Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Verschlüsselungs-Trojaner vom 22.05.2012 (https://www.trojaner-board.de/115613-verschluesselungs-trojaner-22-05-2012-a.html)

Nanapi 22.05.2012 23:29
Verschlüsselungs-Trojaner vom 22.05.2012
 
Hallo,

leider hat es auch mich erwischt mit dem Trojaner.

Ich nutze Win7 64bit auf einem Acer Desktop PC. Ich konnte zwar, nachdem der Trojaner alles Lahm legte, über den Taskmanager das übel ausschalten, doch leider hat es mir jegliche Dokumente, Musik- und Videodateien sowie alle Bilder, zerhauen. Die dateien haben Namen wie "JUGstUfDXaeapALEnqAQO" ohne Datei-Endung

Ich habe Malwarebytes mittlerweile drüberlaufen lassen und alle Schädlinge mit diesem Programm entfernt (Es hat ca. 4 Neustarts gebraucht um und bei jedem erneuten Durchlauf endlich keine Meldung mehr zu bekommen), Der Rechner lässt sich wieder normal starten, scheint keine Mucken mehr zu machen, bis auf die verschlüsselten Dokumente. Ich wäre wirklich froh wenn es sich irgendwie einrichten lässt, die Laufwerke "D" und "M" (eben jede auf denen ich diese Sachen alle gespeichert habe) wieder auf Vordermann zu bekommen, zwar bin ich schon froh um die Formatierung herumzukommen, aber leider hat selbst die Wiederherstellung auf einen 4 Tage alten Speicherpunkt nichts gebracht da dieser offensichtlich nur Laufwerk "C" beinflusst.

Gerne geben ich jegliche Informationen raus, die benötigt werden um dem Problem eventuell auf den Grund zu gehen. :dankeschoen:

kira 23.05.2012 06:39
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest:
► Ich kann Dir beim Entfernen der Malware helfen, aber mit dem Verschlüsselung aufheben wird schwieriger...kann sein, dass wir nur ein Teil vom großen & Ganzen entschlüsseln können, oder eben garnix davon!

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:
Code:
Malwarebytes
(alle vorhandenen Protokolle!)
2.
Am besten alle verschlüsselten Daten extern sichern (auf leere USB-Stick oder ext. Festplatte). Dann mit Entschlüsselung beginnen. Also am Computer sollen die geänderten Daten um Nummer sicher zu gehen zuerst unberührt bleiben
Wenn alles gut geht, kannst Du dann am PC weiter machen

3.
Vorgehen beim Verschlüsselungs-Trojaner :-> http://www.trojaner-board.de/114783-...ubersicht.html
► SemperVideo hat ein Video zum Thema erstellt.
** Außerdem kannst versuchen die verschlüsselte Dateien auf einen leeren USB Stick speichern. Wenn Du weiß was für dateien sind (z.B *.jpg, *.doc usw) dann benenne sie alle wieder in Originalform wie vorher, also z.B in eine .jpg Datei

4.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

5.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
kira

Nanapi 23.05.2012 10:18
Danke Schonmal für die Antwort, hier habe ich schoneinmal den Malwarebytes Bericht:

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.23.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Nanapi :: NANAPI-PC [Administrator]

Schutz: Aktiviert

23.05.2012 11:04:40
mbam-log-2012-05-23 (11-04-40).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222482
Laufzeit: 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Zu den Punkten 2 und 3:

Ich habe soeben mit einem Beispielbild versucht die Datei wieder in eine .jpg zu ändern (auf einem USB Stick) und es hat funktioniert! Ich hoffe das ist schonmal die halbe Miete.

Zu Punkt 4:
OTL.txt
OTL Logfile:
Code:
OTL logfile created on: 23.05.2012 11:19:43 - Run 1
OTL by OldTimer - Version 3.2.43.1    Folder = C:\Users\Nanapi\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,98 Gb Available Physical Memory | 74,73% Memory free
16,00 Gb Paging File | 13,70 Gb Available in Paging File | 85,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,95 Gb Total Space | 265,48 Gb Free Space | 57,97% Space Free | Partition Type: NTFS
Drive D: | 360,81 Gb Total Space | 335,14 Gb Free Space | 92,89% Space Free | Partition Type: NTFS
Drive F: | 497,05 Mb Total Space | 405,32 Mb Free Space | 81,54% Space Free | Partition Type: FAT
Drive M: | 97,66 Gb Total Space | 65,49 Gb Free Space | 67,06% Space Free | Partition Type: NTFS
 
Computer Name: NANAPI-PC | User Name: Nanapi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Nanapi\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\PCstunnel\stunnel.exe (**)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\DisplayFusion\AppHookx86.exe (Binary Fortress Software)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\AChat\AChat.exe (AChat team)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\PCstunnel\ZLIB1.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (sesvc) -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (WRfiltv) -- C:\Windows\SysNative\drivers\WRfiltv.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 80 7F 7D CA FB CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109989&babsrc=SP_ss&mntrId=0606b79a000000000000002511a295ca
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 174.142.166.19:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 15:50:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.06 22:23:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.03.06 22:23:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nanapi\AppData\Roaming\mozilla\Extensions
[2012.05.22 23:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nanapi\AppData\Roaming\mozilla\Firefox\Profiles\75y9d9j9.default\extensions
[2012.04.25 15:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\NANAPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\75Y9D9J9.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.04.25 15:50:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.16 03:03:07 | 000,000,905 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 10.6.0.2 www.emea.alchemicdream.org
O1 - Hosts: www.emea.alchemicdream.org to 10.6.0.1
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AChat] C:\Program Files (x86)\AChat\AChat.exe (AChat team)
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_SD0A7.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] "M:\utorrent\uTorrent.exe"  /MINIMIZED File not found
O4 - Startup: C:\Users\Nanapi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AD Talk.lnk = C:\Program Files (x86)\AD Talk\AD Talk.exe (Deckers & Staelens VOF)
O4 - Startup: C:\Users\Nanapi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Nanapi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PCstunnel.lnk = C:\Program Files (x86)\PCstunnel\stunnel.exe (Michal Trojnara)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BC62D34-F182-43D9-8A3A-E228EDD5D5E0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6433050e-67bb-11e1-ad09-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6433050e-67bb-11e1-ad09-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.22 19:06:52 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\www.shadowexplorer.com
[2012.05.22 19:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2012.05.22 19:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShadowExplorer
[2012.05.22 17:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.22 17:44:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.22 16:23:06 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\Malwarebytes
[2012.05.22 16:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.22 16:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.22 16:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Inspector File Recovery
[2012.05.22 15:34:52 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\Avira
[2012.05.22 15:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.05.22 15:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.05.14 21:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012.05.14 21:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012.05.11 15:33:21 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\SFBot
[2012.05.11 15:33:06 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\Desktop\sf
[2012.05.10 22:45:17 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Local\Funcom
[2012.05.10 22:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom
[2012.05.10 22:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funcom
[2012.05.09 16:54:37 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.05.09 16:54:37 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.09 16:54:37 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.05.09 16:54:37 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.05.09 16:54:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.05.09 16:54:17 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.09 16:54:16 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.09 16:54:16 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.09 13:03:20 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\.thumbnails
[2012.05.09 13:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2012.05.09 13:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2012.05.04 17:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012.04.27 14:50:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.04.27 14:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012.04.27 14:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012.04.27 14:31:14 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Local\WinZip
[2012.04.27 14:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012.04.27 14:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2012.04.27 14:29:47 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\uTorrent
[2012.04.25 15:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.25 15:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.23 11:12:53 | 001,612,560 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.23 11:12:53 | 000,696,638 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.23 11:12:53 | 000,651,956 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.23 11:12:53 | 000,147,934 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.23 11:12:53 | 000,120,888 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.23 11:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.23 10:49:11 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 10:49:11 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 10:41:40 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012.05.23 10:41:34 | 2146,807,807 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.22 23:35:10 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012.05.22 23:35:10 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012.05.22 23:23:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA(51).DAT
[2012.05.22 23:22:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat(36).dat
[2012.05.22 19:06:44 | 000,001,885 | ---- | M] () -- C:\Users\Nanapi\Desktop\ShadowExplorer.lnk
[2012.05.22 17:44:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.22 14:41:18 | 000,000,000 | ---- | M] () -- C:\Users\Nanapi\Desktop\LsLAqLAELAvgrvguvgs
[2012.05.14 21:43:36 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.10 23:59:36 | 000,000,554 | ---- | M] () -- C:\Users\Nanapi\Desktop\XGVvElUJApGuyasd
[2012.05.10 22:45:16 | 000,001,203 | ---- | M] () -- C:\Users\Public\Desktop\The Secret World.lnk
[2012.05.10 12:55:11 | 002,222,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.09 13:02:59 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Blender.lnk
[2012.05.07 23:19:16 | 000,001,405 | ---- | M] () -- C:\Users\Nanapi\Desktop\Photoshop (2) - Verknüpfung.lnk
[2012.05.05 15:01:08 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.05 15:01:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.05 15:01:03 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.29 15:47:45 | 001,565,686 | ---- | M] () -- C:\Users\Nanapi\Desktop\VGUGdfxaeDTsXaeL
[2012.04.29 15:47:45 | 001,565,686 | ---- | M] () -- C:\Users\Nanapi\Desktop\mcpatcher-2.3.6_02.exe
[2012.04.29 15:25:01 | 000,278,561 | ---- | M] () -- C:\Users\Nanapi\Desktop\Minecraft(1).exe
 
========== Files Created - No Company Name ==========
 
[2012.05.22 23:31:15 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012.05.22 23:31:15 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012.05.22 19:06:44 | 000,001,885 | ---- | C] () -- C:\Users\Nanapi\Desktop\ShadowExplorer.lnk
[2012.05.22 17:44:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.22 16:45:08 | 000,879,394 | ---- | C] () -- C:\Users\Nanapi\Desktop\Chrysanthemum.jpg
[2012.05.22 16:45:08 | 000,845,941 | ---- | C] () -- C:\Users\Nanapi\Desktop\Desert.jpg
[2012.05.22 16:45:08 | 000,780,831 | ---- | C] () -- C:\Users\Nanapi\Desktop\Koala.jpg
[2012.05.22 16:45:08 | 000,777,835 | ---- | C] () -- C:\Users\Nanapi\Desktop\Penguins.jpg
[2012.05.22 16:45:08 | 000,620,888 | ---- | C] () -- C:\Users\Nanapi\Desktop\Tulips.jpg
[2012.05.22 16:45:08 | 000,595,284 | ---- | C] () -- C:\Users\Nanapi\Desktop\Hydrangeas.jpg
[2012.05.22 16:45:08 | 000,561,276 | ---- | C] () -- C:\Users\Nanapi\Desktop\Lighthouse.jpg
[2012.05.22 16:43:36 | 000,027,648 | ---- | C] () -- C:\Users\Nanapi\Desktop\VuAefJNoXxgEeGOnyXdQj
[2012.05.22 16:43:36 | 000,027,648 | ---- | C] () -- C:\Users\Nanapi\Desktop\unDdGNATsNLatgJ
[2012.05.22 16:43:36 | 000,022,324 | ---- | C] () -- C:\Users\Nanapi\Desktop\ryXsNqXeVdvsVvLlnlUO
[2012.05.22 16:43:36 | 000,022,020 | ---- | C] () -- C:\Users\Nanapi\Desktop\pxvALDdgolUvEe
[2012.05.22 16:43:36 | 000,021,146 | ---- | C] () -- C:\Users\Nanapi\Desktop\UQEedrEjTVvATfJNEX
[2012.05.14 21:22:37 | 000,001,207 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.10 22:45:16 | 000,001,203 | ---- | C] () -- C:\Users\Public\Desktop\The Secret World.lnk
[2012.05.09 13:02:59 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Blender.lnk
[2012.05.07 23:19:31 | 000,001,405 | ---- | C] () -- C:\Users\Nanapi\Desktop\Photoshop (2) - Verknüpfung.lnk
[2012.04.29 15:47:42 | 001,565,686 | ---- | C] () -- C:\Users\Nanapi\Desktop\VGUGdfxaeDTsXaeL
[2012.04.29 15:47:42 | 001,565,686 | ---- | C] () -- C:\Users\Nanapi\Desktop\mcpatcher-2.3.6_02.exe
[2012.04.29 15:25:01 | 000,278,561 | ---- | C] () -- C:\Users\Nanapi\Desktop\Minecraft(1).exe
[2012.04.27 14:53:48 | 000,000,872 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2012.04.27 14:52:45 | 000,000,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2012.04.27 14:51:46 | 000,001,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2012.04.27 14:51:38 | 000,000,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
[2012.04.27 14:50:28 | 000,000,846 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
[2012.03.26 16:03:36 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.03.26 15:13:58 | 001,588,838 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.07 20:32:17 | 000,001,801 | ---- | C] () -- C:\Windows\WRcfg.ini
[2012.03.07 20:32:17 | 000,000,388 | ---- | C] () -- C:\Windows\WRMCcfg.ini
[2012.03.07 20:32:16 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.03.07 20:32:16 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

< End of report >
--- --- ---


Extras.txt
OTL Logfile:
Code:
OTL Extras logfile created on: 23.05.2012 11:19:43 - Run 1
OTL by OldTimer - Version 3.2.43.1    Folder = C:\Users\Nanapi\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,98 Gb Available Physical Memory | 74,73% Memory free
16,00 Gb Paging File | 13,70 Gb Available in Paging File | 85,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,95 Gb Total Space | 265,48 Gb Free Space | 57,97% Space Free | Partition Type: NTFS
Drive D: | 360,81 Gb Total Space | 335,14 Gb Free Space | 92,89% Space Free | Partition Type: NTFS
Drive F: | 497,05 Mb Total Space | 405,32 Mb Free Space | 81,54% Space Free | Partition Type: FAT
Drive M: | 97,66 Gb Total Space | 65,49 Gb Free Space | 67,06% Space Free | Partition Type: NTFS
 
Computer Name: NANAPI-PC | User Name: Nanapi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06248BC0-EA70-4B32-B915-F222365A48BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B31D0C1-A874-4A9D-BE60-625A99338F03}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{1F18F33E-2C92-4568-AF6D-FFF2137E8607}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{226D70CB-B3F5-410C-977E-46456A13DD76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{30C8F297-0D3C-40EF-9621-3E22C7B125AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31B8A62B-4770-46BA-BD85-1395A487FB03}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3CFB4309-9C0A-4D24-A049-8D207388EB21}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D44EB6C-03C2-4B52-B7C1-BE65C2FEA92C}" = rport=137 | protocol=17 | dir=out | app=system |
"{5D69EFA4-AF7C-4196-9094-AB719EE591C4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80B89988-9D3E-4309-A0C0-355534466E4A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{81700DA7-AC37-42D7-A398-F79638CD9F54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{862E4826-E4F6-41AE-8CC9-AEA745871284}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8D539E87-7808-467A-90E4-1FAF0B80E8EA}" = rport=445 | protocol=6 | dir=out | app=system |
"{8D72B97B-5EB7-47D2-844A-571309556963}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{925DE13B-920F-4909-B766-130A91BC6C96}" = rport=10243 | protocol=6 | dir=out | app=system |
"{99100CAD-B7B2-4FA5-8934-989FFB0616AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A2C55B2-0A4C-495A-94FC-0712E99F463E}" = rport=138 | protocol=17 | dir=out | app=system |
"{A9DDA244-A4B1-4095-A252-352C3A4D70BD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB7F73ED-4A9B-442E-BBD7-6FD42EA57E73}" = lport=139 | protocol=6 | dir=in | app=system |
"{BBE57936-668C-4A63-B881-136D1297FAAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5665E03-FDDA-41C4-AC9F-3ADB1DAC7DE4}" = lport=138 | protocol=17 | dir=in | app=system |
"{DA786DF6-BA89-49CE-A817-7ED3E25B3FBA}" = lport=445 | protocol=6 | dir=in | app=system |
"{DB868C6B-F52E-4972-8719-ADDFF9E77BEC}" = rport=139 | protocol=6 | dir=out | app=system |
"{F8755E77-6AB6-41B4-9F32-9C5BA4827D51}" = lport=137 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014D30DA-E7BC-43EA-AC26-E767613B465F}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{0B71C2DF-4252-443E-9DBD-388D2B9E7144}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{127F4632-8877-4D32-BCAC-D21A7DF41E1F}" = protocol=17 | dir=in | app=m:\utorrent\utorrent.exe |
"{194AC8CB-0895-40D1-8676-264075E8E41D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1A0B42FD-BB7C-4F53-A8B0-6BF992D537AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A972EDD-060E-4841-A961-C85DBD06947D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1B0D02E3-76CD-44C9-8C0A-544768E255B4}" = protocol=6 | dir=in | app=d:\games\mass effect\binaries\masseffect.exe |
"{1DF23F37-2081-433C-9733-B1F1C094C9E1}" = protocol=6 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe |
"{21211307-0A76-446D-964C-5CD830AD1228}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\star wars - the old republic\launcher.exe |
"{284FA45B-B622-491F-BBFE-E908BB0EAAAA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2863E1F1-F5EF-4A19-81AF-D2DC87AB1451}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{2969915D-48B5-4536-8287-6A7B680ADB65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{497A6276-C84D-4AFD-ABB5-8E9A0A90E77C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe |
"{4B8CC211-426C-429F-9279-DB132294DB04}" = protocol=17 | dir=in | app=d:\games\mass effect\binaries\masseffect.exe |
"{5A55004D-8099-4FA4-8FE8-8896A68040CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5E85D880-B01A-434A-9B55-238C93285957}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5F6D52D0-A388-4397-827D-B1E3458FB90B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63A200C5-BD29-41FA-9810-B6D388CF5372}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
"{65CE6DF4-A82A-4E1D-8DF6-A55318A30C75}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6CF0F469-5C2A-4200-BD31-D0C8F2F5B9EA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{6D175E44-54E7-4AB0-9029-51E8CB4589A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FBE7749-6129-400C-A0C5-AB707EE41C11}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{76D19408-3DEB-4613-A24A-D605E12A273A}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{783B5E0E-EF13-4C72-A0B3-B923F7EBABE0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{7AB2C367-7E61-472F-9AC7-B04778177FCB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7AEF7A29-5BE0-4E1A-80A7-737A48F6190F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8D9363F3-E7BB-4F3D-98A8-D66263FCE3CA}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
"{8FEF9E21-96F0-4F9A-A7BC-C6D9323726E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe |
"{90027F42-FCDC-44A6-B820-1A01230EB7D9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9381FFC7-9D17-4A3E-90DD-C2DFEA6B28CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{984B7067-D2CA-4350-8880-AB6733CC1667}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{993A979C-E059-4DFC-B277-EA1D53CAED4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9E6F57D8-0F4F-4EB4-A407-D725932775B1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{A506929A-6438-41AE-B291-98BA15E6234E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\star wars - the old republic\launcher.exe |
"{AB66DBE2-BAC6-4491-97A5-3BE55A60EB4B}" = protocol=6 | dir=out | app=system |
"{AEF18C25-28B4-4D00-9B5A-6A834099BBDD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AF93B265-2E8F-44D1-A65C-532CAE030B20}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{BE8759F4-C72D-4DE2-8FE9-E64EF0544B79}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C3C7D8BC-FD19-4A73-AFF8-274798BFB743}" = protocol=17 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe |
"{CD4CECDA-2CB1-4879-BC39-0DC8338ED3FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD76FB3E-9112-4AB5-BBFB-5EDCDFE4D92D}" = protocol=6 | dir=in | app=d:\games\mass effect\masseffectlauncher.exe |
"{D0100B5B-E60F-40D9-AB70-71A5ED34A64E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D0CD1FC4-3348-4E35-87A2-1ABB981FC8D7}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{D68F30F7-483B-486E-9D85-6EF61AE7980D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{D8C19521-F52A-445E-AEA3-DAC102925641}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{DD86C093-B3D1-433C-9A53-CEB0495ED7B5}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{DEB02804-B2F8-42F4-A8AF-324AF4CE71C7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DF175AC8-A4CA-4C80-8FAE-91EC3BE3385E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{E334D512-10F9-462E-AC94-5A1A2E07A1D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe |
"{E41FF75D-D7CC-4F6D-BB55-BA7B852C3688}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EFE79E4A-4BDC-4F8B-83FB-05498BE7BA33}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0E3172D-1CC4-46A6-899F-D20ED472C1F5}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{F3B06FD4-E3D7-44C7-92AA-19FA60D2A54B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6129A19-53AA-4262-93C3-B56EF918BE94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe |
"{F971813C-A066-4219-B72F-04D24058F187}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F9724F1E-656B-41A0-A0E4-BD62A3EF3B0B}" = protocol=6 | dir=in | app=m:\utorrent\utorrent.exe |
"{FBC9DFED-23FC-4CF9-9510-BFB9317CC45D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD50A586-17AB-482B-B3E4-2C725EA49D24}" = protocol=17 | dir=in | app=d:\games\mass effect\masseffectlauncher.exe |
"TCP Query User{080124C2-1E04-4243-A3C2-C22C908197B6}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"TCP Query User{0E4FD924-A82A-421E-B63B-670E337C0AC0}C:\program files (x86)\achat\achat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\achat\achat.exe |
"TCP Query User{26CEE0C0-1FE8-4801-98BA-16EDAAF48C06}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"TCP Query User{32D08A13-484D-41A2-AB96-3951E01BE1B7}C:\program files (x86)\diablo iii beta\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"TCP Query User{49A917EC-CEBD-4ED8-8FBE-576ADEE372C8}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe |
"TCP Query User{57467F4C-6AA1-426D-93D2-23A11926EAD0}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"TCP Query User{5BB88F56-9899-4197-B2D7-4478270F9735}C:\program files (x86)\achat\achat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\achat\achat.exe |
"TCP Query User{788AFC9D-892B-4BBB-90CF-BF7DBB6521E8}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{FF2F4937-FB21-4D41-8AFC-21C556C02442}C:\program files (x86)\ad talk\ad talk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe |
"UDP Query User{16006B64-D67E-471A-904E-12F46D53C135}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{2B223835-467E-4A5D-ABD2-E2721719EFD6}C:\program files (x86)\ad talk\ad talk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe |
"UDP Query User{4BC95F01-3A3A-4E94-A4D9-0C5E94C71098}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"UDP Query User{650A81CD-026C-4028-9C2A-FAA3D80A3065}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{7B529A3C-3CC0-4530-8E8D-C2A3C216DBC0}C:\program files (x86)\diablo iii beta\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"UDP Query User{A463C496-3A70-4FE1-BD2A-3882414C7FCE}C:\program files (x86)\achat\achat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\achat\achat.exe |
"UDP Query User{C6C47C5E-9419-41EF-9EC5-906606DFCE51}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe |
"UDP Query User{E82A1280-FCBF-4918-8BAA-51B70B9E1CC9}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"UDP Query User{FB3F8E85-11DF-49E5-A863-87DF47941D80}C:\program files (x86)\achat\achat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\achat\achat.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1" = Free Opener
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Blender" = Blender
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Pen Tablet Driver" = Bamboo
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08FD4323-8909-4973-BD2E-7250D2D93D0C}_is1" = Auto Mouse Mover 1.3.3
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E00F999C-80D1-460F-BCE1-CD0140215CBC}}_is1" = openCanvas 5.1.04
"{E010C6F5-3EE2-4293-A461-0FFCF4CF01A5}" = Sound Blaster World of Warcraft Wireless Headset
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"5513-1208-7298-9440" = JDownloader 0.9
"AChat_is1" = AChat v0.150
"AD Talk" = AD Talk
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AudibleManager" = AudibleManager
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.4.0
"BabylonToolbar" = Babylon toolbar on IE
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"EVEMon" = EVEMon
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenVPN" = OpenVPN 2.1_rc22
"Opera 11.61.1250" = Opera 11.61
"Origin" = Origin
"PCstunnel" = PCstunnel
"ShadowExplorer_is1" = ShadowExplorer 0.8
"Steam App 8510" = EVE Online Demo
"SysInfo" = Creative Systeminformationen
"The Secret World_is1" = The Secret World
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.0
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fc3cd95d63145b11" = RightNow (frogster)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.05.2012 15:02:55 | Computer Name = Nanapi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TheSecretWorldDX11.exe, Version:
1.0.0.0, Zeitstempel: 0x4fac9686  Name des fehlerhaften Moduls: TheSecretWorldDX11.exe,
 Version: 1.0.0.0, Zeitstempel: 0x4fac9686  Ausnahmecode: 0xc0000005  Fehleroffset:
0x005e2653  ID des fehlerhaften Prozesses: 0x23dc  Startzeit der fehlerhaften Anwendung:
 0x01cd2fa856e505c4  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Funcom\The
 Secret World\TheSecretWorldDX11.exe  Pfad des fehlerhaften Moduls: C:\Program Files
 (x86)\Funcom\The Secret World\TheSecretWorldDX11.exe  Berichtskennung: e9f58cb1-9b9b-11e1-810e-002511a295ca
 
Error - 11.05.2012 15:04:04 | Computer Name = Nanapi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TheSecretWorldDX11.exe, Version:
1.0.0.0, Zeitstempel: 0x4fac9686  Name des fehlerhaften Moduls: TheSecretWorldDX11.exe,
 Version: 1.0.0.0, Zeitstempel: 0x4fac9686  Ausnahmecode: 0xc0000005  Fehleroffset:
0x005e2653  ID des fehlerhaften Prozesses: 0x1938  Startzeit der fehlerhaften Anwendung:
 0x01cd2fa8bcfa42fb  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Funcom\The
 Secret World\TheSecretWorldDX11.exe  Pfad des fehlerhaften Moduls: C:\Program Files
 (x86)\Funcom\The Secret World\TheSecretWorldDX11.exe  Berichtskennung: 132e8577-9b9c-11e1-810e-002511a295ca
 
Error - 12.05.2012 05:34:06 | Computer Name = Nanapi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TheSecretWorldDX11.exe, Version:
1.0.0.0, Zeitstempel: 0x4fac9686  Name des fehlerhaften Moduls: TheSecretWorldDX11.exe,
 Version: 1.0.0.0, Zeitstempel: 0x4fac9686  Ausnahmecode: 0xc0000005  Fehleroffset:
0x004f80c5  ID des fehlerhaften Prozesses: 0x118c  Startzeit der fehlerhaften Anwendung:
 0x01cd30212c8682a4  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Funcom\The
 Secret World\TheSecretWorldDX11.exe  Pfad des fehlerhaften Moduls: C:\Program Files
 (x86)\Funcom\The Secret World\TheSecretWorldDX11.exe  Berichtskennung: 9de15e50-9c15-11e1-bbdc-002511a295ca
 
Error - 12.05.2012 18:24:33 | Computer Name = Nanapi-PC | Source = Application Hang | ID = 1002
Description = Programm launcher.exe, Version 3.1.9.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 15cc    Startzeit:
 01cd308ddaa05e20    Endzeit: 5    Anwendungspfad: C:\Program Files (x86)\Origin Games\Star
 Wars - The Old Republic\launcher.exe    Berichts-ID: 310638a7-9c81-11e1-bbdc-002511a295ca

 
Error - 22.05.2012 09:25:28 | Computer Name = Nanapi-PC | Source = Application Hang | ID = 1002
Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: e00    Startzeit: 01cd381e52ea9ba9    Endzeit: 6    Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE

Berichts-ID:
 95e7000c-a411-11e1-a6ff-002511a295ca 
 
Error - 22.05.2012 09:52:40 | Computer Name = Nanapi-PC | Source = .NET Runtime | ID = 1026
Description =
 
Error - 22.05.2012 09:52:41 | Computer Name = Nanapi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RightNow.Installer.exe, Version:
11.2.6.126, Zeitstempel: 0x4f235559  Name des fehlerhaften Moduls: KERNELBASE.dll,
 Version: 6.1.7600.16850, Zeitstempel: 0x4e211da1  Ausnahmecode: 0xe0434352  Fehleroffset:
 0x000000000000a88d  ID des fehlerhaften Prozesses: 0x864  Startzeit der fehlerhaften
 Anwendung: 0x01cd38215d084e08  Pfad der fehlerhaften Anwendung: C:\Users\Nanapi\AppData\Local\Apps\2.0\V1NM763D.BQD\PQECB571.7EL\righ..ster_a97a87e43982fbb5_000b.0002_a8e19043459aafca\RightNow.Installer.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 65ad9545-a415-11e1-be5a-002511a295ca
 
Error - 22.05.2012 10:05:52 | Computer Name = Nanapi-PC | Source = .NET Runtime | ID = 1026
Description =
 
Error - 22.05.2012 10:05:53 | Computer Name = Nanapi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RightNow.Installer.exe, Version:
11.2.6.126, Zeitstempel: 0x4f235559  Name des fehlerhaften Moduls: KERNELBASE.dll,
 Version: 6.1.7600.16850, Zeitstempel: 0x4e211da1  Ausnahmecode: 0xe0434352  Fehleroffset:
 0x000000000000a88d  ID des fehlerhaften Prozesses: 0x9d4  Startzeit der fehlerhaften
 Anwendung: 0x01cd3823fa8113b3  Pfad der fehlerhaften Anwendung: C:\Users\Nanapi\AppData\Local\Apps\2.0\V1NM763D.BQD\PQECB571.7EL\righ..ster_a97a87e43982fbb5_000b.0002_a8e19043459aafca\RightNow.Installer.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 3dc88bef-a417-11e1-be5a-002511a295ca
 
Error - 22.05.2012 18:02:37 | Computer Name = Nanapi-PC | Source = System Restore | ID = 8210
Description =
 
[ System Events ]
Error - 20.05.2012 01:07:55 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 20.05.2012 01:07:55 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 22.05.2012 08:59:48 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EPSON V5 Service4(01)" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%2
 
Error - 22.05.2012 08:59:48 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EPSON V3 Service4(01)" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%2
 
Error - 22.05.2012 09:21:56 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 22.05.2012 09:21:56 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 22.05.2012 11:15:52 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 22.05.2012 11:15:52 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 22.05.2012 17:49:13 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 22.05.2012 17:49:13 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
 
< End of report >
--- --- ---
und CCleaner:
Code:
AChat v0.150        SourceForge.NET        09.03.2012                0.150
Adobe Flash Player 11 ActiveX 64-bit        Adobe Systems Incorporated        04.05.2012        6,00MB        11.2.202.235
Adobe Flash Player 11 Plugin 64-bit        Adobe Systems Incorporated        04.05.2012        6,00MB        11.2.202.235
Adobe Photoshop CS3        Adobe Systems Incorporated        22.05.2012        1.127MB        10.0
Adobe Reader X (10.1.3) - Deutsch        Adobe Systems Incorporated        15.05.2012        121,5MB        10.1.3
AION Free-To-Play        Gameforge        25.03.2012        22,6MB        2.70.0000
Apple Application Support        Apple Inc.        13.03.2012        61,0MB        2.1.7
Apple Mobile Device Support        Apple Inc.        13.03.2012        24,9MB        5.1.1.4
Apple Software Update        Apple Inc.        13.03.2012        2,38MB        2.1.3.127
AudibleManager        Audible, Inc.        22.05.2012                2006659200.48.56.36113642
Auto Mouse Mover 1.3.3        MurGee.com        10.05.2012        0,73MB        1.3
Babylon toolbar on IE                22.05.2012               
Bamboo        Wacom Technology Corp.        18.04.2012                5.2.5-5
Blender        Blender Foundation        08.05.2012                2.63-release
Bonjour        Apple Inc.        13.03.2012        2,00MB        3.0.0.10
CCleaner        Piriform        22.05.2012                3.18
Creative Systeminformationen                22.05.2012               
DAEMON Tools Lite        DT Soft Ltd        22.05.2012                4.45.3.0297
Diablo III        Blizzard Entertainment        22.05.2012                1.0.1.9558
DisplayFusion 3.4.0        Binary Fortress Software        05.03.2012        7,23MB        3.4.0.0
EPSON SX210 Series Printer Uninstall        SEIKO EPSON Corporation        11.05.2012               
EVE Online Demo        CCP        22.05.2012               
EVEMon        battleclinic.com        22.05.2012                1.6.0.3464
Free Opener        EZ Freeware        25.03.2012        52,5MB        1.4
Google Chrome        Google Inc.        22.05.2012                19.0.1084.46
iTunes        Apple Inc.        28.03.2012        156,9MB        10.6.1.7
Java(TM) 6 Update 22        Oracle        25.03.2012        97,1MB        6.0.220
Java(TM) 6 Update 31        Oracle        24.03.2012        95,1MB        6.0.310
JDownloader 0.9        AppWork GmbH        22.05.2012                0.9
K-Lite Codec Pack 7.0.0 (Standard)                25.03.2012        33,0MB        7.0.0
Logitech Gaming Software 8.20        Logitech Inc.        06.03.2012        76,6MB        8.20.74
Malwarebytes Anti-Malware Version 1.61.0.1400        Malwarebytes Corporation        21.05.2012        18,0MB        1.61.0.1400
Mass Effect        Electronic Arts, Inc.        22.05.2012                1.00
Mass Effect™ 3        Electronic Arts        22.05.2012                1.0.0.0
McAfee Security Scan Plus        McAfee, Inc.        22.05.2012        8,30MB        2.0.181.2
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        25.03.2012        38,8MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        25.03.2012        2,94MB        4.0.30319
Microsoft .NET Framework 4 Extended        Microsoft Corporation        25.03.2012        52,0MB        4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack        Microsoft Corporation        25.03.2012        10,7MB        4.0.30319
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        05.03.2012        0,42MB        8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        05.03.2012        0,77MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        25.03.2012        0,77MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        06.03.2012        0,23MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        05.03.2012        0,58MB        9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219        Microsoft Corporation        05.03.2012        13,8MB        10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        05.03.2012        11,1MB        10.0.40219
Mozilla Firefox 12.0 (x86 de)        Mozilla        22.05.2012        36,2MB        12.0
Mozilla Maintenance Service        Mozilla        22.05.2012        0,21MB        12.0
Mozilla Thunderbird 12.0.1 (x86 de)        Mozilla        22.05.2012        38,1MB        12.0.1
NC Launcher (GameForge)        NCsoft        22.05.2012               
NVIDIA 3D Vision Controller-Treiber 295.73        NVIDIA Corporation        05.03.2012                295.73
NVIDIA 3D Vision Treiber 295.73        NVIDIA Corporation        05.03.2012                295.73
NVIDIA Grafiktreiber 295.73        NVIDIA Corporation        05.03.2012                295.73
NVIDIA PhysX-Systemsoftware 9.12.0209        NVIDIA Corporation        05.03.2012                9.12.0209
NVIDIA Update 1.7.11        NVIDIA Corporation        05.03.2012                1.7.11
openCanvas 5.1.04        portalgraphics.net        18.04.2012        6,64MB        5.1.04
OpenOffice.org 3.3        OpenOffice.org        25.03.2012        415MB        3.3.9567
OpenVPN 2.1_rc22                22.05.2012                2.1_rc22
Opera 11.61        Opera Software ASA        22.05.2012                11.61.1250
Origin        Electronic Arts, Inc.        22.05.2012                8.5.0.4554
PCstunnel                22.05.2012               
ShadowExplorer 0.8        ShadowExplorer.com        21.05.2012                0.8.430.0
Skype™ 5.8        Skype Technologies S.A.        05.03.2012        19,0MB        5.8.158
Sound Blaster World of Warcraft Wireless Headset        Creative Technology Limited        22.05.2012                1.0
Star Wars: The Old Republic        Electronic Arts, Inc.        22.05.2012                1.0.0.0
Steam        Valve Corporation        05.03.2012        35,5MB        1.0.0.0
The Secret World        Funcom        09.05.2012                1.0.0
VLC media player 2.0.0        VideoLAN        22.05.2012                2.0.0
VoiceOver Kit        Apple Inc.        14.05.2012        41,8MB        1.42.128.0
WebTablet FB Plugin        Wacom Technology Corp.        22.05.2012                2.0.0.1
WebTablet IE Plugin        Wacom Technology Corp.        22.05.2012                1.1.0.12
WebTablet Netscape Plugin        Wacom Technology Corp.        22.05.2012                1.1.0.10
WinRAR 4.11 (64-Bit)        win.rar GmbH        06.03.2012                4.11.0
WinZip 16.0        WinZip Computing, S.L.        26.04.2012        88,2MB        16.0.9715
µTorrent                22.05.2012                3.1.3

kira 23.05.2012 15:14
1.
Deinstalliere, falls unter Systemsteuerung-> Software/Programme existiert:
Code:
Babylon toolbar <- Adware
Leider oft tragen sich "ungebetene Gäste direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars
Zitat:
Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
die aktuelle Webseite als Startseite unter die Lupe nehmen
unter Extras ⇒ Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!
2.
Hast du es denn in der Hosts selbst eingetragen bzw absichtlich zugefügt? Wenn ja, warum?
Code:
O1 - Hosts: 10.6.0.2 www.emea.alchemicdream.org
O1 - Hosts: www.emea.alchemicdream.org to 10.6.0.1
3.
Hast Du absichtlich die IP so als Proxy eingestellt?
Code:
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 174.142.166.19:3128
Wenn ja, warum? Wenn nein:
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus
im Internet Explorer:
Extras => Internetoptionen => Verbindungen => Lan-Einstellungen
Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen.

4.
Wenn Du nicht absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten (vermutlich durch Adobe Reader), deinstalliere:
Code:
McAfee Security Scan Plus
vermutlich über Adobe (Flash Player) auf dem rechner gelandet!
obwohl selbst die Programmierer/hersteller ein sehr gute Ruf hat, durch dieses "Helferprinzip" wird dein PC nicht noch mehr geschützt, aber beeinträchtigt die Systemleistung
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

5.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109989&babsrc=SP_ss&mntrId=0606b79a000000000000002511a295ca
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 174.142.166.19:3128
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6433050e-67bb-11e1-ad09-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6433050e-67bb-11e1-ad09-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

6.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version für 64 Bit: Java(TM) 7 Update 4 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

7.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

8.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

9.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
    Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

10.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

11.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

12.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

damit ich weiß, welche Änderungen Du vorgenommen hast:
Zitat:
► Berichte mir kurz über alle Umsetzungsschritte (zu jedem Punkt), die Du erledigt hast!
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Nanapi 23.05.2012 16:24
Hallo =)

1.
Is nun deinstalliert.

2. und 3.
Wurde bewusst so eingestellt, trozdem danke für den Hinweis!

4.
Ist nun auch deinstalliert.

5.
Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6433050e-67bb-11e1-ad09-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6433050e-67bb-11e1-ad09-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6433050e-67bb-11e1-ad09-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6433050e-67bb-11e1-ad09-806e6f6e6963}\ not found.
File E:\setup.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Nanapi\Downloads\cmd.bat deleted successfully.
C:\Users\Nanapi\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Nanapi
->Temp folder emptied: 568570885 bytes
->Temporary Internet Files folder emptied: 35814832 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1174897889 bytes
->Google Chrome cache emptied: 13071030 bytes
->Opera cache emptied: 17242391 bytes
->Flash cache emptied: 70625 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 98352340 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46356772 bytes
RecycleBin emptied: 30934761520 bytes
 
Total Files Cleaned = 31.366,00 mb
 
 
OTL by OldTimer - Version 3.2.43.1 log created on 05232012_164231

Files\Folders moved on Reboot...
C:\Users\Nanapi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
6.
Java wurde Aktualisiert!

8.
wurde ebenfalls behoben.

9.
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/23/2012 at 06:02 PM

Application Version : 5.0.1150

Core Rules Database Version : 8635
Trace Rules Database Version: 6447

Scan type      : Complete Scan
Total Scan Time : 00:34:59

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned      : 599
Memory threats detected  : 0
Registry items scanned    : 68166
Registry threats detected : 0
File items scanned        : 91633
File threats detected    : 2

Trojan.Agent/Gen-InstallIQ
        C:\USERS\NANAPI\DOWNLOADS\FREEOPENER2.0.1.0.EXE
        C:\USERS\NANAPI\DOWNLOADS\UGJDPTYONUGSPSDGVQ
--Rest folgt--

leider ist kein bearbeiten mehr möglich, daher muss es so gehen..

11.
den Scan habe ich nun auch durchgeführt, leider keine Log datei ausgespuckt bekommen, hatte aber auch keine Funde.

12.
OTL Logfile:
Code:
OTL logfile created on: 23.05.2012 19:50:47 - Run 3
OTL by OldTimer - Version 3.2.43.1    Folder = C:\Users\Nanapi\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,74 Gb Available Physical Memory | 71,81% Memory free
16,00 Gb Paging File | 13,01 Gb Available in Paging File | 81,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,95 Gb Total Space | 281,05 Gb Free Space | 61,37% Space Free | Partition Type: NTFS
Drive D: | 360,81 Gb Total Space | 348,24 Gb Free Space | 96,52% Space Free | Partition Type: NTFS
Drive F: | 497,05 Mb Total Space | 489,72 Mb Free Space | 98,52% Space Free | Partition Type: FAT
Drive M: | 97,66 Gb Total Space | 65,49 Gb Free Space | 67,06% Space Free | Partition Type: NTFS
 
Computer Name: NANAPI-PC | User Name: Nanapi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.23 16:40:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Nanapi\Downloads\OTL.exe
PRC - [2012.05.23 14:48:00 | 000,040,960 | ---- | M] (RightNow Technologies, Inc.) -- C:\Users\Nanapi\AppData\Roaming\RightNow_Technologies\frogster\InitEngine\RightNow.InitEngine.exe
PRC - [2012.05.22 17:15:13 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.04.25 15:50:06 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.25 15:03:24 | 000,993,792 | ---- | M] (Deckers & Staelens VOF) -- C:\Program Files (x86)\AD Talk\AD Talk.exe
PRC - [2012.03.19 21:36:48 | 000,043,008 | ---- | M] (Alchemic Dream Inc.) -- C:\Users\Nanapi\Desktop\AD Ticket Counter.exe
PRC - [2012.03.06 22:19:49 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.01.12 12:11:24 | 000,118,784 | ---- | M] (Michal Trojnara) -- C:\Program Files (x86)\PCstunnel\stunnel.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.07 22:11:56 | 000,659,224 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe
PRC - [2011.08.25 16:35:06 | 000,095,640 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\AppHookx86.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009.11.16 20:59:28 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2007.01.25 00:07:34 | 002,851,328 | ---- | M] (AChat team) -- C:\Program Files (x86)\AChat\AChat.exe
PRC - [2006.11.17 18:42:46 | 000,053,341 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.22 17:15:13 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.05.22 17:15:12 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.05.22 17:15:12 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2012.05.22 17:15:12 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.05.22 17:15:12 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.05.10 13:14:03 | 000,624,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\41d68b79da934255ca82b466b93d7938\System.AddIn.ni.dll
MOD - [2012.05.10 13:14:03 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\59be5fb54e018032511415f0b0523ee3\System.AddIn.Contract.ni.dll
MOD - [2012.05.10 13:13:04 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\a5b389ddffcb10f23884f01c0e1954d9\WindowsFormsIntegration.ni.dll
MOD - [2012.05.10 13:13:04 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\0a80fd3af7e48eb9cc9099fee5814dff\UIAutomationTypes.ni.dll
MOD - [2012.05.10 13:13:04 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\05787d96761cf20b76b927ace10ef1d3\UIAutomationProvider.ni.dll
MOD - [2012.05.10 13:12:26 | 000,391,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f44e12702dadeae606b8eaca609b1336\System.Xml.Linq.ni.dll
MOD - [2012.05.10 13:12:22 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\371591225ee369c94784e24dc22f2e45\System.ServiceProcess.ni.dll
MOD - [2012.05.10 13:12:18 | 001,897,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\65f64efe2aec0291c18453af0c3eb19b\System.Web.Services.ni.dll
MOD - [2012.05.10 13:12:16 | 001,781,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\9b6f1bcb2cf4e6ad429cd721b942f30f\System.Xaml.ni.dll
MOD - [2012.05.10 13:12:14 | 012,076,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\e9f1e1c33ec639a0945a6a4f2458b7b4\System.Web.ni.dll
MOD - [2012.05.10 13:12:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\082473bbeed448eb13a7f348cf33e98f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 13:11:42 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\62c1a496dff99a6e5f5e4278d31ca4c1\Accessibility.ni.dll
MOD - [2012.05.10 02:27:45 | 017,998,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\52f7c62736eb9b6370632e7eb99bec83\PresentationFramework.ni.dll
MOD - [2012.05.10 02:27:32 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9eebaf24f66d6f75e35bb3df6af1c9aa\PresentationCore.ni.dll
MOD - [2012.05.10 02:27:23 | 003,856,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\933e8e44a2b9361822b29aae6070e2a2\WindowsBase.ni.dll
MOD - [2012.05.10 02:27:22 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ee6e30c355ec2ffab1525b42253f7aef\PresentationFramework.Aero.ni.dll
MOD - [2012.05.10 02:25:44 | 011,002,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Design\51dfa58af4a59e4af2a4c2363246af21\System.Design.ni.dll
MOD - [2012.05.10 02:25:39 | 013,196,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e3290e9cf0eced36ca662cf67df4a939\System.Windows.Forms.ni.dll
MOD - [2012.05.10 02:25:34 | 007,052,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012.05.10 02:25:31 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012.05.10 02:25:31 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c821be068070b07a9a339ab7152bc95e\System.Drawing.ni.dll
MOD - [2012.05.10 02:25:29 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012.05.10 02:25:28 | 000,729,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\efe46aa882d9ac31f7fbbdc004fc99d5\System.Security.ni.dll
MOD - [2012.05.10 02:25:27 | 009,090,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012.05.10 02:25:22 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012.05.05 15:01:08 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012.04.25 15:50:06 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.03.26 16:43:31 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.02.09 21:05:16 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012.01.05 12:28:36 | 000,067,584 | ---- | M] () -- C:\Program Files (x86)\PCstunnel\ZLIB1.dll
MOD - [2010.12.31 13:05:52 | 000,090,112 | ---- | M] () -- C:\Users\Nanapi\AppData\Roaming\RightNow_Technologies\frogster\SiteFiles\FunctionValidator.dll
MOD - [2004.08.28 01:47:21 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\AD Talk\libbind.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.22 17:15:13 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.05 15:01:09 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.27 14:49:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.04.25 15:50:06 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.07 20:32:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012.03.07 20:31:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe -- (sesvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.20 15:26:26 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009.11.16 20:59:28 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.12.18 01:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007.01.12 01:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.07 10:43:49 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.09.08 17:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2011.09.08 17:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011.09.08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.11.20 15:26:50 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.07.31 12:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WRfiltv.sys -- (WRfiltv)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 80 7F 7D CA FB CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 15:50:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.06 22:23:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.03.06 22:23:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nanapi\AppData\Roaming\mozilla\Extensions
[2012.05.22 23:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nanapi\AppData\Roaming\mozilla\Firefox\Profiles\75y9d9j9.default\extensions
[2012.04.25 15:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\NANAPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\75Y9D9J9.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.04.25 15:50:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nanapi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin:  Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\Nanapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Nanapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Nanapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.12.16 03:03:07 | 000,000,905 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 10.6.0.2 www.emea.alchemicdream.org
O1 - Hosts: www.emea.alchemicdream.org to 10.6.0.1
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AChat] C:\Program Files (x86)\AChat\AChat.exe (AChat team)
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_SD0A7.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Nanapi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AD Talk.lnk = C:\Program Files (x86)\AD Talk\AD Talk.exe (Deckers & Staelens VOF)
O4 - Startup: C:\Users\Nanapi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Nanapi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PCstunnel.lnk = C:\Program Files (x86)\PCstunnel\stunnel.exe (Michal Trojnara)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BC62D34-F182-43D9-8A3A-E228EDD5D5E0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.23 17:07:19 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\SUPERAntiSpyware.com
[2012.05.23 17:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.05.23 17:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.05.23 17:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.05.23 16:42:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.23 12:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.23 12:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.05.23 12:12:15 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Local\Google
[2012.05.23 12:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.05.22 19:06:52 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\www.shadowexplorer.com
[2012.05.22 19:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2012.05.22 19:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShadowExplorer
[2012.05.22 17:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.22 17:44:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.22 16:23:06 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\Malwarebytes
[2012.05.22 16:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.22 16:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.22 16:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Inspector File Recovery
[2012.05.22 15:34:52 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\Avira
[2012.05.22 15:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.05.22 15:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.05.14 21:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012.05.14 21:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012.05.11 15:33:21 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\SFBot
[2012.05.11 15:33:06 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\Desktop\sf
[2012.05.10 22:45:17 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Local\Funcom
[2012.05.10 22:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom
[2012.05.10 22:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funcom
[2012.05.09 16:54:37 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.05.09 16:54:37 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.09 16:54:37 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.05.09 16:54:37 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.05.09 16:54:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.05.09 16:54:17 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.09 16:54:16 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.09 16:54:16 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.09 13:03:20 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\.thumbnails
[2012.05.09 13:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2012.05.09 13:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2012.05.04 17:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012.04.27 14:50:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.04.27 14:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012.04.27 14:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012.04.27 14:31:14 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Local\WinZip
[2012.04.27 14:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012.04.27 14:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2012.04.27 14:29:47 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\uTorrent
[2012.04.25 15:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.25 15:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.23 19:44:10 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 19:44:10 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 19:36:52 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.23 19:36:40 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012.05.23 19:36:34 | 2146,807,807 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.23 19:22:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.23 19:01:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.23 17:06:55 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.23 17:04:51 | 000,043,668 | ---- | M] () -- C:\Users\Nanapi\Documents\cc_20120523_170439.reg
[2012.05.23 11:12:53 | 001,612,560 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.23 11:12:53 | 000,696,638 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.23 11:12:53 | 000,651,956 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.23 11:12:53 | 000,147,934 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.23 11:12:53 | 000,120,888 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.22 23:35:10 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012.05.22 23:35:10 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012.05.22 23:23:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA(51).DAT
[2012.05.22 23:22:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat(36).dat
[2012.05.22 19:06:44 | 000,001,885 | ---- | M] () -- C:\Users\Nanapi\Desktop\ShadowExplorer.lnk
[2012.05.22 17:44:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.22 14:41:18 | 000,000,000 | ---- | M] () -- C:\Users\Nanapi\Desktop\LsLAqLAELAvgrvguvgs
[2012.05.14 21:43:36 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.10 23:59:36 | 000,000,554 | ---- | M] () -- C:\Users\Nanapi\Desktop\XGVvElUJApGuyasd
[2012.05.10 22:45:16 | 000,001,203 | ---- | M] () -- C:\Users\Public\Desktop\The Secret World.lnk
[2012.05.10 12:55:11 | 002,222,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.09 13:02:59 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Blender.lnk
[2012.05.07 23:19:16 | 000,001,405 | ---- | M] () -- C:\Users\Nanapi\Desktop\Photoshop (2) - Verknüpfung.lnk
[2012.05.05 15:01:08 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.05 15:01:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.05 15:01:03 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.29 15:47:45 | 001,565,686 | ---- | M] () -- C:\Users\Nanapi\Desktop\VGUGdfxaeDTsXaeL
[2012.04.29 15:47:45 | 001,565,686 | ---- | M] () -- C:\Users\Nanapi\Desktop\mcpatcher-2.3.6_02.exe
[2012.04.29 15:25:01 | 000,278,561 | ---- | M] () -- C:\Users\Nanapi\Desktop\Minecraft(1).exe
 
========== Files Created - No Company Name ==========
 
[2012.05.23 17:06:55 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.23 17:04:48 | 000,043,668 | ---- | C] () -- C:\Users\Nanapi\Documents\cc_20120523_170439.reg
[2012.05.23 12:12:21 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.23 12:12:19 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.22 23:31:15 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012.05.22 23:31:15 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012.05.22 19:06:44 | 000,001,885 | ---- | C] () -- C:\Users\Nanapi\Desktop\ShadowExplorer.lnk
[2012.05.22 17:44:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.22 16:45:08 | 000,845,941 | ---- | C] () -- C:\Users\Nanapi\Desktop\Desert.jpg
[2012.05.22 16:45:08 | 000,780,831 | ---- | C] () -- C:\Users\Nanapi\Desktop\Koala.jpg
[2012.05.22 16:45:08 | 000,777,835 | ---- | C] () -- C:\Users\Nanapi\Desktop\Penguins.jpg
[2012.05.22 16:45:08 | 000,620,888 | ---- | C] () -- C:\Users\Nanapi\Desktop\Tulips.jpg
[2012.05.22 16:45:08 | 000,561,276 | ---- | C] () -- C:\Users\Nanapi\Desktop\Lighthouse.jpg
[2012.05.22 16:43:36 | 000,027,648 | ---- | C] () -- C:\Users\Nanapi\Desktop\VuAefJNoXxgEeGOnyXdQj
[2012.05.22 16:43:36 | 000,027,648 | ---- | C] () -- C:\Users\Nanapi\Desktop\unDdGNATsNLatgJ
[2012.05.22 16:43:36 | 000,022,324 | ---- | C] () -- C:\Users\Nanapi\Desktop\ryXsNqXeVdvsVvLlnlUO
[2012.05.22 16:43:36 | 000,022,020 | ---- | C] () -- C:\Users\Nanapi\Desktop\pxvALDdgolUvEe
[2012.05.14 21:22:37 | 000,001,207 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.10 22:45:16 | 000,001,203 | ---- | C] () -- C:\Users\Public\Desktop\The Secret World.lnk
[2012.05.09 13:02:59 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Blender.lnk
[2012.05.07 23:19:31 | 000,001,405 | ---- | C] () -- C:\Users\Nanapi\Desktop\Photoshop (2) - Verknüpfung.lnk
[2012.04.29 15:47:42 | 001,565,686 | ---- | C] () -- C:\Users\Nanapi\Desktop\VGUGdfxaeDTsXaeL
[2012.04.29 15:47:42 | 001,565,686 | ---- | C] () -- C:\Users\Nanapi\Desktop\mcpatcher-2.3.6_02.exe
[2012.04.29 15:25:01 | 000,278,561 | ---- | C] () -- C:\Users\Nanapi\Desktop\Minecraft(1).exe
[2012.04.27 14:53:48 | 000,000,872 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2012.04.27 14:52:45 | 000,000,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2012.04.27 14:51:46 | 000,001,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2012.04.27 14:51:38 | 000,000,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
[2012.04.27 14:50:28 | 000,000,846 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
[2012.03.26 16:03:36 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.03.26 15:13:58 | 001,588,838 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.07 20:32:17 | 000,001,801 | ---- | C] () -- C:\Windows\WRcfg.ini
[2012.03.07 20:32:17 | 000,000,388 | ---- | C] () -- C:\Windows\WRMCcfg.ini
[2012.03.07 20:32:16 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.03.07 20:32:16 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== LOP Check ==========
 
[2012.05.22 23:58:06 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\.minecraft
[2012.05.23 00:00:41 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\AChat
[2012.05.22 15:41:45 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\AD Talk
[2012.05.22 14:48:10 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\Babylon
[2012.05.22 23:58:06 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\DAEMON Tools Lite
[2012.05.22 14:48:10 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\DisplayFusion
[2012.05.22 14:48:10 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\EVEMon
[2012.03.07 00:06:36 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\Leadertech
[2012.03.26 16:57:16 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\OpenOffice.org
[2012.03.06 20:57:18 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\Opera
[2012.05.22 14:48:15 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\Origin
[2012.05.22 23:58:08 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\portalgraphics
[2012.05.22 23:58:08 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\RightNow_Technologies
[2012.05.11 15:33:21 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\SFBot
[2012.03.06 22:23:15 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\Thunderbird
[2012.05.23 16:57:39 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\uTorrent
[2012.05.23 00:00:41 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\www.shadowexplorer.com
[2012.05.22 23:23:02 | 000,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA(51).DAT
[2009.07.14 07:08:49 | 000,030,366 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(52).TXT
[2009.07.14 07:08:49 | 000,030,870 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

OTL Logfile:
Code:
OTL Extras logfile created on: 23.05.2012 19:50:47 - Run 3
OTL by OldTimer - Version 3.2.43.1    Folder = C:\Users\Nanapi\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,74 Gb Available Physical Memory | 71,81% Memory free
16,00 Gb Paging File | 13,01 Gb Available in Paging File | 81,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,95 Gb Total Space | 281,05 Gb Free Space | 61,37% Space Free | Partition Type: NTFS
Drive D: | 360,81 Gb Total Space | 348,24 Gb Free Space | 96,52% Space Free | Partition Type: NTFS
Drive F: | 497,05 Mb Total Space | 489,72 Mb Free Space | 98,52% Space Free | Partition Type: FAT
Drive M: | 97,66 Gb Total Space | 65,49 Gb Free Space | 67,06% Space Free | Partition Type: NTFS
 
Computer Name: NANAPI-PC | User Name: Nanapi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06248BC0-EA70-4B32-B915-F222365A48BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B31D0C1-A874-4A9D-BE60-625A99338F03}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{1F18F33E-2C92-4568-AF6D-FFF2137E8607}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{226D70CB-B3F5-410C-977E-46456A13DD76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{30C8F297-0D3C-40EF-9621-3E22C7B125AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31B8A62B-4770-46BA-BD85-1395A487FB03}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3CFB4309-9C0A-4D24-A049-8D207388EB21}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D44EB6C-03C2-4B52-B7C1-BE65C2FEA92C}" = rport=137 | protocol=17 | dir=out | app=system |
"{5D69EFA4-AF7C-4196-9094-AB719EE591C4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80B89988-9D3E-4309-A0C0-355534466E4A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{81700DA7-AC37-42D7-A398-F79638CD9F54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{862E4826-E4F6-41AE-8CC9-AEA745871284}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8D539E87-7808-467A-90E4-1FAF0B80E8EA}" = rport=445 | protocol=6 | dir=out | app=system |
"{8D72B97B-5EB7-47D2-844A-571309556963}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{925DE13B-920F-4909-B766-130A91BC6C96}" = rport=10243 | protocol=6 | dir=out | app=system |
"{99100CAD-B7B2-4FA5-8934-989FFB0616AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A2C55B2-0A4C-495A-94FC-0712E99F463E}" = rport=138 | protocol=17 | dir=out | app=system |
"{A9DDA244-A4B1-4095-A252-352C3A4D70BD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB7F73ED-4A9B-442E-BBD7-6FD42EA57E73}" = lport=139 | protocol=6 | dir=in | app=system |
"{BBE57936-668C-4A63-B881-136D1297FAAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5665E03-FDDA-41C4-AC9F-3ADB1DAC7DE4}" = lport=138 | protocol=17 | dir=in | app=system |
"{DA786DF6-BA89-49CE-A817-7ED3E25B3FBA}" = lport=445 | protocol=6 | dir=in | app=system |
"{DB868C6B-F52E-4972-8719-ADDFF9E77BEC}" = rport=139 | protocol=6 | dir=out | app=system |
"{F8755E77-6AB6-41B4-9F32-9C5BA4827D51}" = lport=137 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B71C2DF-4252-443E-9DBD-388D2B9E7144}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{194AC8CB-0895-40D1-8676-264075E8E41D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1A0B42FD-BB7C-4F53-A8B0-6BF992D537AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A972EDD-060E-4841-A961-C85DBD06947D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1DF23F37-2081-433C-9733-B1F1C094C9E1}" = protocol=6 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe |
"{21211307-0A76-446D-964C-5CD830AD1228}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\star wars - the old republic\launcher.exe |
"{284FA45B-B622-491F-BBFE-E908BB0EAAAA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2863E1F1-F5EF-4A19-81AF-D2DC87AB1451}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{2969915D-48B5-4536-8287-6A7B680ADB65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{497A6276-C84D-4AFD-ABB5-8E9A0A90E77C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe |
"{5A55004D-8099-4FA4-8FE8-8896A68040CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5E85D880-B01A-434A-9B55-238C93285957}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5F6D52D0-A388-4397-827D-B1E3458FB90B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63A200C5-BD29-41FA-9810-B6D388CF5372}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
"{65CE6DF4-A82A-4E1D-8DF6-A55318A30C75}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6CF0F469-5C2A-4200-BD31-D0C8F2F5B9EA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{6D175E44-54E7-4AB0-9029-51E8CB4589A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FBE7749-6129-400C-A0C5-AB707EE41C11}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{76D19408-3DEB-4613-A24A-D605E12A273A}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{7AB2C367-7E61-472F-9AC7-B04778177FCB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7AEF7A29-5BE0-4E1A-80A7-737A48F6190F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8D9363F3-E7BB-4F3D-98A8-D66263FCE3CA}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
"{8FEF9E21-96F0-4F9A-A7BC-C6D9323726E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe |
"{90027F42-FCDC-44A6-B820-1A01230EB7D9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9381FFC7-9D17-4A3E-90DD-C2DFEA6B28CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{984B7067-D2CA-4350-8880-AB6733CC1667}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{993A979C-E059-4DFC-B277-EA1D53CAED4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9E6F57D8-0F4F-4EB4-A407-D725932775B1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{A506929A-6438-41AE-B291-98BA15E6234E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\star wars - the old republic\launcher.exe |
"{AB66DBE2-BAC6-4491-97A5-3BE55A60EB4B}" = protocol=6 | dir=out | app=system |
"{AEF18C25-28B4-4D00-9B5A-6A834099BBDD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE8759F4-C72D-4DE2-8FE9-E64EF0544B79}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C3C7D8BC-FD19-4A73-AFF8-274798BFB743}" = protocol=17 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe |
"{CD4CECDA-2CB1-4879-BC39-0DC8338ED3FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0100B5B-E60F-40D9-AB70-71A5ED34A64E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D0CD1FC4-3348-4E35-87A2-1ABB981FC8D7}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{D68F30F7-483B-486E-9D85-6EF61AE7980D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{D8C19521-F52A-445E-AEA3-DAC102925641}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{DD86C093-B3D1-433C-9A53-CEB0495ED7B5}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{DEB02804-B2F8-42F4-A8AF-324AF4CE71C7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E334D512-10F9-462E-AC94-5A1A2E07A1D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe |
"{E41FF75D-D7CC-4F6D-BB55-BA7B852C3688}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EFE79E4A-4BDC-4F8B-83FB-05498BE7BA33}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0E3172D-1CC4-46A6-899F-D20ED472C1F5}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{F3B06FD4-E3D7-44C7-92AA-19FA60D2A54B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6129A19-53AA-4262-93C3-B56EF918BE94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe |
"{F971813C-A066-4219-B72F-04D24058F187}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FBC9DFED-23FC-4CF9-9510-BFB9317CC45D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{080124C2-1E04-4243-A3C2-C22C908197B6}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"TCP Query User{0E4FD924-A82A-421E-B63B-670E337C0AC0}C:\program files (x86)\achat\achat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\achat\achat.exe |
"TCP Query User{26CEE0C0-1FE8-4801-98BA-16EDAAF48C06}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"TCP Query User{49A917EC-CEBD-4ED8-8FBE-576ADEE372C8}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe |
"TCP Query User{57467F4C-6AA1-426D-93D2-23A11926EAD0}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"TCP Query User{5BB88F56-9899-4197-B2D7-4478270F9735}C:\program files (x86)\achat\achat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\achat\achat.exe |
"TCP Query User{788AFC9D-892B-4BBB-90CF-BF7DBB6521E8}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{FF2F4937-FB21-4D41-8AFC-21C556C02442}C:\program files (x86)\ad talk\ad talk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe |
"UDP Query User{16006B64-D67E-471A-904E-12F46D53C135}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{2B223835-467E-4A5D-ABD2-E2721719EFD6}C:\program files (x86)\ad talk\ad talk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe |
"UDP Query User{4BC95F01-3A3A-4E94-A4D9-0C5E94C71098}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"UDP Query User{650A81CD-026C-4028-9C2A-FAA3D80A3065}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{A463C496-3A70-4FE1-BD2A-3882414C7FCE}C:\program files (x86)\achat\achat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\achat\achat.exe |
"UDP Query User{C6C47C5E-9419-41EF-9EC5-906606DFCE51}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe |
"UDP Query User{E82A1280-FCBF-4918-8BAA-51B70B9E1CC9}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"UDP Query User{FB3F8E85-11DF-49E5-A863-87DF47941D80}C:\program files (x86)\achat\achat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\achat\achat.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1" = Free Opener
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Blender" = Blender
"CCleaner" = CCleaner
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Pen Tablet Driver" = Bamboo
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08FD4323-8909-4973-BD2E-7250D2D93D0C}_is1" = Auto Mouse Mover 1.3.3
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E00F999C-80D1-460F-BCE1-CD0140215CBC}}_is1" = openCanvas 5.1.04
"{E010C6F5-3EE2-4293-A461-0FFCF4CF01A5}" = Sound Blaster World of Warcraft Wireless Headset
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"5513-1208-7298-9440" = JDownloader 0.9
"AChat_is1" = AChat v0.150
"AD Talk" = AD Talk
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AudibleManager" = AudibleManager
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.4.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"EVEMon" = EVEMon
"Google Chrome" = Google Chrome
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenVPN" = OpenVPN 2.1_rc22
"Opera 11.61.1250" = Opera 11.61
"Origin" = Origin
"PCstunnel" = PCstunnel
"ShadowExplorer_is1" = ShadowExplorer 0.8
"Steam App 8510" = EVE Online Demo
"SysInfo" = Creative Systeminformationen
"The Secret World_is1" = The Secret World
"VLC media player" = VLC media player 2.0.0
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fc3cd95d63145b11" = RightNow (frogster)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.05.2012 13:37:05 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 7040
Description =
 
Error - 23.05.2012 13:37:05 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 7042
Description =
 
Error - 23.05.2012 13:37:06 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 9002
Description =
 
Error - 23.05.2012 13:37:06 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 3029
Description =
 
Error - 23.05.2012 13:37:08 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 3029
Description =
 
Error - 23.05.2012 13:37:08 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 3028
Description =
 
Error - 23.05.2012 13:37:08 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 3058
Description =
 
Error - 23.05.2012 13:37:08 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 7010
Description =
 
Error - 23.05.2012 13:41:35 | Computer Name = Nanapi-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Nanapi\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 23.05.2012 13:50:17 | Computer Name = Nanapi-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.43.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 17dc    Startzeit:
 01cd390b9b29b172    Endzeit: 8    Anwendungspfad: C:\Users\Nanapi\Downloads\OTL.exe    Berichts-ID:
 b1d543c2-a4ff-11e1-a590-002511a295ca 
 
[ System Events ]
Error - 22.05.2012 08:59:48 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EPSON V3 Service4(01)" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%2
 
Error - 22.05.2012 09:21:56 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 22.05.2012 09:21:56 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 22.05.2012 11:15:52 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 22.05.2012 11:15:52 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 22.05.2012 17:49:13 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 22.05.2012 17:49:13 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 23.05.2012 10:42:31 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 23.05.2012 13:37:08 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 23.05.2012 13:37:08 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
 
< End of report >
--- --- ---

kira 24.05.2012 06:47
1.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
:OTL
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012.05.23 19:36:52 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.23 19:22:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.23 12:12:21 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.23 12:12:19 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

:Files
C:\Users\Nanapi\AppData\Roaming\Babylon
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

2.
Am besten alle verschlüsselten Daten extern sichern (auf leere USB-Stick oder ext. Festplatte). Dann mit Entschlüsselung beginnen. Also am Computer sollen die geänderten Daten um Nummer sicher zu gehen zuerst unberührt bleiben
Wenn alles gut geht, kannst Du dann am PC weiter machen

3.
Vorgehen beim Verschlüsselungs-Trojaner :-> http://www.trojaner-board.de/114783-...ubersicht.html
► SemperVideo hat ein Video zum Thema erstellt.
weitere Tipps:
-> Trustezeb.A Decryptor
** Außerdem kannst versuchen die verschlüsselte Dateien auf einen leeren USB Stick speichern. Wenn Du weiß was für dateien sind (z.B *.jpg, *.doc usw) dann benenne sie alle wieder in Originalform wie vorher, also z.B in eine .jpg Datei

Nanapi 24.05.2012 11:05
1:
Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
========== FILES ==========
C:\Users\Nanapi\AppData\Roaming\Babylon folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Nanapi\Downloads\cmd.bat deleted successfully.
C:\Users\Nanapi\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Nanapi
->Temp folder emptied: 416965 bytes
->Temporary Internet Files folder emptied: 1377749 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 256492511 bytes
->Google Chrome cache emptied: 14768129 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 3578 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1825 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 13576831 bytes
 
Total Files Cleaned = 273,00 mb
 
 
OTL by OldTimer - Version 3.2.43.1 log created on 05242012_112627

Files\Folders moved on Reboot...
C:\Users\Nanapi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
2. und 3.

Ich hab nun ein Bilderpärchen auf meinen USB stick gezogen unf leder schein es nicht zu funktionieren, mit kneinen der Programme. Dr. Web und DecryptHelper sagen mir, dass es sich um die selbe datei handelt. Einer will die verschlüsselte Datei gar nicht erst erkennen weil sie kein "logged" davor hat und und die restlichen machen leider gar nichts :/
Ich kann einige Bilder mit einem .jp versehen oder direkt in der Bildervorschau ansehen, das scheint aber nur ein minimaler teil zu sein. Selbes habe ich mit .txt dokumenten versucht. Die Funktionieren gar nicht auf diese Weise.

kira 25.05.2012 07:21
die Empfohlene Anleitungen stehen Dir (mir auch) momentan zur Verfügung. Ansonsten alle Verschlüsselte Daten sichern, vlt gelingt es bald ein Gegenmittel herzustellen. Die Experten arbeiten sehr intensiv daran, hoffentlich gibt es bald eine Lösung, die funktioniert:daumenhoc


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:45 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131