|
Plagegeister aller Art und deren Bekämpfung: Verschlüsselungs-Trojaner vom 22.05.2012Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.05.2012, 23:29 | #1 |
| Verschlüsselungs-Trojaner vom 22.05.2012 Hallo, leider hat es auch mich erwischt mit dem Trojaner. Ich nutze Win7 64bit auf einem Acer Desktop PC. Ich konnte zwar, nachdem der Trojaner alles Lahm legte, über den Taskmanager das übel ausschalten, doch leider hat es mir jegliche Dokumente, Musik- und Videodateien sowie alle Bilder, zerhauen. Die dateien haben Namen wie "JUGstUfDXaeapALEnqAQO" ohne Datei-Endung Ich habe Malwarebytes mittlerweile drüberlaufen lassen und alle Schädlinge mit diesem Programm entfernt (Es hat ca. 4 Neustarts gebraucht um und bei jedem erneuten Durchlauf endlich keine Meldung mehr zu bekommen), Der Rechner lässt sich wieder normal starten, scheint keine Mucken mehr zu machen, bis auf die verschlüsselten Dokumente. Ich wäre wirklich froh wenn es sich irgendwie einrichten lässt, die Laufwerke "D" und "M" (eben jede auf denen ich diese Sachen alle gespeichert habe) wieder auf Vordermann zu bekommen, zwar bin ich schon froh um die Formatierung herumzukommen, aber leider hat selbst die Wiederherstellung auf einen 4 Tage alten Speicherpunkt nichts gebracht da dieser offensichtlich nur Laufwerk "C" beinflusst. Gerne geben ich jegliche Informationen raus, die benötigt werden um dem Problem eventuell auf den Grund zu gehen. |
23.05.2012, 06:39 | #2 | |||
/// Helfer-Team | Verschlüsselungs-Trojaner vom 22.05.2012 Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
► Ich kann Dir beim Entfernen der Malware helfen, aber mit dem Verschlüsselung aufheben wird schwieriger...kann sein, dass wir nur ein Teil vom großen & Ganzen entschlüsseln können, oder eben garnix davon! ► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen: Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen: Code:
ATTFilter Malwarebytes (alle vorhandenen Protokolle!) Am besten alle verschlüsselten Daten extern sichern (auf leere USB-Stick oder ext. Festplatte). Dann mit Entschlüsselung beginnen. Also am Computer sollen die geänderten Daten um Nummer sicher zu gehen zuerst unberührt bleiben Wenn alles gut geht, kannst Du dann am PC weiter machen 3. Vorgehen beim Verschlüsselungs-Trojaner :-> http://www.trojaner-board.de/114783-...ubersicht.html ► SemperVideo hat ein Video zum Thema erstellt. ** Außerdem kannst versuchen die verschlüsselte Dateien auf einen leeren USB Stick speichern. Wenn Du weiß was für dateien sind (z.B *.jpg, *.doc usw) dann benenne sie alle wieder in Originalform wie vorher, also z.B in eine .jpg Datei 4. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
5. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
kira
__________________ |
23.05.2012, 10:18 | #3 |
| Verschlüsselungs-Trojaner vom 22.05.2012 Danke Schonmal für die Antwort, hier habe ich schoneinmal den Malwarebytes Bericht:
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.23.03 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Nanapi :: NANAPI-PC [Administrator] Schutz: Aktiviert 23.05.2012 11:04:40 mbam-log-2012-05-23 (11-04-40).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 222482 Laufzeit: 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Ich habe soeben mit einem Beispielbild versucht die Datei wieder in eine .jpg zu ändern (auf einem USB Stick) und es hat funktioniert! Ich hoffe das ist schonmal die halbe Miete. Zu Punkt 4: OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.05.2012 11:19:43 - Run 1 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Nanapi\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,98 Gb Available Physical Memory | 74,73% Memory free 16,00 Gb Paging File | 13,70 Gb Available in Paging File | 85,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457,95 Gb Total Space | 265,48 Gb Free Space | 57,97% Space Free | Partition Type: NTFS Drive D: | 360,81 Gb Total Space | 335,14 Gb Free Space | 92,89% Space Free | Partition Type: NTFS Drive F: | 497,05 Mb Total Space | 405,32 Mb Free Space | 81,54% Space Free | Partition Type: FAT Drive M: | 97,66 Gb Total Space | 65,49 Gb Free Space | 67,06% Space Free | Partition Type: NTFS Computer Name: NANAPI-PC | User Name: Nanapi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Nanapi\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\PCstunnel\stunnel.exe (**) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe (Logitech Inc.) PRC - C:\Program Files (x86)\DisplayFusion\AppHookx86.exe (Binary Fortress Software) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\AChat\AChat.exe (AChat team) PRC - C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Program Files (x86)\PCstunnel\ZLIB1.dll () ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.) SRV - (sesvc) -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe (www.shadowexplorer.com) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe () SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology) DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology) DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (WRfiltv) -- C:\Windows\SysNative\drivers\WRfiltv.sys (Creative Technology Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 80 7F 7D CA FB CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109989&babsrc=SP_ss&mntrId=0606b79a000000000000002511a295ca IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 174.142.166.19:3128 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 15:50:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.06 22:23:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.03.06 22:23:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nanapi\AppData\Roaming\mozilla\Extensions [2012.05.22 23:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nanapi\AppData\Roaming\mozilla\Firefox\Profiles\75y9d9j9.default\extensions [2012.04.25 15:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions File not found (No name found) -- C:\USERS\NANAPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\75Y9D9J9.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI [2012.04.25 15:50:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.12.16 03:03:07 | 000,000,905 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 10.6.0.2 www.emea.alchemicdream.org O1 - Hosts: www.emea.alchemicdream.org to 10.6.0.1 O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [AChat] C:\Program Files (x86)\AChat\AChat.exe (AChat team) O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software) O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_SD0A7.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [uTorrent] "M:\utorrent\uTorrent.exe" /MINIMIZED File not found O4 - Startup: C:\Users\Nanapi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AD Talk.lnk = C:\Program Files (x86)\AD Talk\AD Talk.exe (Deckers & Staelens VOF) O4 - Startup: C:\Users\Nanapi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Nanapi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PCstunnel.lnk = C:\Program Files (x86)\PCstunnel\stunnel.exe (Michal Trojnara) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BC62D34-F182-43D9-8A3A-E228EDD5D5E0}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6433050e-67bb-11e1-ad09-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6433050e-67bb-11e1-ad09-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.22 19:06:52 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\www.shadowexplorer.com [2012.05.22 19:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer [2012.05.22 19:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShadowExplorer [2012.05.22 17:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.22 17:44:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.05.22 16:23:06 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\Malwarebytes [2012.05.22 16:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.22 16:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.22 16:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Inspector File Recovery [2012.05.22 15:34:52 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\Avira [2012.05.22 15:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.05.22 15:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.05.14 21:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012.05.14 21:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III [2012.05.11 15:33:21 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\SFBot [2012.05.11 15:33:06 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\Desktop\sf [2012.05.10 22:45:17 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Local\Funcom [2012.05.10 22:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom [2012.05.10 22:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funcom [2012.05.09 16:54:37 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2012.05.09 16:54:37 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.09 16:54:37 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2012.05.09 16:54:37 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2012.05.09 16:54:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2012.05.09 16:54:17 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.05.09 16:54:16 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.05.09 16:54:16 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.05.09 13:03:20 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\.thumbnails [2012.05.09 13:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation [2012.05.09 13:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation [2012.05.04 17:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2012.04.27 14:50:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2012.04.27 14:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2012.04.27 14:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2012.04.27 14:31:14 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Local\WinZip [2012.04.27 14:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2012.04.27 14:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip [2012.04.27 14:29:47 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\uTorrent [2012.04.25 15:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.04.25 15:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla ========== Files - Modified Within 30 Days ========== [2012.05.23 11:12:53 | 001,612,560 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.23 11:12:53 | 000,696,638 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.23 11:12:53 | 000,651,956 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.23 11:12:53 | 000,147,934 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.23 11:12:53 | 000,120,888 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.23 11:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.23 10:49:11 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.23 10:49:11 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.23 10:41:40 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2012.05.23 10:41:34 | 2146,807,807 | -HS- | M] () -- C:\hiberfil.sys [2012.05.22 23:35:10 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2012.05.22 23:35:10 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2012.05.22 23:23:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA(51).DAT [2012.05.22 23:22:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat(36).dat [2012.05.22 19:06:44 | 000,001,885 | ---- | M] () -- C:\Users\Nanapi\Desktop\ShadowExplorer.lnk [2012.05.22 17:44:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.22 14:41:18 | 000,000,000 | ---- | M] () -- C:\Users\Nanapi\Desktop\LsLAqLAELAvgrvguvgs [2012.05.14 21:43:36 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.05.10 23:59:36 | 000,000,554 | ---- | M] () -- C:\Users\Nanapi\Desktop\XGVvElUJApGuyasd [2012.05.10 22:45:16 | 000,001,203 | ---- | M] () -- C:\Users\Public\Desktop\The Secret World.lnk [2012.05.10 12:55:11 | 002,222,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.09 13:02:59 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Blender.lnk [2012.05.07 23:19:16 | 000,001,405 | ---- | M] () -- C:\Users\Nanapi\Desktop\Photoshop (2) - Verknüpfung.lnk [2012.05.05 15:01:08 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.05.05 15:01:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.05.05 15:01:03 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2012.04.29 15:47:45 | 001,565,686 | ---- | M] () -- C:\Users\Nanapi\Desktop\VGUGdfxaeDTsXaeL [2012.04.29 15:47:45 | 001,565,686 | ---- | M] () -- C:\Users\Nanapi\Desktop\mcpatcher-2.3.6_02.exe [2012.04.29 15:25:01 | 000,278,561 | ---- | M] () -- C:\Users\Nanapi\Desktop\Minecraft(1).exe ========== Files Created - No Company Name ========== [2012.05.22 23:31:15 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml [2012.05.22 23:31:15 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2012.05.22 19:06:44 | 000,001,885 | ---- | C] () -- C:\Users\Nanapi\Desktop\ShadowExplorer.lnk [2012.05.22 17:44:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.22 16:45:08 | 000,879,394 | ---- | C] () -- C:\Users\Nanapi\Desktop\Chrysanthemum.jpg [2012.05.22 16:45:08 | 000,845,941 | ---- | C] () -- C:\Users\Nanapi\Desktop\Desert.jpg [2012.05.22 16:45:08 | 000,780,831 | ---- | C] () -- C:\Users\Nanapi\Desktop\Koala.jpg [2012.05.22 16:45:08 | 000,777,835 | ---- | C] () -- C:\Users\Nanapi\Desktop\Penguins.jpg [2012.05.22 16:45:08 | 000,620,888 | ---- | C] () -- C:\Users\Nanapi\Desktop\Tulips.jpg [2012.05.22 16:45:08 | 000,595,284 | ---- | C] () -- C:\Users\Nanapi\Desktop\Hydrangeas.jpg [2012.05.22 16:45:08 | 000,561,276 | ---- | C] () -- C:\Users\Nanapi\Desktop\Lighthouse.jpg [2012.05.22 16:43:36 | 000,027,648 | ---- | C] () -- C:\Users\Nanapi\Desktop\VuAefJNoXxgEeGOnyXdQj [2012.05.22 16:43:36 | 000,027,648 | ---- | C] () -- C:\Users\Nanapi\Desktop\unDdGNATsNLatgJ [2012.05.22 16:43:36 | 000,022,324 | ---- | C] () -- C:\Users\Nanapi\Desktop\ryXsNqXeVdvsVvLlnlUO [2012.05.22 16:43:36 | 000,022,020 | ---- | C] () -- C:\Users\Nanapi\Desktop\pxvALDdgolUvEe [2012.05.22 16:43:36 | 000,021,146 | ---- | C] () -- C:\Users\Nanapi\Desktop\UQEedrEjTVvATfJNEX [2012.05.14 21:22:37 | 000,001,207 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.05.10 22:45:16 | 000,001,203 | ---- | C] () -- C:\Users\Public\Desktop\The Secret World.lnk [2012.05.09 13:02:59 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Blender.lnk [2012.05.07 23:19:31 | 000,001,405 | ---- | C] () -- C:\Users\Nanapi\Desktop\Photoshop (2) - Verknüpfung.lnk [2012.04.29 15:47:42 | 001,565,686 | ---- | C] () -- C:\Users\Nanapi\Desktop\VGUGdfxaeDTsXaeL [2012.04.29 15:47:42 | 001,565,686 | ---- | C] () -- C:\Users\Nanapi\Desktop\mcpatcher-2.3.6_02.exe [2012.04.29 15:25:01 | 000,278,561 | ---- | C] () -- C:\Users\Nanapi\Desktop\Minecraft(1).exe [2012.04.27 14:53:48 | 000,000,872 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk [2012.04.27 14:52:45 | 000,000,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk [2012.04.27 14:51:46 | 000,001,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk [2012.04.27 14:51:38 | 000,000,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk [2012.04.27 14:50:28 | 000,000,846 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk [2012.03.26 16:03:36 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.03.26 15:13:58 | 001,588,838 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.07 20:32:17 | 000,001,801 | ---- | C] () -- C:\Windows\WRcfg.ini [2012.03.07 20:32:17 | 000,000,388 | ---- | C] () -- C:\Windows\WRMCcfg.ini [2012.03.07 20:32:16 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012.03.07 20:32:16 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.05.2012 11:19:43 - Run 1 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Nanapi\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,98 Gb Available Physical Memory | 74,73% Memory free 16,00 Gb Paging File | 13,70 Gb Available in Paging File | 85,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457,95 Gb Total Space | 265,48 Gb Free Space | 57,97% Space Free | Partition Type: NTFS Drive D: | 360,81 Gb Total Space | 335,14 Gb Free Space | 92,89% Space Free | Partition Type: NTFS Drive F: | 497,05 Mb Total Space | 405,32 Mb Free Space | 81,54% Space Free | Partition Type: FAT Drive M: | 97,66 Gb Total Space | 65,49 Gb Free Space | 67,06% Space Free | Partition Type: NTFS Computer Name: NANAPI-PC | User Name: Nanapi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06248BC0-EA70-4B32-B915-F222365A48BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0B31D0C1-A874-4A9D-BE60-625A99338F03}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{1F18F33E-2C92-4568-AF6D-FFF2137E8607}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{226D70CB-B3F5-410C-977E-46456A13DD76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{30C8F297-0D3C-40EF-9621-3E22C7B125AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{31B8A62B-4770-46BA-BD85-1395A487FB03}" = lport=2869 | protocol=6 | dir=in | app=system | "{3CFB4309-9C0A-4D24-A049-8D207388EB21}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4D44EB6C-03C2-4B52-B7C1-BE65C2FEA92C}" = rport=137 | protocol=17 | dir=out | app=system | "{5D69EFA4-AF7C-4196-9094-AB719EE591C4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{80B89988-9D3E-4309-A0C0-355534466E4A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{81700DA7-AC37-42D7-A398-F79638CD9F54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{862E4826-E4F6-41AE-8CC9-AEA745871284}" = lport=10243 | protocol=6 | dir=in | app=system | "{8D539E87-7808-467A-90E4-1FAF0B80E8EA}" = rport=445 | protocol=6 | dir=out | app=system | "{8D72B97B-5EB7-47D2-844A-571309556963}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{925DE13B-920F-4909-B766-130A91BC6C96}" = rport=10243 | protocol=6 | dir=out | app=system | "{99100CAD-B7B2-4FA5-8934-989FFB0616AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9A2C55B2-0A4C-495A-94FC-0712E99F463E}" = rport=138 | protocol=17 | dir=out | app=system | "{A9DDA244-A4B1-4095-A252-352C3A4D70BD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BB7F73ED-4A9B-442E-BBD7-6FD42EA57E73}" = lport=139 | protocol=6 | dir=in | app=system | "{BBE57936-668C-4A63-B881-136D1297FAAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D5665E03-FDDA-41C4-AC9F-3ADB1DAC7DE4}" = lport=138 | protocol=17 | dir=in | app=system | "{DA786DF6-BA89-49CE-A817-7ED3E25B3FBA}" = lport=445 | protocol=6 | dir=in | app=system | "{DB868C6B-F52E-4972-8719-ADDFF9E77BEC}" = rport=139 | protocol=6 | dir=out | app=system | "{F8755E77-6AB6-41B4-9F32-9C5BA4827D51}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{014D30DA-E7BC-43EA-AC26-E767613B465F}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | "{0B71C2DF-4252-443E-9DBD-388D2B9E7144}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{127F4632-8877-4D32-BCAC-D21A7DF41E1F}" = protocol=17 | dir=in | app=m:\utorrent\utorrent.exe | "{194AC8CB-0895-40D1-8676-264075E8E41D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1A0B42FD-BB7C-4F53-A8B0-6BF992D537AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1A972EDD-060E-4841-A961-C85DBD06947D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1B0D02E3-76CD-44C9-8C0A-544768E255B4}" = protocol=6 | dir=in | app=d:\games\mass effect\binaries\masseffect.exe | "{1DF23F37-2081-433C-9733-B1F1C094C9E1}" = protocol=6 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe | "{21211307-0A76-446D-964C-5CD830AD1228}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\star wars - the old republic\launcher.exe | "{284FA45B-B622-491F-BBFE-E908BB0EAAAA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2863E1F1-F5EF-4A19-81AF-D2DC87AB1451}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | "{2969915D-48B5-4536-8287-6A7B680ADB65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{497A6276-C84D-4AFD-ABB5-8E9A0A90E77C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe | "{4B8CC211-426C-429F-9279-DB132294DB04}" = protocol=17 | dir=in | app=d:\games\mass effect\binaries\masseffect.exe | "{5A55004D-8099-4FA4-8FE8-8896A68040CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5E85D880-B01A-434A-9B55-238C93285957}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5F6D52D0-A388-4397-827D-B1E3458FB90B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{63A200C5-BD29-41FA-9810-B6D388CF5372}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe | "{65CE6DF4-A82A-4E1D-8DF6-A55318A30C75}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6CF0F469-5C2A-4200-BD31-D0C8F2F5B9EA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{6D175E44-54E7-4AB0-9029-51E8CB4589A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6FBE7749-6129-400C-A0C5-AB707EE41C11}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{76D19408-3DEB-4613-A24A-D605E12A273A}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{783B5E0E-EF13-4C72-A0B3-B923F7EBABE0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | "{7AB2C367-7E61-472F-9AC7-B04778177FCB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{7AEF7A29-5BE0-4E1A-80A7-737A48F6190F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8D9363F3-E7BB-4F3D-98A8-D66263FCE3CA}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe | "{8FEF9E21-96F0-4F9A-A7BC-C6D9323726E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe | "{90027F42-FCDC-44A6-B820-1A01230EB7D9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{9381FFC7-9D17-4A3E-90DD-C2DFEA6B28CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{984B7067-D2CA-4350-8880-AB6733CC1667}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{993A979C-E059-4DFC-B277-EA1D53CAED4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9E6F57D8-0F4F-4EB4-A407-D725932775B1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | "{A506929A-6438-41AE-B291-98BA15E6234E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\star wars - the old republic\launcher.exe | "{AB66DBE2-BAC6-4491-97A5-3BE55A60EB4B}" = protocol=6 | dir=out | app=system | "{AEF18C25-28B4-4D00-9B5A-6A834099BBDD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AF93B265-2E8F-44D1-A65C-532CAE030B20}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | "{BE8759F4-C72D-4DE2-8FE9-E64EF0544B79}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{C3C7D8BC-FD19-4A73-AFF8-274798BFB743}" = protocol=17 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe | "{CD4CECDA-2CB1-4879-BC39-0DC8338ED3FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CD76FB3E-9112-4AB5-BBFB-5EDCDFE4D92D}" = protocol=6 | dir=in | app=d:\games\mass effect\masseffectlauncher.exe | "{D0100B5B-E60F-40D9-AB70-71A5ED34A64E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D0CD1FC4-3348-4E35-87A2-1ABB981FC8D7}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{D68F30F7-483B-486E-9D85-6EF61AE7980D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | "{D8C19521-F52A-445E-AEA3-DAC102925641}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{DD86C093-B3D1-433C-9A53-CEB0495ED7B5}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | "{DEB02804-B2F8-42F4-A8AF-324AF4CE71C7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DF175AC8-A4CA-4C80-8FAE-91EC3BE3385E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | "{E334D512-10F9-462E-AC94-5A1A2E07A1D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe | "{E41FF75D-D7CC-4F6D-BB55-BA7B852C3688}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{EFE79E4A-4BDC-4F8B-83FB-05498BE7BA33}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F0E3172D-1CC4-46A6-899F-D20ED472C1F5}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{F3B06FD4-E3D7-44C7-92AA-19FA60D2A54B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F6129A19-53AA-4262-93C3-B56EF918BE94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe | "{F971813C-A066-4219-B72F-04D24058F187}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F9724F1E-656B-41A0-A0E4-BD62A3EF3B0B}" = protocol=6 | dir=in | app=m:\utorrent\utorrent.exe | "{FBC9DFED-23FC-4CF9-9510-BFB9317CC45D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FD50A586-17AB-482B-B3E4-2C725EA49D24}" = protocol=17 | dir=in | app=d:\games\mass effect\masseffectlauncher.exe | "TCP Query User{080124C2-1E04-4243-A3C2-C22C908197B6}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "TCP Query User{0E4FD924-A82A-421E-B63B-670E337C0AC0}C:\program files (x86)\achat\achat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\achat\achat.exe | "TCP Query User{26CEE0C0-1FE8-4801-98BA-16EDAAF48C06}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | "TCP Query User{32D08A13-484D-41A2-AB96-3951E01BE1B7}C:\program files (x86)\diablo iii beta\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | "TCP Query User{49A917EC-CEBD-4ED8-8FBE-576ADEE372C8}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe | "TCP Query User{57467F4C-6AA1-426D-93D2-23A11926EAD0}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | "TCP Query User{5BB88F56-9899-4197-B2D7-4478270F9735}C:\program files (x86)\achat\achat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\achat\achat.exe | "TCP Query User{788AFC9D-892B-4BBB-90CF-BF7DBB6521E8}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "TCP Query User{FF2F4937-FB21-4D41-8AFC-21C556C02442}C:\program files (x86)\ad talk\ad talk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe | "UDP Query User{16006B64-D67E-471A-904E-12F46D53C135}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | "UDP Query User{2B223835-467E-4A5D-ABD2-E2721719EFD6}C:\program files (x86)\ad talk\ad talk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe | "UDP Query User{4BC95F01-3A3A-4E94-A4D9-0C5E94C71098}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "UDP Query User{650A81CD-026C-4028-9C2A-FAA3D80A3065}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "UDP Query User{7B529A3C-3CC0-4530-8E8D-C2A3C216DBC0}C:\program files (x86)\diablo iii beta\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | "UDP Query User{A463C496-3A70-4FE1-BD2A-3882414C7FCE}C:\program files (x86)\achat\achat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\achat\achat.exe | "UDP Query User{C6C47C5E-9419-41EF-9EC5-906606DFCE51}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe | "UDP Query User{E82A1280-FCBF-4918-8BAA-51B70B9E1CC9}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | "UDP Query User{FB3F8E85-11DF-49E5-A863-87DF47941D80}C:\program files (x86)\achat\achat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\achat\achat.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1" = Free Opener "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "Blender" = Blender "EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall "Logitech Gaming Software" = Logitech Gaming Software 8.20 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Pen Tablet Driver" = Bamboo "WinRAR archiver" = WinRAR 4.11 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08FD4323-8909-4973-BD2E-7250D2D93D0C}_is1" = Auto Mouse Mover 1.3.3 "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3 "{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E00F999C-80D1-460F-BCE1-CD0140215CBC}}_is1" = openCanvas 5.1.04 "{E010C6F5-3EE2-4293-A461-0FFCF4CF01A5}" = Sound Blaster World of Warcraft Wireless Headset "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "5513-1208-7298-9440" = JDownloader 0.9 "AChat_is1" = AChat v0.150 "AD Talk" = AD Talk "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3 "AudibleManager" = AudibleManager "B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.4.0 "BabylonToolbar" = Babylon toolbar on IE "DAEMON Tools Lite" = DAEMON Tools Lite "Diablo III" = Diablo III "EVEMon" = EVEMon "InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play "KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NCLauncher_GameForge" = NC Launcher (GameForge) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenVPN" = OpenVPN 2.1_rc22 "Opera 11.61.1250" = Opera 11.61 "Origin" = Origin "PCstunnel" = PCstunnel "ShadowExplorer_is1" = ShadowExplorer 0.8 "Steam App 8510" = EVE Online Demo "SysInfo" = Creative Systeminformationen "The Secret World_is1" = The Secret World "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.0 "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin "Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "fc3cd95d63145b11" = RightNow (frogster) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11.05.2012 15:02:55 | Computer Name = Nanapi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TheSecretWorldDX11.exe, Version: 1.0.0.0, Zeitstempel: 0x4fac9686 Name des fehlerhaften Moduls: TheSecretWorldDX11.exe, Version: 1.0.0.0, Zeitstempel: 0x4fac9686 Ausnahmecode: 0xc0000005 Fehleroffset: 0x005e2653 ID des fehlerhaften Prozesses: 0x23dc Startzeit der fehlerhaften Anwendung: 0x01cd2fa856e505c4 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Funcom\The Secret World\TheSecretWorldDX11.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Funcom\The Secret World\TheSecretWorldDX11.exe Berichtskennung: e9f58cb1-9b9b-11e1-810e-002511a295ca Error - 11.05.2012 15:04:04 | Computer Name = Nanapi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TheSecretWorldDX11.exe, Version: 1.0.0.0, Zeitstempel: 0x4fac9686 Name des fehlerhaften Moduls: TheSecretWorldDX11.exe, Version: 1.0.0.0, Zeitstempel: 0x4fac9686 Ausnahmecode: 0xc0000005 Fehleroffset: 0x005e2653 ID des fehlerhaften Prozesses: 0x1938 Startzeit der fehlerhaften Anwendung: 0x01cd2fa8bcfa42fb Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Funcom\The Secret World\TheSecretWorldDX11.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Funcom\The Secret World\TheSecretWorldDX11.exe Berichtskennung: 132e8577-9b9c-11e1-810e-002511a295ca Error - 12.05.2012 05:34:06 | Computer Name = Nanapi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TheSecretWorldDX11.exe, Version: 1.0.0.0, Zeitstempel: 0x4fac9686 Name des fehlerhaften Moduls: TheSecretWorldDX11.exe, Version: 1.0.0.0, Zeitstempel: 0x4fac9686 Ausnahmecode: 0xc0000005 Fehleroffset: 0x004f80c5 ID des fehlerhaften Prozesses: 0x118c Startzeit der fehlerhaften Anwendung: 0x01cd30212c8682a4 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Funcom\The Secret World\TheSecretWorldDX11.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Funcom\The Secret World\TheSecretWorldDX11.exe Berichtskennung: 9de15e50-9c15-11e1-bbdc-002511a295ca Error - 12.05.2012 18:24:33 | Computer Name = Nanapi-PC | Source = Application Hang | ID = 1002 Description = Programm launcher.exe, Version 3.1.9.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 15cc Startzeit: 01cd308ddaa05e20 Endzeit: 5 Anwendungspfad: C:\Program Files (x86)\Origin Games\Star Wars - The Old Republic\launcher.exe Berichts-ID: 310638a7-9c81-11e1-bbdc-002511a295ca Error - 22.05.2012 09:25:28 | Computer Name = Nanapi-PC | Source = Application Hang | ID = 1002 Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e00 Startzeit: 01cd381e52ea9ba9 Endzeit: 6 Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE Berichts-ID: 95e7000c-a411-11e1-a6ff-002511a295ca Error - 22.05.2012 09:52:40 | Computer Name = Nanapi-PC | Source = .NET Runtime | ID = 1026 Description = Error - 22.05.2012 09:52:41 | Computer Name = Nanapi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: RightNow.Installer.exe, Version: 11.2.6.126, Zeitstempel: 0x4f235559 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850, Zeitstempel: 0x4e211da1 Ausnahmecode: 0xe0434352 Fehleroffset: 0x000000000000a88d ID des fehlerhaften Prozesses: 0x864 Startzeit der fehlerhaften Anwendung: 0x01cd38215d084e08 Pfad der fehlerhaften Anwendung: C:\Users\Nanapi\AppData\Local\Apps\2.0\V1NM763D.BQD\PQECB571.7EL\righ..ster_a97a87e43982fbb5_000b.0002_a8e19043459aafca\RightNow.Installer.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 65ad9545-a415-11e1-be5a-002511a295ca Error - 22.05.2012 10:05:52 | Computer Name = Nanapi-PC | Source = .NET Runtime | ID = 1026 Description = Error - 22.05.2012 10:05:53 | Computer Name = Nanapi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: RightNow.Installer.exe, Version: 11.2.6.126, Zeitstempel: 0x4f235559 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850, Zeitstempel: 0x4e211da1 Ausnahmecode: 0xe0434352 Fehleroffset: 0x000000000000a88d ID des fehlerhaften Prozesses: 0x9d4 Startzeit der fehlerhaften Anwendung: 0x01cd3823fa8113b3 Pfad der fehlerhaften Anwendung: C:\Users\Nanapi\AppData\Local\Apps\2.0\V1NM763D.BQD\PQECB571.7EL\righ..ster_a97a87e43982fbb5_000b.0002_a8e19043459aafca\RightNow.Installer.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 3dc88bef-a417-11e1-be5a-002511a295ca Error - 22.05.2012 18:02:37 | Computer Name = Nanapi-PC | Source = System Restore | ID = 8210 Description = [ System Events ] Error - 20.05.2012 01:07:55 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 20.05.2012 01:07:55 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 22.05.2012 08:59:48 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "EPSON V5 Service4(01)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 22.05.2012 08:59:48 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "EPSON V3 Service4(01)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 22.05.2012 09:21:56 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 22.05.2012 09:21:56 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 22.05.2012 11:15:52 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 22.05.2012 11:15:52 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 22.05.2012 17:49:13 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 22.05.2012 17:49:13 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > und CCleaner: Code:
ATTFilter AChat v0.150 SourceForge.NET 09.03.2012 0.150 Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 04.05.2012 6,00MB 11.2.202.235 Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 04.05.2012 6,00MB 11.2.202.235 Adobe Photoshop CS3 Adobe Systems Incorporated 22.05.2012 1.127MB 10.0 Adobe Reader X (10.1.3) - Deutsch Adobe Systems Incorporated 15.05.2012 121,5MB 10.1.3 AION Free-To-Play Gameforge 25.03.2012 22,6MB 2.70.0000 Apple Application Support Apple Inc. 13.03.2012 61,0MB 2.1.7 Apple Mobile Device Support Apple Inc. 13.03.2012 24,9MB 5.1.1.4 Apple Software Update Apple Inc. 13.03.2012 2,38MB 2.1.3.127 AudibleManager Audible, Inc. 22.05.2012 2006659200.48.56.36113642 Auto Mouse Mover 1.3.3 MurGee.com 10.05.2012 0,73MB 1.3 Babylon toolbar on IE 22.05.2012 Bamboo Wacom Technology Corp. 18.04.2012 5.2.5-5 Blender Blender Foundation 08.05.2012 2.63-release Bonjour Apple Inc. 13.03.2012 2,00MB 3.0.0.10 CCleaner Piriform 22.05.2012 3.18 Creative Systeminformationen 22.05.2012 DAEMON Tools Lite DT Soft Ltd 22.05.2012 4.45.3.0297 Diablo III Blizzard Entertainment 22.05.2012 1.0.1.9558 DisplayFusion 3.4.0 Binary Fortress Software 05.03.2012 7,23MB 3.4.0.0 EPSON SX210 Series Printer Uninstall SEIKO EPSON Corporation 11.05.2012 EVE Online Demo CCP 22.05.2012 EVEMon battleclinic.com 22.05.2012 1.6.0.3464 Free Opener EZ Freeware 25.03.2012 52,5MB 1.4 Google Chrome Google Inc. 22.05.2012 19.0.1084.46 iTunes Apple Inc. 28.03.2012 156,9MB 10.6.1.7 Java(TM) 6 Update 22 Oracle 25.03.2012 97,1MB 6.0.220 Java(TM) 6 Update 31 Oracle 24.03.2012 95,1MB 6.0.310 JDownloader 0.9 AppWork GmbH 22.05.2012 0.9 K-Lite Codec Pack 7.0.0 (Standard) 25.03.2012 33,0MB 7.0.0 Logitech Gaming Software 8.20 Logitech Inc. 06.03.2012 76,6MB 8.20.74 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 21.05.2012 18,0MB 1.61.0.1400 Mass Effect Electronic Arts, Inc. 22.05.2012 1.00 Mass Effect™ 3 Electronic Arts 22.05.2012 1.0.0.0 McAfee Security Scan Plus McAfee, Inc. 22.05.2012 8,30MB 2.0.181.2 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.03.2012 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.03.2012 2,94MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 25.03.2012 52,0MB 4.0.30319 Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 25.03.2012 10,7MB 4.0.30319 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 05.03.2012 0,42MB 8.0.56336 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 05.03.2012 0,77MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 25.03.2012 0,77MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 06.03.2012 0,23MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 05.03.2012 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 05.03.2012 13,8MB 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 05.03.2012 11,1MB 10.0.40219 Mozilla Firefox 12.0 (x86 de) Mozilla 22.05.2012 36,2MB 12.0 Mozilla Maintenance Service Mozilla 22.05.2012 0,21MB 12.0 Mozilla Thunderbird 12.0.1 (x86 de) Mozilla 22.05.2012 38,1MB 12.0.1 NC Launcher (GameForge) NCsoft 22.05.2012 NVIDIA 3D Vision Controller-Treiber 295.73 NVIDIA Corporation 05.03.2012 295.73 NVIDIA 3D Vision Treiber 295.73 NVIDIA Corporation 05.03.2012 295.73 NVIDIA Grafiktreiber 295.73 NVIDIA Corporation 05.03.2012 295.73 NVIDIA PhysX-Systemsoftware 9.12.0209 NVIDIA Corporation 05.03.2012 9.12.0209 NVIDIA Update 1.7.11 NVIDIA Corporation 05.03.2012 1.7.11 openCanvas 5.1.04 portalgraphics.net 18.04.2012 6,64MB 5.1.04 OpenOffice.org 3.3 OpenOffice.org 25.03.2012 415MB 3.3.9567 OpenVPN 2.1_rc22 22.05.2012 2.1_rc22 Opera 11.61 Opera Software ASA 22.05.2012 11.61.1250 Origin Electronic Arts, Inc. 22.05.2012 8.5.0.4554 PCstunnel 22.05.2012 ShadowExplorer 0.8 ShadowExplorer.com 21.05.2012 0.8.430.0 Skype™ 5.8 Skype Technologies S.A. 05.03.2012 19,0MB 5.8.158 Sound Blaster World of Warcraft Wireless Headset Creative Technology Limited 22.05.2012 1.0 Star Wars: The Old Republic Electronic Arts, Inc. 22.05.2012 1.0.0.0 Steam Valve Corporation 05.03.2012 35,5MB 1.0.0.0 The Secret World Funcom 09.05.2012 1.0.0 VLC media player 2.0.0 VideoLAN 22.05.2012 2.0.0 VoiceOver Kit Apple Inc. 14.05.2012 41,8MB 1.42.128.0 WebTablet FB Plugin Wacom Technology Corp. 22.05.2012 2.0.0.1 WebTablet IE Plugin Wacom Technology Corp. 22.05.2012 1.1.0.12 WebTablet Netscape Plugin Wacom Technology Corp. 22.05.2012 1.1.0.10 WinRAR 4.11 (64-Bit) win.rar GmbH 06.03.2012 4.11.0 WinZip 16.0 WinZip Computing, S.L. 26.04.2012 88,2MB 16.0.9715 µTorrent 22.05.2012 3.1.3 Geändert von Nanapi (23.05.2012 um 11:17 Uhr) |
23.05.2012, 15:14 | #4 | |||
/// Helfer-Team | Verschlüsselungs-Trojaner vom 22.05.2012 1. Deinstalliere, falls unter Systemsteuerung-> Software/Programme existiert: Code:
ATTFilter Babylon toolbar <- Adware Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars Zitat:
Hast du es denn in der Hosts selbst eingetragen bzw absichtlich zugefügt? Wenn ja, warum? Code:
ATTFilter O1 - Hosts: 10.6.0.2 www.emea.alchemicdream.org O1 - Hosts: www.emea.alchemicdream.org to 10.6.0.1 Hast Du absichtlich die IP so als Proxy eingestellt? Code:
ATTFilter IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 174.142.166.19:3128 wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus im Internet Explorer: Extras => Internetoptionen => Verbindungen => Lan-Einstellungen Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen. 4. Wenn Du nicht absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten (vermutlich durch Adobe Reader), deinstalliere: Code:
ATTFilter McAfee Security Scan Plus vermutlich über Adobe (Flash Player) auf dem rechner gelandet! Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. 5. Zitat:
Code:
ATTFilter :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109989&babsrc=SP_ss&mntrId=0606b79a000000000000002511a295ca IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 174.142.166.19:3128 [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6433050e-67bb-11e1-ad09-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6433050e-67bb-11e1-ad09-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
6. Java aktualisieren- über Systemsteuerung-> Nach Update suchen... oder: Downloade nun die Offline-Version von Java "Empfohlen Version für 64 Bit: Java(TM) 7 Update 4 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. 7. Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!): -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Wie kann ich den Cache im Internet Explorer leeren? 8. reinige dein System mit CCleaner:
9.
10. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 11. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 12. erneut einen Scan mit OTL:
damit ich weiß, welche Änderungen Du vorgenommen hast: Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
23.05.2012, 16:24 | #5 |
| Verschlüsselungs-Trojaner vom 22.05.2012 Hallo =) 1. Is nun deinstalliert. 2. und 3. Wurde bewusst so eingestellt, trozdem danke für den Hinweis! 4. Ist nun auch deinstalliert. 5. Code:
ATTFilter All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6433050e-67bb-11e1-ad09-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6433050e-67bb-11e1-ad09-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6433050e-67bb-11e1-ad09-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6433050e-67bb-11e1-ad09-806e6f6e6963}\ not found. File E:\setup.exe not found. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Nanapi\Downloads\cmd.bat deleted successfully. C:\Users\Nanapi\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Nanapi ->Temp folder emptied: 568570885 bytes ->Temporary Internet Files folder emptied: 35814832 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 1174897889 bytes ->Google Chrome cache emptied: 13071030 bytes ->Opera cache emptied: 17242391 bytes ->Flash cache emptied: 70625 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 98352340 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46356772 bytes RecycleBin emptied: 30934761520 bytes Total Files Cleaned = 31.366,00 mb OTL by OldTimer - Version 3.2.43.1 log created on 05232012_164231 Files\Folders moved on Reboot... C:\Users\Nanapi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Java wurde Aktualisiert! 8. wurde ebenfalls behoben. 9. Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 05/23/2012 at 06:02 PM Application Version : 5.0.1150 Core Rules Database Version : 8635 Trace Rules Database Version: 6447 Scan type : Complete Scan Total Scan Time : 00:34:59 Operating System Information Windows 7 Home Premium 64-bit (Build 6.01.7600) UAC On - Limited User Memory items scanned : 599 Memory threats detected : 0 Registry items scanned : 68166 Registry threats detected : 0 File items scanned : 91633 File threats detected : 2 Trojan.Agent/Gen-InstallIQ C:\USERS\NANAPI\DOWNLOADS\FREEOPENER2.0.1.0.EXE C:\USERS\NANAPI\DOWNLOADS\UGJDPTYONUGSPSDGVQ leider ist kein bearbeiten mehr möglich, daher muss es so gehen.. 11. den Scan habe ich nun auch durchgeführt, leider keine Log datei ausgespuckt bekommen, hatte aber auch keine Funde. 12. OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.05.2012 19:50:47 - Run 3 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Nanapi\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,74 Gb Available Physical Memory | 71,81% Memory free 16,00 Gb Paging File | 13,01 Gb Available in Paging File | 81,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457,95 Gb Total Space | 281,05 Gb Free Space | 61,37% Space Free | Partition Type: NTFS Drive D: | 360,81 Gb Total Space | 348,24 Gb Free Space | 96,52% Space Free | Partition Type: NTFS Drive F: | 497,05 Mb Total Space | 489,72 Mb Free Space | 98,52% Space Free | Partition Type: FAT Drive M: | 97,66 Gb Total Space | 65,49 Gb Free Space | 67,06% Space Free | Partition Type: NTFS Computer Name: NANAPI-PC | User Name: Nanapi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.23 16:40:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Nanapi\Downloads\OTL.exe PRC - [2012.05.23 14:48:00 | 000,040,960 | ---- | M] (RightNow Technologies, Inc.) -- C:\Users\Nanapi\AppData\Roaming\RightNow_Technologies\frogster\InitEngine\RightNow.InitEngine.exe PRC - [2012.05.22 17:15:13 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012.04.25 15:50:06 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.25 15:03:24 | 000,993,792 | ---- | M] (Deckers & Staelens VOF) -- C:\Program Files (x86)\AD Talk\AD Talk.exe PRC - [2012.03.19 21:36:48 | 000,043,008 | ---- | M] (Alchemic Dream Inc.) -- C:\Users\Nanapi\Desktop\AD Ticket Counter.exe PRC - [2012.03.06 22:19:49 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.01.12 12:11:24 | 000,118,784 | ---- | M] (Michal Trojnara) -- C:\Program Files (x86)\PCstunnel\stunnel.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.07 22:11:56 | 000,659,224 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe PRC - [2011.08.25 16:35:06 | 000,095,640 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\AppHookx86.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2009.11.16 20:59:28 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2007.01.25 00:07:34 | 002,851,328 | ---- | M] (AChat team) -- C:\Program Files (x86)\AChat\AChat.exe PRC - [2006.11.17 18:42:46 | 000,053,341 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTSched.exe ========== Modules (No Company Name) ========== MOD - [2012.05.22 17:15:13 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012.05.22 17:15:12 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012.05.22 17:15:12 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2012.05.22 17:15:12 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012.05.22 17:15:12 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2012.05.10 13:14:03 | 000,624,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\41d68b79da934255ca82b466b93d7938\System.AddIn.ni.dll MOD - [2012.05.10 13:14:03 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\59be5fb54e018032511415f0b0523ee3\System.AddIn.Contract.ni.dll MOD - [2012.05.10 13:13:04 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\a5b389ddffcb10f23884f01c0e1954d9\WindowsFormsIntegration.ni.dll MOD - [2012.05.10 13:13:04 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\0a80fd3af7e48eb9cc9099fee5814dff\UIAutomationTypes.ni.dll MOD - [2012.05.10 13:13:04 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\05787d96761cf20b76b927ace10ef1d3\UIAutomationProvider.ni.dll MOD - [2012.05.10 13:12:26 | 000,391,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f44e12702dadeae606b8eaca609b1336\System.Xml.Linq.ni.dll MOD - [2012.05.10 13:12:22 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\371591225ee369c94784e24dc22f2e45\System.ServiceProcess.ni.dll MOD - [2012.05.10 13:12:18 | 001,897,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\65f64efe2aec0291c18453af0c3eb19b\System.Web.Services.ni.dll MOD - [2012.05.10 13:12:16 | 001,781,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\9b6f1bcb2cf4e6ad429cd721b942f30f\System.Xaml.ni.dll MOD - [2012.05.10 13:12:14 | 012,076,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\e9f1e1c33ec639a0945a6a4f2458b7b4\System.Web.ni.dll MOD - [2012.05.10 13:12:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\082473bbeed448eb13a7f348cf33e98f\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 13:11:42 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\62c1a496dff99a6e5f5e4278d31ca4c1\Accessibility.ni.dll MOD - [2012.05.10 02:27:45 | 017,998,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\52f7c62736eb9b6370632e7eb99bec83\PresentationFramework.ni.dll MOD - [2012.05.10 02:27:32 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9eebaf24f66d6f75e35bb3df6af1c9aa\PresentationCore.ni.dll MOD - [2012.05.10 02:27:23 | 003,856,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\933e8e44a2b9361822b29aae6070e2a2\WindowsBase.ni.dll MOD - [2012.05.10 02:27:22 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ee6e30c355ec2ffab1525b42253f7aef\PresentationFramework.Aero.ni.dll MOD - [2012.05.10 02:25:44 | 011,002,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Design\51dfa58af4a59e4af2a4c2363246af21\System.Design.ni.dll MOD - [2012.05.10 02:25:39 | 013,196,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e3290e9cf0eced36ca662cf67df4a939\System.Windows.Forms.ni.dll MOD - [2012.05.10 02:25:34 | 007,052,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll MOD - [2012.05.10 02:25:31 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll MOD - [2012.05.10 02:25:31 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c821be068070b07a9a339ab7152bc95e\System.Drawing.ni.dll MOD - [2012.05.10 02:25:29 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll MOD - [2012.05.10 02:25:28 | 000,729,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\efe46aa882d9ac31f7fbbdc004fc99d5\System.Security.ni.dll MOD - [2012.05.10 02:25:27 | 009,090,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll MOD - [2012.05.10 02:25:22 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll MOD - [2012.05.05 15:01:08 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll MOD - [2012.04.25 15:50:06 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.03.26 16:43:31 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.02.09 21:05:16 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2012.01.05 12:28:36 | 000,067,584 | ---- | M] () -- C:\Program Files (x86)\PCstunnel\ZLIB1.dll MOD - [2010.12.31 13:05:52 | 000,090,112 | ---- | M] () -- C:\Users\Nanapi\AppData\Roaming\RightNow_Technologies\frogster\SiteFiles\FunctionValidator.dll MOD - [2004.08.28 01:47:21 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\AD Talk\libbind.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.22 17:15:13 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.05 15:01:09 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.27 14:49:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.04.25 15:50:06 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.07 20:32:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012.03.07 20:31:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe -- (sesvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.20 15:26:26 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2009.11.16 20:59:28 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.12.18 01:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) SRV - [2007.01.12 01:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.07 10:43:49 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.09.08 17:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2011.09.08 17:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2011.09.08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.11.20 15:26:50 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2009.07.31 12:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WRfiltv.sys -- (WRfiltv) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 80 7F 7D CA FB CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 15:50:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.06 22:23:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.03.06 22:23:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nanapi\AppData\Roaming\mozilla\Extensions [2012.05.22 23:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nanapi\AppData\Roaming\mozilla\Firefox\Profiles\75y9d9j9.default\extensions [2012.04.25 15:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions File not found (No name found) -- C:\USERS\NANAPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\75Y9D9J9.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI [2012.04.25 15:50:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nanapi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - Extension: YouTube = C:\Users\Nanapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Nanapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Nanapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011.12.16 03:03:07 | 000,000,905 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 10.6.0.2 www.emea.alchemicdream.org O1 - Hosts: www.emea.alchemicdream.org to 10.6.0.1 O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [AChat] C:\Program Files (x86)\AChat\AChat.exe (AChat team) O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software) O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_SD0A7.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Nanapi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AD Talk.lnk = C:\Program Files (x86)\AD Talk\AD Talk.exe (Deckers & Staelens VOF) O4 - Startup: C:\Users\Nanapi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Nanapi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PCstunnel.lnk = C:\Program Files (x86)\PCstunnel\stunnel.exe (Michal Trojnara) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BC62D34-F182-43D9-8A3A-E228EDD5D5E0}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.23 17:07:19 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\SUPERAntiSpyware.com [2012.05.23 17:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.05.23 17:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.05.23 17:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.05.23 16:42:31 | 000,000,000 | ---D | C] -- C:\_OTL [2012.05.23 12:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.05.23 12:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.05.23 12:12:15 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Local\Google [2012.05.23 12:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.05.22 19:06:52 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\www.shadowexplorer.com [2012.05.22 19:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer [2012.05.22 19:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShadowExplorer [2012.05.22 17:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.22 17:44:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.05.22 16:23:06 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\Malwarebytes [2012.05.22 16:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.22 16:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.22 16:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Inspector File Recovery [2012.05.22 15:34:52 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\Avira [2012.05.22 15:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.05.22 15:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.05.14 21:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012.05.14 21:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III [2012.05.11 15:33:21 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\SFBot [2012.05.11 15:33:06 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\Desktop\sf [2012.05.10 22:45:17 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Local\Funcom [2012.05.10 22:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom [2012.05.10 22:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funcom [2012.05.09 16:54:37 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2012.05.09 16:54:37 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.09 16:54:37 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2012.05.09 16:54:37 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2012.05.09 16:54:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2012.05.09 16:54:17 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.05.09 16:54:16 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.05.09 16:54:16 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.05.09 13:03:20 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\.thumbnails [2012.05.09 13:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation [2012.05.09 13:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation [2012.05.04 17:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2012.04.27 14:50:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2012.04.27 14:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2012.04.27 14:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2012.04.27 14:31:14 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Local\WinZip [2012.04.27 14:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2012.04.27 14:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip [2012.04.27 14:29:47 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\uTorrent [2012.04.25 15:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.04.25 15:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla ========== Files - Modified Within 30 Days ========== [2012.05.23 19:44:10 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.23 19:44:10 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.23 19:36:52 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.23 19:36:40 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2012.05.23 19:36:34 | 2146,807,807 | -HS- | M] () -- C:\hiberfil.sys [2012.05.23 19:22:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.23 19:01:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.23 17:06:55 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.05.23 17:04:51 | 000,043,668 | ---- | M] () -- C:\Users\Nanapi\Documents\cc_20120523_170439.reg [2012.05.23 11:12:53 | 001,612,560 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.23 11:12:53 | 000,696,638 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.23 11:12:53 | 000,651,956 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.23 11:12:53 | 000,147,934 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.23 11:12:53 | 000,120,888 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.22 23:35:10 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2012.05.22 23:35:10 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2012.05.22 23:23:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA(51).DAT [2012.05.22 23:22:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat(36).dat [2012.05.22 19:06:44 | 000,001,885 | ---- | M] () -- C:\Users\Nanapi\Desktop\ShadowExplorer.lnk [2012.05.22 17:44:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.22 14:41:18 | 000,000,000 | ---- | M] () -- C:\Users\Nanapi\Desktop\LsLAqLAELAvgrvguvgs [2012.05.14 21:43:36 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.05.10 23:59:36 | 000,000,554 | ---- | M] () -- C:\Users\Nanapi\Desktop\XGVvElUJApGuyasd [2012.05.10 22:45:16 | 000,001,203 | ---- | M] () -- C:\Users\Public\Desktop\The Secret World.lnk [2012.05.10 12:55:11 | 002,222,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.09 13:02:59 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Blender.lnk [2012.05.07 23:19:16 | 000,001,405 | ---- | M] () -- C:\Users\Nanapi\Desktop\Photoshop (2) - Verknüpfung.lnk [2012.05.05 15:01:08 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.05.05 15:01:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.05.05 15:01:03 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2012.04.29 15:47:45 | 001,565,686 | ---- | M] () -- C:\Users\Nanapi\Desktop\VGUGdfxaeDTsXaeL [2012.04.29 15:47:45 | 001,565,686 | ---- | M] () -- C:\Users\Nanapi\Desktop\mcpatcher-2.3.6_02.exe [2012.04.29 15:25:01 | 000,278,561 | ---- | M] () -- C:\Users\Nanapi\Desktop\Minecraft(1).exe ========== Files Created - No Company Name ========== [2012.05.23 17:06:55 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.05.23 17:04:48 | 000,043,668 | ---- | C] () -- C:\Users\Nanapi\Documents\cc_20120523_170439.reg [2012.05.23 12:12:21 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.23 12:12:19 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.22 23:31:15 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml [2012.05.22 23:31:15 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2012.05.22 19:06:44 | 000,001,885 | ---- | C] () -- C:\Users\Nanapi\Desktop\ShadowExplorer.lnk [2012.05.22 17:44:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.22 16:45:08 | 000,845,941 | ---- | C] () -- C:\Users\Nanapi\Desktop\Desert.jpg [2012.05.22 16:45:08 | 000,780,831 | ---- | C] () -- C:\Users\Nanapi\Desktop\Koala.jpg [2012.05.22 16:45:08 | 000,777,835 | ---- | C] () -- C:\Users\Nanapi\Desktop\Penguins.jpg [2012.05.22 16:45:08 | 000,620,888 | ---- | C] () -- C:\Users\Nanapi\Desktop\Tulips.jpg [2012.05.22 16:45:08 | 000,561,276 | ---- | C] () -- C:\Users\Nanapi\Desktop\Lighthouse.jpg [2012.05.22 16:43:36 | 000,027,648 | ---- | C] () -- C:\Users\Nanapi\Desktop\VuAefJNoXxgEeGOnyXdQj [2012.05.22 16:43:36 | 000,027,648 | ---- | C] () -- C:\Users\Nanapi\Desktop\unDdGNATsNLatgJ [2012.05.22 16:43:36 | 000,022,324 | ---- | C] () -- C:\Users\Nanapi\Desktop\ryXsNqXeVdvsVvLlnlUO [2012.05.22 16:43:36 | 000,022,020 | ---- | C] () -- C:\Users\Nanapi\Desktop\pxvALDdgolUvEe [2012.05.14 21:22:37 | 000,001,207 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.05.10 22:45:16 | 000,001,203 | ---- | C] () -- C:\Users\Public\Desktop\The Secret World.lnk [2012.05.09 13:02:59 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Blender.lnk [2012.05.07 23:19:31 | 000,001,405 | ---- | C] () -- C:\Users\Nanapi\Desktop\Photoshop (2) - Verknüpfung.lnk [2012.04.29 15:47:42 | 001,565,686 | ---- | C] () -- C:\Users\Nanapi\Desktop\VGUGdfxaeDTsXaeL [2012.04.29 15:47:42 | 001,565,686 | ---- | C] () -- C:\Users\Nanapi\Desktop\mcpatcher-2.3.6_02.exe [2012.04.29 15:25:01 | 000,278,561 | ---- | C] () -- C:\Users\Nanapi\Desktop\Minecraft(1).exe [2012.04.27 14:53:48 | 000,000,872 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk [2012.04.27 14:52:45 | 000,000,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk [2012.04.27 14:51:46 | 000,001,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk [2012.04.27 14:51:38 | 000,000,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk [2012.04.27 14:50:28 | 000,000,846 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk [2012.03.26 16:03:36 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.03.26 15:13:58 | 001,588,838 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.07 20:32:17 | 000,001,801 | ---- | C] () -- C:\Windows\WRcfg.ini [2012.03.07 20:32:17 | 000,000,388 | ---- | C] () -- C:\Windows\WRMCcfg.ini [2012.03.07 20:32:16 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012.03.07 20:32:16 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe ========== LOP Check ========== [2012.05.22 23:58:06 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\.minecraft [2012.05.23 00:00:41 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\AChat [2012.05.22 15:41:45 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\AD Talk [2012.05.22 14:48:10 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\Babylon [2012.05.22 23:58:06 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\DAEMON Tools Lite [2012.05.22 14:48:10 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\DisplayFusion [2012.05.22 14:48:10 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\EVEMon [2012.03.07 00:06:36 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\Leadertech [2012.03.26 16:57:16 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\OpenOffice.org [2012.03.06 20:57:18 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\Opera [2012.05.22 14:48:15 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\Origin [2012.05.22 23:58:08 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\portalgraphics [2012.05.22 23:58:08 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\RightNow_Technologies [2012.05.11 15:33:21 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\SFBot [2012.03.06 22:23:15 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\Thunderbird [2012.05.23 16:57:39 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\uTorrent [2012.05.23 00:00:41 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\www.shadowexplorer.com [2012.05.22 23:23:02 | 000,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA(51).DAT [2009.07.14 07:08:49 | 000,030,366 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(52).TXT [2009.07.14 07:08:49 | 000,030,870 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.05.2012 19:50:47 - Run 3 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Nanapi\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,74 Gb Available Physical Memory | 71,81% Memory free 16,00 Gb Paging File | 13,01 Gb Available in Paging File | 81,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457,95 Gb Total Space | 281,05 Gb Free Space | 61,37% Space Free | Partition Type: NTFS Drive D: | 360,81 Gb Total Space | 348,24 Gb Free Space | 96,52% Space Free | Partition Type: NTFS Drive F: | 497,05 Mb Total Space | 489,72 Mb Free Space | 98,52% Space Free | Partition Type: FAT Drive M: | 97,66 Gb Total Space | 65,49 Gb Free Space | 67,06% Space Free | Partition Type: NTFS Computer Name: NANAPI-PC | User Name: Nanapi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06248BC0-EA70-4B32-B915-F222365A48BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0B31D0C1-A874-4A9D-BE60-625A99338F03}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{1F18F33E-2C92-4568-AF6D-FFF2137E8607}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{226D70CB-B3F5-410C-977E-46456A13DD76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{30C8F297-0D3C-40EF-9621-3E22C7B125AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{31B8A62B-4770-46BA-BD85-1395A487FB03}" = lport=2869 | protocol=6 | dir=in | app=system | "{3CFB4309-9C0A-4D24-A049-8D207388EB21}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4D44EB6C-03C2-4B52-B7C1-BE65C2FEA92C}" = rport=137 | protocol=17 | dir=out | app=system | "{5D69EFA4-AF7C-4196-9094-AB719EE591C4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{80B89988-9D3E-4309-A0C0-355534466E4A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{81700DA7-AC37-42D7-A398-F79638CD9F54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{862E4826-E4F6-41AE-8CC9-AEA745871284}" = lport=10243 | protocol=6 | dir=in | app=system | "{8D539E87-7808-467A-90E4-1FAF0B80E8EA}" = rport=445 | protocol=6 | dir=out | app=system | "{8D72B97B-5EB7-47D2-844A-571309556963}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{925DE13B-920F-4909-B766-130A91BC6C96}" = rport=10243 | protocol=6 | dir=out | app=system | "{99100CAD-B7B2-4FA5-8934-989FFB0616AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9A2C55B2-0A4C-495A-94FC-0712E99F463E}" = rport=138 | protocol=17 | dir=out | app=system | "{A9DDA244-A4B1-4095-A252-352C3A4D70BD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BB7F73ED-4A9B-442E-BBD7-6FD42EA57E73}" = lport=139 | protocol=6 | dir=in | app=system | "{BBE57936-668C-4A63-B881-136D1297FAAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D5665E03-FDDA-41C4-AC9F-3ADB1DAC7DE4}" = lport=138 | protocol=17 | dir=in | app=system | "{DA786DF6-BA89-49CE-A817-7ED3E25B3FBA}" = lport=445 | protocol=6 | dir=in | app=system | "{DB868C6B-F52E-4972-8719-ADDFF9E77BEC}" = rport=139 | protocol=6 | dir=out | app=system | "{F8755E77-6AB6-41B4-9F32-9C5BA4827D51}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B71C2DF-4252-443E-9DBD-388D2B9E7144}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{194AC8CB-0895-40D1-8676-264075E8E41D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1A0B42FD-BB7C-4F53-A8B0-6BF992D537AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1A972EDD-060E-4841-A961-C85DBD06947D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1DF23F37-2081-433C-9733-B1F1C094C9E1}" = protocol=6 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe | "{21211307-0A76-446D-964C-5CD830AD1228}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\star wars - the old republic\launcher.exe | "{284FA45B-B622-491F-BBFE-E908BB0EAAAA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2863E1F1-F5EF-4A19-81AF-D2DC87AB1451}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | "{2969915D-48B5-4536-8287-6A7B680ADB65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{497A6276-C84D-4AFD-ABB5-8E9A0A90E77C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe | "{5A55004D-8099-4FA4-8FE8-8896A68040CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5E85D880-B01A-434A-9B55-238C93285957}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5F6D52D0-A388-4397-827D-B1E3458FB90B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{63A200C5-BD29-41FA-9810-B6D388CF5372}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe | "{65CE6DF4-A82A-4E1D-8DF6-A55318A30C75}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6CF0F469-5C2A-4200-BD31-D0C8F2F5B9EA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{6D175E44-54E7-4AB0-9029-51E8CB4589A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6FBE7749-6129-400C-A0C5-AB707EE41C11}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{76D19408-3DEB-4613-A24A-D605E12A273A}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{7AB2C367-7E61-472F-9AC7-B04778177FCB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{7AEF7A29-5BE0-4E1A-80A7-737A48F6190F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8D9363F3-E7BB-4F3D-98A8-D66263FCE3CA}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe | "{8FEF9E21-96F0-4F9A-A7BC-C6D9323726E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe | "{90027F42-FCDC-44A6-B820-1A01230EB7D9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{9381FFC7-9D17-4A3E-90DD-C2DFEA6B28CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{984B7067-D2CA-4350-8880-AB6733CC1667}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{993A979C-E059-4DFC-B277-EA1D53CAED4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9E6F57D8-0F4F-4EB4-A407-D725932775B1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | "{A506929A-6438-41AE-B291-98BA15E6234E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\star wars - the old republic\launcher.exe | "{AB66DBE2-BAC6-4491-97A5-3BE55A60EB4B}" = protocol=6 | dir=out | app=system | "{AEF18C25-28B4-4D00-9B5A-6A834099BBDD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BE8759F4-C72D-4DE2-8FE9-E64EF0544B79}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{C3C7D8BC-FD19-4A73-AFF8-274798BFB743}" = protocol=17 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe | "{CD4CECDA-2CB1-4879-BC39-0DC8338ED3FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D0100B5B-E60F-40D9-AB70-71A5ED34A64E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D0CD1FC4-3348-4E35-87A2-1ABB981FC8D7}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{D68F30F7-483B-486E-9D85-6EF61AE7980D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | "{D8C19521-F52A-445E-AEA3-DAC102925641}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{DD86C093-B3D1-433C-9A53-CEB0495ED7B5}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | "{DEB02804-B2F8-42F4-A8AF-324AF4CE71C7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E334D512-10F9-462E-AC94-5A1A2E07A1D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe | "{E41FF75D-D7CC-4F6D-BB55-BA7B852C3688}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{EFE79E4A-4BDC-4F8B-83FB-05498BE7BA33}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F0E3172D-1CC4-46A6-899F-D20ED472C1F5}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{F3B06FD4-E3D7-44C7-92AA-19FA60D2A54B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F6129A19-53AA-4262-93C3-B56EF918BE94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe | "{F971813C-A066-4219-B72F-04D24058F187}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FBC9DFED-23FC-4CF9-9510-BFB9317CC45D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{080124C2-1E04-4243-A3C2-C22C908197B6}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "TCP Query User{0E4FD924-A82A-421E-B63B-670E337C0AC0}C:\program files (x86)\achat\achat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\achat\achat.exe | "TCP Query User{26CEE0C0-1FE8-4801-98BA-16EDAAF48C06}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | "TCP Query User{49A917EC-CEBD-4ED8-8FBE-576ADEE372C8}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe | "TCP Query User{57467F4C-6AA1-426D-93D2-23A11926EAD0}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | "TCP Query User{5BB88F56-9899-4197-B2D7-4478270F9735}C:\program files (x86)\achat\achat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\achat\achat.exe | "TCP Query User{788AFC9D-892B-4BBB-90CF-BF7DBB6521E8}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "TCP Query User{FF2F4937-FB21-4D41-8AFC-21C556C02442}C:\program files (x86)\ad talk\ad talk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe | "UDP Query User{16006B64-D67E-471A-904E-12F46D53C135}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | "UDP Query User{2B223835-467E-4A5D-ABD2-E2721719EFD6}C:\program files (x86)\ad talk\ad talk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe | "UDP Query User{4BC95F01-3A3A-4E94-A4D9-0C5E94C71098}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "UDP Query User{650A81CD-026C-4028-9C2A-FAA3D80A3065}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "UDP Query User{A463C496-3A70-4FE1-BD2A-3882414C7FCE}C:\program files (x86)\achat\achat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\achat\achat.exe | "UDP Query User{C6C47C5E-9419-41EF-9EC5-906606DFCE51}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe | "UDP Query User{E82A1280-FCBF-4918-8BAA-51B70B9E1CC9}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | "UDP Query User{FB3F8E85-11DF-49E5-A863-87DF47941D80}C:\program files (x86)\achat\achat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\achat\achat.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1" = Free Opener "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "Blender" = Blender "CCleaner" = CCleaner "EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall "Logitech Gaming Software" = Logitech Gaming Software 8.20 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Pen Tablet Driver" = Bamboo "WinRAR archiver" = WinRAR 4.11 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08FD4323-8909-4973-BD2E-7250D2D93D0C}_is1" = Auto Mouse Mover 1.3.3 "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3 "{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E00F999C-80D1-460F-BCE1-CD0140215CBC}}_is1" = openCanvas 5.1.04 "{E010C6F5-3EE2-4293-A461-0FFCF4CF01A5}" = Sound Blaster World of Warcraft Wireless Headset "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "5513-1208-7298-9440" = JDownloader 0.9 "AChat_is1" = AChat v0.150 "AD Talk" = AD Talk "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3 "AudibleManager" = AudibleManager "B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.4.0 "DAEMON Tools Lite" = DAEMON Tools Lite "Diablo III" = Diablo III "EVEMon" = EVEMon "Google Chrome" = Google Chrome "InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play "KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NCLauncher_GameForge" = NC Launcher (GameForge) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenVPN" = OpenVPN 2.1_rc22 "Opera 11.61.1250" = Opera 11.61 "Origin" = Origin "PCstunnel" = PCstunnel "ShadowExplorer_is1" = ShadowExplorer 0.8 "Steam App 8510" = EVE Online Demo "SysInfo" = Creative Systeminformationen "The Secret World_is1" = The Secret World "VLC media player" = VLC media player 2.0.0 "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin "Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "fc3cd95d63145b11" = RightNow (frogster) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 23.05.2012 13:37:05 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 7040 Description = Error - 23.05.2012 13:37:05 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 7042 Description = Error - 23.05.2012 13:37:06 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 9002 Description = Error - 23.05.2012 13:37:06 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 3029 Description = Error - 23.05.2012 13:37:08 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 3029 Description = Error - 23.05.2012 13:37:08 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 3028 Description = Error - 23.05.2012 13:37:08 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 3058 Description = Error - 23.05.2012 13:37:08 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 7010 Description = Error - 23.05.2012 13:41:35 | Computer Name = Nanapi-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Nanapi\Downloads\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 23.05.2012 13:50:17 | Computer Name = Nanapi-PC | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version 3.2.43.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17dc Startzeit: 01cd390b9b29b172 Endzeit: 8 Anwendungspfad: C:\Users\Nanapi\Downloads\OTL.exe Berichts-ID: b1d543c2-a4ff-11e1-a590-002511a295ca [ System Events ] Error - 22.05.2012 08:59:48 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "EPSON V3 Service4(01)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 22.05.2012 09:21:56 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 22.05.2012 09:21:56 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 22.05.2012 11:15:52 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 22.05.2012 11:15:52 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 22.05.2012 17:49:13 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 22.05.2012 17:49:13 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 23.05.2012 10:42:31 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 23.05.2012 13:37:08 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error - 23.05.2012 13:37:08 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. < End of report > Geändert von Nanapi (23.05.2012 um 17:05 Uhr) |
24.05.2012, 06:47 | #6 |
/// Helfer-Team | Verschlüsselungs-Trojaner vom 22.05.2012 1. Fixen mit OTL
Code:
ATTFilter :OTL FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) [2012.05.23 19:36:52 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.23 19:22:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.23 12:12:21 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.23 12:12:19 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job :Files C:\Users\Nanapi\AppData\Roaming\Babylon ipconfig /flushdns /c :Commands [purity] [emptytemp]
2. Am besten alle verschlüsselten Daten extern sichern (auf leere USB-Stick oder ext. Festplatte). Dann mit Entschlüsselung beginnen. Also am Computer sollen die geänderten Daten um Nummer sicher zu gehen zuerst unberührt bleiben Wenn alles gut geht, kannst Du dann am PC weiter machen 3. Vorgehen beim Verschlüsselungs-Trojaner :-> http://www.trojaner-board.de/114783-...ubersicht.html ► SemperVideo hat ein Video zum Thema erstellt. weitere Tipps: -> Trustezeb.A Decryptor ** Außerdem kannst versuchen die verschlüsselte Dateien auf einen leeren USB Stick speichern. Wenn Du weiß was für dateien sind (z.B *.jpg, *.doc usw) dann benenne sie alle wieder in Originalform wie vorher, also z.B in eine .jpg Datei
__________________ --> Verschlüsselungs-Trojaner vom 22.05.2012 |
24.05.2012, 11:05 | #7 |
| Verschlüsselungs-Trojaner vom 22.05.2012 1: Code:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully. C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully. File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found. File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found. ========== FILES ========== C:\Users\Nanapi\AppData\Roaming\Babylon folder moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Nanapi\Downloads\cmd.bat deleted successfully. C:\Users\Nanapi\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Nanapi ->Temp folder emptied: 416965 bytes ->Temporary Internet Files folder emptied: 1377749 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 256492511 bytes ->Google Chrome cache emptied: 14768129 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 3578 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1825 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 13576831 bytes Total Files Cleaned = 273,00 mb OTL by OldTimer - Version 3.2.43.1 log created on 05242012_112627 Files\Folders moved on Reboot... C:\Users\Nanapi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Ich hab nun ein Bilderpärchen auf meinen USB stick gezogen unf leder schein es nicht zu funktionieren, mit kneinen der Programme. Dr. Web und DecryptHelper sagen mir, dass es sich um die selbe datei handelt. Einer will die verschlüsselte Datei gar nicht erst erkennen weil sie kein "logged" davor hat und und die restlichen machen leider gar nichts :/ Ich kann einige Bilder mit einem .jp versehen oder direkt in der Bildervorschau ansehen, das scheint aber nur ein minimaler teil zu sein. Selbes habe ich mit .txt dokumenten versucht. Die Funktionieren gar nicht auf diese Weise. |
25.05.2012, 07:21 | #8 |
/// Helfer-Team | Verschlüsselungs-Trojaner vom 22.05.2012 die Empfohlene Anleitungen stehen Dir (mir auch) momentan zur Verfügung. Ansonsten alle Verschlüsselte Daten sichern, vlt gelingt es bald ein Gegenmittel herzustellen. Die Experten arbeiten sehr intensiv daran, hoffentlich gibt es bald eine Lösung, die funktioniert
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
Themen zu Verschlüsselungs-Trojaner vom 22.05.2012 |
acer, benötigt, bilder, desktop, entfernt, erwischt, formatierung, gebraucht, lahm, laufwerke, malwarebytes, meldung, mucke, nichts, problem, programm, rechner, sache, sachen, schädlinge, starten, taskmanager, win, win7, win7 64bit, wirklich |