609161D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CAAC8F3A-E9EE-44AF-85FE-1852D5D3E565}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{CC822044-E3BF-4FBA-840A-0418FA6B1AC9}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{CE07601B-1BC0-4BF1-B6DB-C8DC579E5702}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D0477573-7251-4921-ABC2-9A0250D78142}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D508DD3E-C296-4211-A203-E6BCF53C7FC4}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{E55A062D-42D6-434D-BF64-D45839C7E0FD}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{EAE66045-A57C-4C00-9949-0091D9CA1F42}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EC30855A-5677-4C22-9E5D-3D96244AA370}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\day of defeat source\hl2.exe | 
"{ECF14DFA-AB32-4C16-8794-B0F443EC829C}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\day of defeat source\hl2.exe | 
"{F24E673E-745F-493A-B03A-882E7D687327}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\ys origin demo\config_dm.exe | 
"{FA88E811-95A0-4F24-B7E2-16DE0B5909F2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FE3CEE63-C314-488E-B4F1-ADF9FCC69FF8}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe | 
"TCP Query User{00228CAF-DD6A-4E9E-9539-6DB7D4B728BF}H:\eigene dateien und dokumente\musik2\329893018 noi\age of empires\empiresx.exe" = protocol=6 | dir=in | app=h:\eigene dateien und dokumente\musik2\329893018 noi\age of empires\empiresx.exe | 
"TCP Query User{2CFE6554-4699-49AD-849C-B33BECC3A2CF}H:\wolfenstein\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=h:\wolfenstein\wolfenstein - enemy territory\et.exe | 
"TCP Query User{5028697E-5440-4153-BB5E-8EB2CF669F6E}G:\program files (x86)\icq7.6\icq.exe" = protocol=6 | dir=in | app=g:\program files (x86)\icq7.6\icq.exe | 
"TCP Query User{5134B4D3-EF21-4943-8395-48573674AB2F}H:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=h:\guild wars 2\gw2.exe | 
"TCP Query User{5E1256FB-C772-433F-89B7-81D57A96CE7F}\\kireille-pc\users\public\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=\\kireille-pc\users\public\guild wars 2\gw2.exe | 
"TCP Query User{791AEE5A-210A-4DF0-87FA-430EDAA2D325}G:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=g:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{810D0D22-E804-4C7F-9F39-DD5EEEC5C376}G:\program files (x86)\steam\steamapps\flyuruba\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\counter-strike source\hl2.exe | 
"TCP Query User{82A09523-46A8-49B7-BB2F-134893F99688}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{8AE05F2D-E9EB-4810-BF28-AAC56BF9CE01}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{ACB2FD59-2883-4B13-83C4-C09317408C67}G:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe | 
"TCP Query User{B08DE2DE-CDF7-4AEB-AE7B-39199AD5F325}H:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=h:\guild wars 2\gw2.exe | 
"TCP Query User{F1D02CE3-4382-47F4-A981-289434D040E6}G:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=g:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{2C282A50-26BD-49DD-9AAF-44D3CED64A87}G:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe | 
"UDP Query User{414500A2-B060-4489-BB87-47CCE544D3DC}G:\program files (x86)\icq7.6\icq.exe" = protocol=17 | dir=in | app=g:\program files (x86)\icq7.6\icq.exe | 
"UDP Query User{515BBFDB-46FB-42C5-99B5-3980457B7E9E}H:\eigene dateien und dokumente\musik2\329893018 noi\age of empires\empiresx.exe" = protocol=17 | dir=in | app=h:\eigene dateien und dokumente\musik2\329893018 noi\age of empires\empiresx.exe | 
"UDP Query User{6ACE9762-1D27-48BC-975A-20EB6841869E}\\kireille-pc\users\public\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=\\kireille-pc\users\public\guild wars 2\gw2.exe | 
"UDP Query User{90B5B4A3-56C0-4C4E-B5FA-23E4A6C1C9D1}G:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=g:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{95E48F59-F362-458E-83DB-0A3866DC0950}G:\program files (x86)\steam\steamapps\flyuruba\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\counter-strike source\hl2.exe | 
"UDP Query User{A6DB34D0-7A63-430C-885D-8879A0F44D33}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{B40A5742-8F4B-4283-ADFD-CE7B00FD171B}G:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=g:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{BB1F5677-0A77-4E9C-BF57-6D2E22099204}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{C6AEF75E-47FF-40F8-8C5F-2FDA743F59B6}H:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=h:\guild wars 2\gw2.exe | 
"UDP Query User{D4292C91-1494-4CAA-9999-0769B601BEDB}H:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=h:\guild wars 2\gw2.exe | 
"UDP Query User{D5DDDEC9-0B0A-4253-B9EE-59B7CCF463B1}H:\wolfenstein\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=h:\wolfenstein\wolfenstein - enemy territory\et.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6E206106-BD80-4D56-8F74-FE43AA1C7160}" = Nitro PDF Reader 2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Hunted: The Demon's Forge_is1" = Hunted: The Demon's Forge Version 1.0
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Messenger Plus!" = Messenger Plus! 5
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Steam App 730" = Counter-Strike: Global Offensive
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.04.2013 07:13:29 | Computer Name = Meruu-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.04.2013 10:28:12 | Computer Name = Meruu-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.04.2013 05:04:47 | Computer Name = Meruu-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.04.2013 10:37:35 | Computer Name = Meruu-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.04.2013 03:23:12 | Computer Name = Meruu-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.04.2013 08:50:52 | Computer Name = Meruu-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.04.2013 09:41:45 | Computer Name = Meruu-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.04.2013 16:10:07 | Computer Name = Meruu-PC | Source = System Restore | ID = 8210
Description = 
 
Error - 11.04.2013 16:11:54 | Computer Name = Meruu-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.04.2013 03:45:32 | Computer Name = Meruu-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 05.03.2013 23:23:03 | Computer Name = Meruu-PC | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
 übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
 unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 
Error - 05.03.2013 23:23:03 | Computer Name = Meruu-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 05.03.2013 23:23:03 | Computer Name = Meruu-PC | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
 übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
 unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 
Error - 05.03.2013 23:23:03 | Computer Name = Meruu-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 06.03.2013 04:38:49 | Computer Name = Meruu-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 06.03.2013 04:38:49 | Computer Name = Meruu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 06.03.2013 11:58:20 | Computer Name = Meruu-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 06.03.2013 11:58:20 | Computer Name = Meruu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 07.03.2013 05:53:56 | Computer Name = Meruu-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 07.03.2013 05:53:56 | Computer Name = Meruu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >

Gmer

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-12 10:35:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ADATA_SP rev.C3G_ 119,24GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Meruu\AppData\Local\Temp\pwloypog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075ad1465 2 bytes [AD, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075ad14bb 2 bytes [AD, 75]
.text  ...                                                                                                                                                    * 2

---- Files - GMER 2.1 ----

File   C:\Windows\System32\wbem\Performance\WmiApRpl_new.h                                                                                                    3444 bytes

---- EOF - GMER 2.1 ----

Vielen Dank für eure Hilfe im Voraus...

Firefox öffnet "e.ligatus..." automatisch

Plagegeister aller Art und deren Bekämpfung: Firefox öffnet "e.ligatus..." automatisch

Firefox öffnet "e.ligatus..." automatisch

Ähnliche Themen: Firefox öffnet "e.ligatus..." automatisch