![]() |
|
Plagegeister aller Art und deren Bekämpfung: Firefox öffnet "e.ligatus..." automatischWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() ![]() | ![]() Firefox öffnet "e.ligatus..." automatisch Hallo, liebe Community! Vorneweg, auf den Gebieten des PCs und der Schädlingsbekämpfung würde ich mich nicht gerade als "Pro" bezeichnen. Aber nun zu meinem Problem. Gestern hat sich ohne jede Vorwarnung ein neuer Tab in Firefox mit folgendem Link geöffnet: "http: //e. ligatus.com/Ligatus Fallback .gif?ids= 34088" (habe ich aus Google kopiert, da mir der genaue Link nicht mehr geläufig ist). Ich habe keine Ahnung, was das ist - habe in Google unter anderem etwas von Virus gefunden, aber auch nichts Konkretes. Während des Surfens habe ich eigentlich immer neben Virenscanner und Windows-Firewall NoScript und Adblock aktiv und meide unseriös klingende Seiten, falls das helfen sollte. Weiterhin habe ich auch schon einen Beitrag dazu im Forum gefunden, aber wollte nicht einfach wild drauflosdoktorn. Hier die Scans: OTL: Code:
ATTFilter OTL logfile created on: 12.04.2013 10:14:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Meruu\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,33 Gb Available Physical Memory | 79,53% Memory free 15,91 Gb Paging File | 14,39 Gb Available in Paging File | 90,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 72,63 Gb Free Space | 60,91% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 896,27 Gb Free Space | 96,22% Space Free | Partition Type: NTFS Drive E: | 7,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 100,00 Mb Total Space | 71,86 Mb Free Space | 71,87% Space Free | Partition Type: NTFS Drive G: | 511,62 Gb Total Space | 384,99 Gb Free Space | 75,25% Space Free | Partition Type: NTFS Drive H: | 1351,29 Gb Total Space | 1072,07 Gb Free Space | 79,34% Space Free | Partition Type: NTFS Drive I: | 2,00 Gb Total Space | 0,65 Gb Free Space | 32,59% Space Free | Partition Type: FAT Computer Name: MERUU-PC | User Name: Meruu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.12 10:02:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meruu\Desktop\OTL.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.07.19 19:00:56 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.07.19 19:00:54 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.07.19 19:00:30 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012.05.30 14:00:00 | 000,284,480 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2012.03.27 10:14:28 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe ========== Modules (No Company Name) ========== MOD - [2013.02.13 21:26:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.10 04:24:45 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\a9f8b35698a9a28f22861f7b814b79bc\IAStorCommon.ni.dll MOD - [2013.01.10 04:24:44 | 000,489,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c484ce0997e68573a00dc6cddf16e2ac\IAStorUtil.ni.dll MOD - [2013.01.10 04:21:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 04:21:27 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 04:21:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.10 04:21:18 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 04:21:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 04:21:15 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 04:21:13 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2010.11.21 08:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.03 00:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.07.19 19:00:56 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.07.19 19:00:54 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.07.19 19:00:30 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.06.19 19:10:34 | 000,634,632 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.12.20 10:28:14 | 000,341,800 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.10 17:56:25 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.09 05:01:18 | 000,445,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB) DRV:64bit: - [2012.07.03 17:25:18 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.07.03 00:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.05.30 13:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.04.12 00:30:00 | 000,708,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.03.27 10:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.03.27 10:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.03.27 10:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.02 08:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.07.26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2008.07.26 15:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2008.07.26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) DRV:64bit: - [2008.07.26 15:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {92F54EEC-695B-4CD8-ACB8-8521188424CD} IE:64bit: - HKLM\..\SearchScopes\{92F54EEC-695B-4CD8-ACB8-8521188424CD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS; IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {92F54EEC-695B-4CD8-ACB8-8521188424CD} IE - HKLM\..\SearchScopes\{92F54EEC-695B-4CD8-ACB8-8521188424CD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {92F54EEC-695B-4CD8-ACB8-8521188424CD} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Itunesnew\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: H:\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: H:\Firefox\components [2013.03.09 13:14:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: H:\Firefox\plugins [2012.09.01 13:10:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meruu\AppData\Roaming\mozilla\Extensions [2013.03.29 15:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meruu\AppData\Roaming\mozilla\Firefox\Profiles\voycfkip.default\extensions [2013.03.29 15:22:32 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\Meruu\AppData\Roaming\mozilla\firefox\profiles\voycfkip.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.02.14 21:28:18 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Meruu\AppData\Roaming\mozilla\firefox\profiles\voycfkip.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Java\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Java\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA5D05F9-DFAE-4D53-8E89-B8AE828EE494}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.04.25 22:54:19 | 000,013,128 | R--- | M] () - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2011.04.22 17:13:49 | 000,000,074 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{4b290048-f41e-11e1-be35-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4b290048-f41e-11e1-be35-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2011.04.25 22:54:19 | 000,013,128 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.12 10:02:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Meruu\Desktop\OTL.exe [2013.04.11 23:50:35 | 000,000,000 | ---D | C] -- C:\Users\Meruu\AppData\Roaming\Malwarebytes [2013.04.11 23:50:05 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.11 23:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.11 23:49:21 | 000,000,000 | ---D | C] -- C:\Users\Meruu\AppData\Local\Programs [2013.03.30 18:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.03.14 01:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.14 01:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.14 01:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight ========== Files - Modified Within 30 Days ========== [2013.04.12 10:02:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meruu\Desktop\OTL.exe [2013.04.12 09:50:52 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.12 09:50:52 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.12 09:48:53 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.12 09:48:53 | 000,654,602 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.12 09:48:53 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.12 09:48:53 | 000,130,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.12 09:48:53 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.12 09:43:44 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.12 09:43:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.12 09:43:38 | 2111,344,639 | -HS- | M] () -- C:\hiberfil.sys [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.19 18:04:48 | 000,002,245 | ---- | M] () -- C:\Users\Meruu\Documents\nachforschungsauftrag.rtf [2013.03.14 20:21:23 | 000,243,954 | ---- | M] () -- C:\Users\Meruu\Documents\lebenslaufneu.rtf [2013.03.14 20:12:34 | 000,001,692 | ---- | M] () -- C:\Users\Meruu\Documents\bewerbungflorstadt.rtf [2013.03.14 01:52:32 | 000,002,033 | ---- | M] () -- C:\Users\Meruu\Documents\bewerbungprospekt.rtf ========== Files Created - No Company Name ========== [2013.03.19 18:04:48 | 000,002,245 | ---- | C] () -- C:\Users\Meruu\Documents\nachforschungsauftrag.rtf [2013.03.14 20:07:36 | 000,001,692 | ---- | C] () -- C:\Users\Meruu\Documents\bewerbungflorstadt.rtf [2013.03.13 22:32:48 | 000,002,033 | ---- | C] () -- C:\Users\Meruu\Documents\bewerbungprospekt.rtf [2013.01.24 20:03:18 | 001,017,955 | ---- | C] () -- C:\Users\Meruu\Scannen0005.jpg [2013.01.24 20:03:18 | 000,461,634 | ---- | C] () -- C:\Users\Meruu\Scannen0006.jpg [2012.09.01 17:05:39 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.19 18:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.04.27 15:21:44 | 000,002,048 | ---- | C] () -- C:\Windows\hidcon.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.10 18:17:57 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\.minecraft [2012.10.15 11:35:47 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\Downloaded Installations [2013.04.11 22:08:59 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\ICQ [2012.11.05 20:47:16 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\Leadertech [2012.09.09 14:45:24 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\LolClient [2013.04.11 20:47:41 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\Mumble [2013.04.04 12:32:10 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\Nitro PDF [2013.03.22 02:26:49 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\SoftGrid Client [2012.10.24 21:03:46 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\TP [2012.09.09 18:57:42 | 000,000,000 | ---D | M] -- C:\Users\Meruu\AppData\Roaming\ts3overlay ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.04.2013 10:14:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Meruu\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,33 Gb Available Physical Memory | 79,53% Memory free 15,91 Gb Paging File | 14,39 Gb Available in Paging File | 90,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 72,63 Gb Free Space | 60,91% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 896,27 Gb Free Space | 96,22% Space Free | Partition Type: NTFS Drive E: | 7,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 100,00 Mb Total Space | 71,86 Mb Free Space | 71,87% Space Free | Partition Type: NTFS Drive G: | 511,62 Gb Total Space | 384,99 Gb Free Space | 75,25% Space Free | Partition Type: NTFS Drive H: | 1351,29 Gb Total Space | 1072,07 Gb Free Space | 79,34% Space Free | Partition Type: NTFS Drive I: | 2,00 Gb Total Space | 0,65 Gb Free Space | 32,59% Space Free | Partition Type: FAT Computer Name: MERUU-PC | User Name: Meruu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- H:\Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07116827-C965-4514-925D-57FCE0FFBBFA}" = lport=2869 | protocol=6 | dir=in | app=system | "{10B93ECD-F8B4-4950-9B86-C97730E121E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1921E80D-A64B-4E67-BF79-0F7E0608E353}" = rport=139 | protocol=6 | dir=out | app=system | "{3E177F11-4CF1-4611-949B-6FAC489974C0}" = lport=137 | protocol=17 | dir=in | app=system | "{4AA54BBD-AE4C-449A-A03B-7ADA47871AF1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{51B18C89-5306-4067-BFD5-D2BF85E0EF14}" = rport=138 | protocol=17 | dir=out | app=system | "{567BD6B5-5A20-4851-821A-D8B9FBC0277E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{569F60A4-B355-4924-97DC-92368669BC4B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{599AD2D3-5816-4D8D-A55C-1A9FFB27E487}" = lport=138 | protocol=17 | dir=in | app=system | "{5C362C6D-10ED-407E-A731-A87A0F84EB09}" = lport=139 | protocol=6 | dir=in | app=system | "{5E4921E6-3602-42A1-AD6E-512DEE98211C}" = rport=137 | protocol=17 | dir=out | app=system | "{64A0F9C7-70BC-4876-9194-CED239448F2B}" = lport=2869 | protocol=6 | dir=in | app=system | "{75D65371-344F-4E28-8C39-FB2AE277B9BB}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{96A52E0F-9E9D-405B-B92C-47F6D1452468}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{9D507A2A-BE73-40BC-9113-729A0FFD4F98}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{A3B71B45-9D4C-42CE-BB7E-AC9796BDC52D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ABA89E5B-79BE-4C18-8389-600A5B777D58}" = lport=445 | protocol=6 | dir=in | app=system | "{AC24C16F-3556-44F2-9052-0B07C876DDF9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AE973D08-9DC7-498C-81BD-CF21858EC62B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B23EBE35-F4A4-41E0-B57E-84B0AC411836}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BA4AA268-6A07-4119-8B77-0A1D366D935B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BCD7BE9D-3864-45BE-B898-31D27AC9F4C3}" = lport=10243 | protocol=6 | dir=in | app=system | "{C1B738F6-D756-486D-A609-7156A37B9E58}" = rport=445 | protocol=6 | dir=out | app=system | "{C751DAC7-2E0B-4A81-A73E-7D6F1B880B60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CADDFD5C-9C4B-4865-B8D2-AD28555432AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CB0F7061-7745-4956-8762-B7CD62D26634}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DB835E92-24E5-47B7-985E-13766C552142}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F2DAAD5D-E747-44C0-A1FA-DD019D177EC2}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{FE5A6EEA-2632-42A2-A953-6FB707E109F2}" = rport=10243 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{090BBC7B-D907-4F8B-A298-256A77F69B99}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{09631EF2-FB5B-4037-80AF-2CB8EE5E6875}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0A0234D2-899E-4886-8ADC-58037698EE82}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0E561CDE-A00E-4EBD-A736-EC8CEBEB32C2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{0EF0EA30-A287-4D1F-B71C-F66745B92327}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{10BA3D1A-5A6F-4FF3-9BF5-25851E4A4A3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1716D2BF-63F1-489D-9DDA-2AC8F1D5A908}" = protocol=58 | dir=in | app=system | "{197E0C96-EBCA-4AA6-BE8D-5A9538DD101D}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "{1AC7F30F-E36F-49FE-B83C-4FBBE199231D}" = protocol=6 | dir=out | app=system | "{1C92FE8F-41E4-470F-883D-2BF68547C146}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1F492E16-D8CB-493A-9B7F-402B5AF5C9AC}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\ys origin demo\yso_dm_win.exe | "{2141A870-F42F-48D8-8AEA-1E66CE656F9D}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam.exe | "{25916554-00BE-46C7-B3AE-AC11E9C2C407}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampionsloader.exe | "{270B6C79-72F3-47F4-9C36-35D303A5F471}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2CBE0309-D7E7-494F-882F-9D3D988B63D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2E802FF5-54BC-438F-93F8-435D7B3F7EAF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2F5B3C85-B817-4114-A58B-9A6D87D1C3E6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{311F30CD-B344-451D-BDF0-D546B6BC0B7E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{3C4DD8CC-6B7A-40BD-95F7-BC9CB1A0FDFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4903B354-E82D-4305-91D2-123B51AD2233}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\day of defeat source\hl2.exe | "{49D6128B-7F14-4385-80D9-CD3AE3C89569}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\day of defeat source\hl2.exe | "{4A52401B-A025-435B-B889-77C92BD0939D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4C4E9927-5E24-4A46-9D93-D5CAAD1202E9}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampionsloader.exe | "{4D24481C-14F8-4020-8316-CCF632F66A7A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4E9E1080-3697-4F1F-AB04-22B173BBCB14}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\day of defeat source\hl2.exe | "{558CA7BB-138D-4C4B-9DC9-2F41CE61A5DE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5B61BEC5-B3BE-45E2-A013-958A62608137}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{70CA1907-67B0-47E1-A5DD-329188F08ACB}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\ys origin demo\config_dm.exe | "{76388048-0159-482D-9D40-AD4A40E7489A}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\day of defeat source\hl2.exe | "{7C52E84F-EA52-4BF9-8E69-19D8EC7A3E92}" = protocol=6 | dir=in | app=h:\wolfenstein\wolfenstein - enemy territory\et.exe | "{82DA44CA-171A-4F57-BBF5-6172B4DDB7BB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{83DFFFE7-FB6C-4665-AD69-7F2F6170993B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8911C983-9A8B-4A95-8077-3DFEAD9AC7B0}" = dir=in | app=h:\itunesnew\itunes.exe | "{8A379AD7-A923-4987-9A9B-D9886E55847F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8F95BC8D-B294-478B-A27E-CAE63874C44F}" = protocol=6 | dir=in | app=h:\hunted\binaries\win32\p4dftre.dll | "{8FA1DF2C-D65A-4CFC-99AF-BD6FBE214571}" = protocol=17 | dir=in | app=h:\hunted\binaries\win32\p4dftre.dll | "{912DBFEA-123E-47E0-8965-B8B3A0267C2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{95DDAA80-60F1-456A-A4F8-AAB9B559796B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9B7279B7-915C-4130-8BC0-97B4236D363C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{9D14BF6E-33C5-4157-8DF3-BD179E63B1D2}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\ys origin demo\yso_dm_win.exe | "{9DD13FE0-01C0-48B9-BD5E-DDE0A16D5FAE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A99A1845-95DF-4FDD-B9DA-DB4F92227BDA}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "{AC107865-D910-459E-9F3E-EA832F3E3FD6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BD9598D7-DC89-46C1-854E-B7DA56473B00}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam.exe | "{BE8C0BAB-A8A5-49E1-B7AC-897A3870453A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C0EBB2C3-786B-4BE0-B3EE-192E2BE7B684}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C388FD61-2D9E-4B1D-97DC-6CE5FF2E27C6}" = protocol=17 | dir=in | app=h:\wolfenstein\wolfenstein - enemy territory\et.exe | "{C85965EA-7A9C-483A-8A75-F1724609161D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CAAC8F3A-E9EE-44AF-85FE-1852D5D3E565}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{CC822044-E3BF-4FBA-840A-0418FA6B1AC9}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{CE07601B-1BC0-4BF1-B6DB-C8DC579E5702}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D0477573-7251-4921-ABC2-9A0250D78142}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D508DD3E-C296-4211-A203-E6BCF53C7FC4}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{E55A062D-42D6-434D-BF64-D45839C7E0FD}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{EAE66045-A57C-4C00-9949-0091D9CA1F42}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{EC30855A-5677-4C22-9E5D-3D96244AA370}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\day of defeat source\hl2.exe | "{ECF14DFA-AB32-4C16-8794-B0F443EC829C}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\day of defeat source\hl2.exe | "{F24E673E-745F-493A-B03A-882E7D687327}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\ys origin demo\config_dm.exe | "{FA88E811-95A0-4F24-B7E2-16DE0B5909F2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FE3CEE63-C314-488E-B4F1-ADF9FCC69FF8}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe | "TCP Query User{00228CAF-DD6A-4E9E-9539-6DB7D4B728BF}H:\eigene dateien und dokumente\musik2\329893018 noi\age of empires\empiresx.exe" = protocol=6 | dir=in | app=h:\eigene dateien und dokumente\musik2\329893018 noi\age of empires\empiresx.exe | "TCP Query User{2CFE6554-4699-49AD-849C-B33BECC3A2CF}H:\wolfenstein\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=h:\wolfenstein\wolfenstein - enemy territory\et.exe | "TCP Query User{5028697E-5440-4153-BB5E-8EB2CF669F6E}G:\program files (x86)\icq7.6\icq.exe" = protocol=6 | dir=in | app=g:\program files (x86)\icq7.6\icq.exe | "TCP Query User{5134B4D3-EF21-4943-8395-48573674AB2F}H:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=h:\guild wars 2\gw2.exe | "TCP Query User{5E1256FB-C772-433F-89B7-81D57A96CE7F}\\kireille-pc\users\public\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=\\kireille-pc\users\public\guild wars 2\gw2.exe | "TCP Query User{791AEE5A-210A-4DF0-87FA-430EDAA2D325}G:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=g:\program files (x86)\skype\phone\skype.exe | "TCP Query User{810D0D22-E804-4C7F-9F39-DD5EEEC5C376}G:\program files (x86)\steam\steamapps\flyuruba\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\counter-strike source\hl2.exe | "TCP Query User{82A09523-46A8-49B7-BB2F-134893F99688}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{8AE05F2D-E9EB-4810-BF28-AAC56BF9CE01}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{ACB2FD59-2883-4B13-83C4-C09317408C67}G:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe | "TCP Query User{B08DE2DE-CDF7-4AEB-AE7B-39199AD5F325}H:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=h:\guild wars 2\gw2.exe | "TCP Query User{F1D02CE3-4382-47F4-A981-289434D040E6}G:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=g:\program files (x86)\skype\phone\skype.exe | "UDP Query User{2C282A50-26BD-49DD-9AAF-44D3CED64A87}G:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe | "UDP Query User{414500A2-B060-4489-BB87-47CCE544D3DC}G:\program files (x86)\icq7.6\icq.exe" = protocol=17 | dir=in | app=g:\program files (x86)\icq7.6\icq.exe | "UDP Query User{515BBFDB-46FB-42C5-99B5-3980457B7E9E}H:\eigene dateien und dokumente\musik2\329893018 noi\age of empires\empiresx.exe" = protocol=17 | dir=in | app=h:\eigene dateien und dokumente\musik2\329893018 noi\age of empires\empiresx.exe | "UDP Query User{6ACE9762-1D27-48BC-975A-20EB6841869E}\\kireille-pc\users\public\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=\\kireille-pc\users\public\guild wars 2\gw2.exe | "UDP Query User{90B5B4A3-56C0-4C4E-B5FA-23E4A6C1C9D1}G:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=g:\program files (x86)\skype\phone\skype.exe | "UDP Query User{95E48F59-F362-458E-83DB-0A3866DC0950}G:\program files (x86)\steam\steamapps\flyuruba\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\flyuruba\counter-strike source\hl2.exe | "UDP Query User{A6DB34D0-7A63-430C-885D-8879A0F44D33}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{B40A5742-8F4B-4283-ADFD-CE7B00FD171B}G:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=g:\program files (x86)\skype\phone\skype.exe | "UDP Query User{BB1F5677-0A77-4E9C-BF57-6D2E22099204}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{C6AEF75E-47FF-40F8-8C5F-2FDA743F59B6}H:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=h:\guild wars 2\gw2.exe | "UDP Query User{D4292C91-1494-4CAA-9999-0769B601BEDB}H:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=h:\guild wars 2\gw2.exe | "UDP Query User{D5DDDEC9-0B0A-4253-B9EE-59B7CCF463B1}H:\wolfenstein\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=h:\wolfenstein\wolfenstein - enemy territory\et.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133 "{6E206106-BD80-4D56-8F74-FE43AA1C7160}" = Nitro PDF Reader 2 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "sp6" = Logitech SetPoint 6.32 "WinRAR archiver" = WinRAR 4.00 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3 "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Hunted: The Demon's Forge_is1" = Hunted: The Demon's Forge Version 1.0 "LastFM_is1" = Last.fm 1.5.4.27091 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Messenger Plus!" = Messenger Plus! 5 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Steam App 730" = Counter-Strike: Global Offensive "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de) "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08.04.2013 07:13:29 | Computer Name = Meruu-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 08.04.2013 10:28:12 | Computer Name = Meruu-PC | Source = WinMgmt | ID = 10 Description = Error - 09.04.2013 05:04:47 | Computer Name = Meruu-PC | Source = WinMgmt | ID = 10 Description = Error - 09.04.2013 10:37:35 | Computer Name = Meruu-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 10.04.2013 03:23:12 | Computer Name = Meruu-PC | Source = WinMgmt | ID = 10 Description = Error - 11.04.2013 08:50:52 | Computer Name = Meruu-PC | Source = WinMgmt | ID = 10 Description = Error - 11.04.2013 09:41:45 | Computer Name = Meruu-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.04.2013 16:10:07 | Computer Name = Meruu-PC | Source = System Restore | ID = 8210 Description = Error - 11.04.2013 16:11:54 | Computer Name = Meruu-PC | Source = WinMgmt | ID = 10 Description = Error - 12.04.2013 03:45:32 | Computer Name = Meruu-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 05.03.2013 23:23:03 | Computer Name = Meruu-PC | Source = Schannel | ID = 36874 Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung. Error - 05.03.2013 23:23:03 | Computer Name = Meruu-PC | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107. Error - 05.03.2013 23:23:03 | Computer Name = Meruu-PC | Source = Schannel | ID = 36874 Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung. Error - 05.03.2013 23:23:03 | Computer Name = Meruu-PC | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107. Error - 06.03.2013 04:38:49 | Computer Name = Meruu-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 06.03.2013 04:38:49 | Computer Name = Meruu-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 06.03.2013 11:58:20 | Computer Name = Meruu-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 06.03.2013 11:58:20 | Computer Name = Meruu-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 07.03.2013 05:53:56 | Computer Name = Meruu-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 07.03.2013 05:53:56 | Computer Name = Meruu-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-04-12 10:35:31 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ADATA_SP rev.C3G_ 119,24GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Meruu\AppData\Local\Temp\pwloypog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ad1465 2 bytes [AD, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ad14bb 2 bytes [AD, 75] .text ... * 2 ---- Files - GMER 2.1 ---- File C:\Windows\System32\wbem\Performance\WmiApRpl_new.h 3444 bytes ---- EOF - GMER 2.1 ---- |
Themen zu Firefox öffnet "e.ligatus..." automatisch |
adblock, autorun, bho, bonjour, error, fehler, firefox, flash player, format, google, helper, home, install.exe, launch, link geöffnet, logfile, microsoft office starter 2010, object, origin, plug-in, realtek, registry, rundll, scan, security, software, svchost.exe, teamspeak, udp, usb, virus, windows-firewall |