Hallo,

leider hat es auch mich erwischt mit dem Trojaner.

Ich nutze Win7 64bit auf einem Acer Desktop PC. Ich konnte zwar, nachdem der Trojaner alles Lahm legte, über den Taskmanager das übel ausschalten, doch leider hat es mir jegliche Dokumente, Musik- und Videodateien sowie alle Bilder, zerhauen. Die dateien haben Namen wie "JUGstUfDXaeapALEnqAQO" ohne Datei-Endung

Ich habe Malwarebytes mittlerweile drüberlaufen lassen und alle Schädlinge mit diesem Programm entfernt (Es hat ca. 4 Neustarts gebraucht um und bei jedem erneuten Durchlauf endlich keine Meldung mehr zu bekommen), Der Rechner lässt sich wieder normal starten, scheint keine Mucken mehr zu machen, bis auf die verschlüsselten Dokumente. Ich wäre wirklich froh wenn es sich irgendwie einrichten lässt, die Laufwerke "D" und "M" (eben jede auf denen ich diese Sachen alle gespeichert habe) wieder auf Vordermann zu bekommen, zwar bin ich schon froh um die Formatierung herumzukommen, aber leider hat selbst die Wiederherstellung auf einen 4 Tage alten Speicherpunkt nichts gebracht da dieser offensichtlich nur Laufwerk "C" beinflusst.

Gerne geben ich jegliche Informationen raus, die benötigt werden um dem Problem eventuell auf den Grund zu gehen.

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

• "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
  - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
  - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
• Charakteristische Merkmale/Profilinformationen:
  - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
• Die Systemprüfung und Bereinigung:
  - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
• Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
• Innerhalb der Betreuungszeit:
  - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
• Die Reihenfolge:
  - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
• GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
• Ansonsten unsere Forumsregeln:
  - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
• Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Zitat:

Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems

Falls du doch für die Systemreinigung entscheidest:
► Ich kann Dir beim Entfernen der Malware helfen, aber mit dem Verschlüsselung aufheben wird schwieriger...kann sein, dass wir nur ein Teil vom großen & Ganzen entschlüsseln können, oder eben garnix davon!

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes
(alle vorhandenen Protokolle!)
         

2.
Am besten alle verschlüsselten Daten extern sichern (auf leere USB-Stick oder ext. Festplatte). Dann mit Entschlüsselung beginnen. Also am Computer sollen die geänderten Daten um Nummer sicher zu gehen zuerst unberührt bleiben
Wenn alles gut geht, kannst Du dann am PC weiter machen

3.
Vorgehen beim Verschlüsselungs-Trojaner :-> http://www.trojaner-board.de/114783-...ubersicht.html
► SemperVideo hat ein Video zum Thema erstellt.
** Außerdem kannst versuchen die verschlüsselte Dateien auf einen leeren USB Stick speichern. Wenn Du weiß was für dateien sind (z.B *.jpg, *.doc usw) dann benenne sie alle wieder in Originalform wie vorher, also z.B in eine .jpg Datei

4.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.

5.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

• Download den CCleaner herunter
  
• Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
• starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
• ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

gruß
kira

Danke Schonmal für die Antwort, hier habe ich schoneinmal den Malwarebytes Bericht:

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.23.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Nanapi :: NANAPI-PC [Administrator]

Schutz: Aktiviert

23.05.2012 11:04:40
mbam-log-2012-05-23 (11-04-40).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222482
Laufzeit: 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Zu den Punkten 2 und 3:

Ich habe soeben mit einem Beispielbild versucht die Datei wieder in eine .jpg zu ändern (auf einem USB Stick) und es hat funktioniert! Ich hoffe das ist schonmal die halbe Miete.

Zu Punkt 4:
OTL.txt
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 23.05.2012 11:19:43 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\Nanapi\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,98 Gb Available Physical Memory | 74,73% Memory free
16,00 Gb Paging File | 13,70 Gb Available in Paging File | 85,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,95 Gb Total Space | 265,48 Gb Free Space | 57,97% Space Free | Partition Type: NTFS
Drive D: | 360,81 Gb Total Space | 335,14 Gb Free Space | 92,89% Space Free | Partition Type: NTFS
Drive F: | 497,05 Mb Total Space | 405,32 Mb Free Space | 81,54% Space Free | Partition Type: FAT
Drive M: | 97,66 Gb Total Space | 65,49 Gb Free Space | 67,06% Space Free | Partition Type: NTFS
 
Computer Name: NANAPI-PC | User Name: Nanapi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Nanapi\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\PCstunnel\stunnel.exe (**)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\DisplayFusion\AppHookx86.exe (Binary Fortress Software)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\AChat\AChat.exe (AChat team)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\PCstunnel\ZLIB1.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (sesvc) -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (WRfiltv) -- C:\Windows\SysNative\drivers\WRfiltv.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 80 7F 7D CA FB CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109989&babsrc=SP_ss&mntrId=0606b79a000000000000002511a295ca
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 174.142.166.19:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 15:50:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.06 22:23:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.03.06 22:23:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nanapi\AppData\Roaming\mozilla\Extensions
[2012.05.22 23:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nanapi\AppData\Roaming\mozilla\Firefox\Profiles\75y9d9j9.default\extensions
[2012.04.25 15:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\NANAPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\75Y9D9J9.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.04.25 15:50:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.16 03:03:07 | 000,000,905 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 10.6.0.2 www.emea.alchemicdream.org
O1 - Hosts: www.emea.alchemicdream.org to 10.6.0.1
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AChat] C:\Program Files (x86)\AChat\AChat.exe (AChat team)
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_SD0A7.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] "M:\utorrent\uTorrent.exe"  /MINIMIZED File not found
O4 - Startup: C:\Users\Nanapi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AD Talk.lnk = C:\Program Files (x86)\AD Talk\AD Talk.exe (Deckers & Staelens VOF)
O4 - Startup: C:\Users\Nanapi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Nanapi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PCstunnel.lnk = C:\Program Files (x86)\PCstunnel\stunnel.exe (Michal Trojnara)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BC62D34-F182-43D9-8A3A-E228EDD5D5E0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6433050e-67bb-11e1-ad09-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6433050e-67bb-11e1-ad09-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.22 19:06:52 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\www.shadowexplorer.com
[2012.05.22 19:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2012.05.22 19:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShadowExplorer
[2012.05.22 17:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.22 17:44:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.22 16:23:06 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\Malwarebytes
[2012.05.22 16:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.22 16:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.22 16:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Inspector File Recovery
[2012.05.22 15:34:52 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\Avira
[2012.05.22 15:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.05.22 15:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.05.14 21:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012.05.14 21:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012.05.11 15:33:21 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\SFBot
[2012.05.11 15:33:06 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\Desktop\sf
[2012.05.10 22:45:17 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Local\Funcom
[2012.05.10 22:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom
[2012.05.10 22:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funcom
[2012.05.09 16:54:37 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.05.09 16:54:37 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.09 16:54:37 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.05.09 16:54:37 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.05.09 16:54:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.05.09 16:54:17 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.09 16:54:16 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.09 16:54:16 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.09 13:03:20 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\.thumbnails
[2012.05.09 13:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2012.05.09 13:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2012.05.04 17:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012.04.27 14:50:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.04.27 14:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012.04.27 14:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012.04.27 14:31:14 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Local\WinZip
[2012.04.27 14:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012.04.27 14:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2012.04.27 14:29:47 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\uTorrent
[2012.04.25 15:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.25 15:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.23 11:12:53 | 001,612,560 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.23 11:12:53 | 000,696,638 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.23 11:12:53 | 000,651,956 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.23 11:12:53 | 000,147,934 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.23 11:12:53 | 000,120,888 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.23 11:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.23 10:49:11 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 10:49:11 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 10:41:40 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012.05.23 10:41:34 | 2146,807,807 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.22 23:35:10 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012.05.22 23:35:10 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012.05.22 23:23:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA(51).DAT
[2012.05.22 23:22:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat(36).dat
[2012.05.22 19:06:44 | 000,001,885 | ---- | M] () -- C:\Users\Nanapi\Desktop\ShadowExplorer.lnk
[2012.05.22 17:44:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.22 14:41:18 | 000,000,000 | ---- | M] () -- C:\Users\Nanapi\Desktop\LsLAqLAELAvgrvguvgs
[2012.05.14 21:43:36 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.10 23:59:36 | 000,000,554 | ---- | M] () -- C:\Users\Nanapi\Desktop\XGVvElUJApGuyasd
[2012.05.10 22:45:16 | 000,001,203 | ---- | M] () -- C:\Users\Public\Desktop\The Secret World.lnk
[2012.05.10 12:55:11 | 002,222,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.09 13:02:59 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Blender.lnk
[2012.05.07 23:19:16 | 000,001,405 | ---- | M] () -- C:\Users\Nanapi\Desktop\Photoshop (2) - Verknüpfung.lnk
[2012.05.05 15:01:08 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.05 15:01:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.05 15:01:03 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.29 15:47:45 | 001,565,686 | ---- | M] () -- C:\Users\Nanapi\Desktop\VGUGdfxaeDTsXaeL
[2012.04.29 15:47:45 | 001,565,686 | ---- | M] () -- C:\Users\Nanapi\Desktop\mcpatcher-2.3.6_02.exe
[2012.04.29 15:25:01 | 000,278,561 | ---- | M] () -- C:\Users\Nanapi\Desktop\Minecraft(1).exe
 
========== Files Created - No Company Name ==========
 
[2012.05.22 23:31:15 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012.05.22 23:31:15 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012.05.22 19:06:44 | 000,001,885 | ---- | C] () -- C:\Users\Nanapi\Desktop\ShadowExplorer.lnk
[2012.05.22 17:44:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.22 16:45:08 | 000,879,394 | ---- | C] () -- C:\Users\Nanapi\Desktop\Chrysanthemum.jpg
[2012.05.22 16:45:08 | 000,845,941 | ---- | C] () -- C:\Users\Nanapi\Desktop\Desert.jpg
[2012.05.22 16:45:08 | 000,780,831 | ---- | C] () -- C:\Users\Nanapi\Desktop\Koala.jpg
[2012.05.22 16:45:08 | 000,777,835 | ---- | C] () -- C:\Users\Nanapi\Desktop\Penguins.jpg
[2012.05.22 16:45:08 | 000,620,888 | ---- | C] () -- C:\Users\Nanapi\Desktop\Tulips.jpg
[2012.05.22 16:45:08 | 000,595,284 | ---- | C] () -- C:\Users\Nanapi\Desktop\Hydrangeas.jpg
[2012.05.22 16:45:08 | 000,561,276 | ---- | C] () -- C:\Users\Nanapi\Desktop\Lighthouse.jpg
[2012.05.22 16:43:36 | 000,027,648 | ---- | C] () -- C:\Users\Nanapi\Desktop\VuAefJNoXxgEeGOnyXdQj
[2012.05.22 16:43:36 | 000,027,648 | ---- | C] () -- C:\Users\Nanapi\Desktop\unDdGNATsNLatgJ
[2012.05.22 16:43:36 | 000,022,324 | ---- | C] () -- C:\Users\Nanapi\Desktop\ryXsNqXeVdvsVvLlnlUO
[2012.05.22 16:43:36 | 000,022,020 | ---- | C] () -- C:\Users\Nanapi\Desktop\pxvALDdgolUvEe
[2012.05.22 16:43:36 | 000,021,146 | ---- | C] () -- C:\Users\Nanapi\Desktop\UQEedrEjTVvATfJNEX
[2012.05.14 21:22:37 | 000,001,207 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.10 22:45:16 | 000,001,203 | ---- | C] () -- C:\Users\Public\Desktop\The Secret World.lnk
[2012.05.09 13:02:59 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Blender.lnk
[2012.05.07 23:19:31 | 000,001,405 | ---- | C] () -- C:\Users\Nanapi\Desktop\Photoshop (2) - Verknüpfung.lnk
[2012.04.29 15:47:42 | 001,565,686 | ---- | C] () -- C:\Users\Nanapi\Desktop\VGUGdfxaeDTsXaeL
[2012.04.29 15:47:42 | 001,565,686 | ---- | C] () -- C:\Users\Nanapi\Desktop\mcpatcher-2.3.6_02.exe
[2012.04.29 15:25:01 | 000,278,561 | ---- | C] () -- C:\Users\Nanapi\Desktop\Minecraft(1).exe
[2012.04.27 14:53:48 | 000,000,872 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2012.04.27 14:52:45 | 000,000,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2012.04.27 14:51:46 | 000,001,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2012.04.27 14:51:38 | 000,000,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
[2012.04.27 14:50:28 | 000,000,846 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
[2012.03.26 16:03:36 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.03.26 15:13:58 | 001,588,838 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.07 20:32:17 | 000,001,801 | ---- | C] () -- C:\Windows\WRcfg.ini
[2012.03.07 20:32:17 | 000,000,388 | ---- | C] () -- C:\Windows\WRMCcfg.ini
[2012.03.07 20:32:16 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.03.07 20:32:16 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

< End of report >
         

--- --- ---


Extras.txt
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 23.05.2012 11:19:43 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\Nanapi\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,98 Gb Available Physical Memory | 74,73% Memory free
16,00 Gb Paging File | 13,70 Gb Available in Paging File | 85,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,95 Gb Total Space | 265,48 Gb Free Space | 57,97% Space Free | Partition Type: NTFS
Drive D: | 360,81 Gb Total Space | 335,14 Gb Free Space | 92,89% Space Free | Partition Type: NTFS
Drive F: | 497,05 Mb Total Space | 405,32 Mb Free Space | 81,54% Space Free | Partition Type: FAT
Drive M: | 97,66 Gb Total Space | 65,49 Gb Free Space | 67,06% Space Free | Partition Type: NTFS
 
Computer Name: NANAPI-PC | User Name: Nanapi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06248BC0-EA70-4B32-B915-F222365A48BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0B31D0C1-A874-4A9D-BE60-625A99338F03}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{1F18F33E-2C92-4568-AF6D-FFF2137E8607}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{226D70CB-B3F5-410C-977E-46456A13DD76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{30C8F297-0D3C-40EF-9621-3E22C7B125AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{31B8A62B-4770-46BA-BD85-1395A487FB03}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3CFB4309-9C0A-4D24-A049-8D207388EB21}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4D44EB6C-03C2-4B52-B7C1-BE65C2FEA92C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5D69EFA4-AF7C-4196-9094-AB719EE591C4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{80B89988-9D3E-4309-A0C0-355534466E4A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{81700DA7-AC37-42D7-A398-F79638CD9F54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{862E4826-E4F6-41AE-8CC9-AEA745871284}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8D539E87-7808-467A-90E4-1FAF0B80E8EA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8D72B97B-5EB7-47D2-844A-571309556963}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{925DE13B-920F-4909-B766-130A91BC6C96}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{99100CAD-B7B2-4FA5-8934-989FFB0616AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9A2C55B2-0A4C-495A-94FC-0712E99F463E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A9DDA244-A4B1-4095-A252-352C3A4D70BD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BB7F73ED-4A9B-442E-BBD7-6FD42EA57E73}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BBE57936-668C-4A63-B881-136D1297FAAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D5665E03-FDDA-41C4-AC9F-3ADB1DAC7DE4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DA786DF6-BA89-49CE-A817-7ED3E25B3FBA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DB868C6B-F52E-4972-8719-ADDFF9E77BEC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F8755E77-6AB6-41B4-9F32-9C5BA4827D51}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014D30DA-E7BC-43EA-AC26-E767613B465F}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{0B71C2DF-4252-443E-9DBD-388D2B9E7144}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{127F4632-8877-4D32-BCAC-D21A7DF41E1F}" = protocol=17 | dir=in | app=m:\utorrent\utorrent.exe | 
"{194AC8CB-0895-40D1-8676-264075E8E41D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1A0B42FD-BB7C-4F53-A8B0-6BF992D537AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1A972EDD-060E-4841-A961-C85DBD06947D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1B0D02E3-76CD-44C9-8C0A-544768E255B4}" = protocol=6 | dir=in | app=d:\games\mass effect\binaries\masseffect.exe | 
"{1DF23F37-2081-433C-9733-B1F1C094C9E1}" = protocol=6 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe | 
"{21211307-0A76-446D-964C-5CD830AD1228}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\star wars - the old republic\launcher.exe | 
"{284FA45B-B622-491F-BBFE-E908BB0EAAAA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2863E1F1-F5EF-4A19-81AF-D2DC87AB1451}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
"{2969915D-48B5-4536-8287-6A7B680ADB65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{497A6276-C84D-4AFD-ABB5-8E9A0A90E77C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe | 
"{4B8CC211-426C-429F-9279-DB132294DB04}" = protocol=17 | dir=in | app=d:\games\mass effect\binaries\masseffect.exe | 
"{5A55004D-8099-4FA4-8FE8-8896A68040CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5E85D880-B01A-434A-9B55-238C93285957}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5F6D52D0-A388-4397-827D-B1E3458FB90B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{63A200C5-BD29-41FA-9810-B6D388CF5372}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe | 
"{65CE6DF4-A82A-4E1D-8DF6-A55318A30C75}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6CF0F469-5C2A-4200-BD31-D0C8F2F5B9EA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{6D175E44-54E7-4AB0-9029-51E8CB4589A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6FBE7749-6129-400C-A0C5-AB707EE41C11}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{76D19408-3DEB-4613-A24A-D605E12A273A}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{783B5E0E-EF13-4C72-A0B3-B923F7EBABE0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{7AB2C367-7E61-472F-9AC7-B04778177FCB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{7AEF7A29-5BE0-4E1A-80A7-737A48F6190F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8D9363F3-E7BB-4F3D-98A8-D66263FCE3CA}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe | 
"{8FEF9E21-96F0-4F9A-A7BC-C6D9323726E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe | 
"{90027F42-FCDC-44A6-B820-1A01230EB7D9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9381FFC7-9D17-4A3E-90DD-C2DFEA6B28CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{984B7067-D2CA-4350-8880-AB6733CC1667}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{993A979C-E059-4DFC-B277-EA1D53CAED4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9E6F57D8-0F4F-4EB4-A407-D725932775B1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{A506929A-6438-41AE-B291-98BA15E6234E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\star wars - the old republic\launcher.exe | 
"{AB66DBE2-BAC6-4491-97A5-3BE55A60EB4B}" = protocol=6 | dir=out | app=system | 
"{AEF18C25-28B4-4D00-9B5A-6A834099BBDD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AF93B265-2E8F-44D1-A65C-532CAE030B20}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{BE8759F4-C72D-4DE2-8FE9-E64EF0544B79}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C3C7D8BC-FD19-4A73-AFF8-274798BFB743}" = protocol=17 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe | 
"{CD4CECDA-2CB1-4879-BC39-0DC8338ED3FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD76FB3E-9112-4AB5-BBFB-5EDCDFE4D92D}" = protocol=6 | dir=in | app=d:\games\mass effect\masseffectlauncher.exe | 
"{D0100B5B-E60F-40D9-AB70-71A5ED34A64E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D0CD1FC4-3348-4E35-87A2-1ABB981FC8D7}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{D68F30F7-483B-486E-9D85-6EF61AE7980D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{D8C19521-F52A-445E-AEA3-DAC102925641}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{DD86C093-B3D1-433C-9A53-CEB0495ED7B5}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
"{DEB02804-B2F8-42F4-A8AF-324AF4CE71C7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DF175AC8-A4CA-4C80-8FAE-91EC3BE3385E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{E334D512-10F9-462E-AC94-5A1A2E07A1D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe | 
"{E41FF75D-D7CC-4F6D-BB55-BA7B852C3688}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{EFE79E4A-4BDC-4F8B-83FB-05498BE7BA33}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F0E3172D-1CC4-46A6-899F-D20ED472C1F5}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{F3B06FD4-E3D7-44C7-92AA-19FA60D2A54B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F6129A19-53AA-4262-93C3-B56EF918BE94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe | 
"{F971813C-A066-4219-B72F-04D24058F187}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F9724F1E-656B-41A0-A0E4-BD62A3EF3B0B}" = protocol=6 | dir=in | app=m:\utorrent\utorrent.exe | 
"{FBC9DFED-23FC-4CF9-9510-BFB9317CC45D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD50A586-17AB-482B-B3E4-2C725EA49D24}" = protocol=17 | dir=in | app=d:\games\mass effect\masseffectlauncher.exe | 
"TCP Query User{080124C2-1E04-4243-A3C2-C22C908197B6}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"TCP Query User{0E4FD924-A82A-421E-B63B-670E337C0AC0}C:\program files (x86)\achat\achat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\achat\achat.exe | 
"TCP Query User{26CEE0C0-1FE8-4801-98BA-16EDAAF48C06}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{32D08A13-484D-41A2-AB96-3951E01BE1B7}C:\program files (x86)\diablo iii beta\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"TCP Query User{49A917EC-CEBD-4ED8-8FBE-576ADEE372C8}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe | 
"TCP Query User{57467F4C-6AA1-426D-93D2-23A11926EAD0}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"TCP Query User{5BB88F56-9899-4197-B2D7-4478270F9735}C:\program files (x86)\achat\achat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\achat\achat.exe | 
"TCP Query User{788AFC9D-892B-4BBB-90CF-BF7DBB6521E8}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{FF2F4937-FB21-4D41-8AFC-21C556C02442}C:\program files (x86)\ad talk\ad talk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe | 
"UDP Query User{16006B64-D67E-471A-904E-12F46D53C135}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{2B223835-467E-4A5D-ABD2-E2721719EFD6}C:\program files (x86)\ad talk\ad talk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe | 
"UDP Query User{4BC95F01-3A3A-4E94-A4D9-0C5E94C71098}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"UDP Query User{650A81CD-026C-4028-9C2A-FAA3D80A3065}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"UDP Query User{7B529A3C-3CC0-4530-8E8D-C2A3C216DBC0}C:\program files (x86)\diablo iii beta\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"UDP Query User{A463C496-3A70-4FE1-BD2A-3882414C7FCE}C:\program files (x86)\achat\achat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\achat\achat.exe | 
"UDP Query User{C6C47C5E-9419-41EF-9EC5-906606DFCE51}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe | 
"UDP Query User{E82A1280-FCBF-4918-8BAA-51B70B9E1CC9}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"UDP Query User{FB3F8E85-11DF-49E5-A863-87DF47941D80}C:\program files (x86)\achat\achat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\achat\achat.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1" = Free Opener
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Blender" = Blender
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Pen Tablet Driver" = Bamboo
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08FD4323-8909-4973-BD2E-7250D2D93D0C}_is1" = Auto Mouse Mover 1.3.3
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E00F999C-80D1-460F-BCE1-CD0140215CBC}}_is1" = openCanvas 5.1.04
"{E010C6F5-3EE2-4293-A461-0FFCF4CF01A5}" = Sound Blaster World of Warcraft Wireless Headset
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"5513-1208-7298-9440" = JDownloader 0.9
"AChat_is1" = AChat v0.150
"AD Talk" = AD Talk
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AudibleManager" = AudibleManager
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.4.0
"BabylonToolbar" = Babylon toolbar on IE
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"EVEMon" = EVEMon
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenVPN" = OpenVPN 2.1_rc22
"Opera 11.61.1250" = Opera 11.61
"Origin" = Origin
"PCstunnel" = PCstunnel
"ShadowExplorer_is1" = ShadowExplorer 0.8
"Steam App 8510" = EVE Online Demo
"SysInfo" = Creative Systeminformationen
"The Secret World_is1" = The Secret World
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.0
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fc3cd95d63145b11" = RightNow (frogster)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.05.2012 15:02:55 | Computer Name = Nanapi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TheSecretWorldDX11.exe, Version: 
1.0.0.0, Zeitstempel: 0x4fac9686  Name des fehlerhaften Moduls: TheSecretWorldDX11.exe,
 Version: 1.0.0.0, Zeitstempel: 0x4fac9686  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x005e2653  ID des fehlerhaften Prozesses: 0x23dc  Startzeit der fehlerhaften Anwendung:
 0x01cd2fa856e505c4  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Funcom\The
 Secret World\TheSecretWorldDX11.exe  Pfad des fehlerhaften Moduls: C:\Program Files
 (x86)\Funcom\The Secret World\TheSecretWorldDX11.exe  Berichtskennung: e9f58cb1-9b9b-11e1-810e-002511a295ca
 
Error - 11.05.2012 15:04:04 | Computer Name = Nanapi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TheSecretWorldDX11.exe, Version: 
1.0.0.0, Zeitstempel: 0x4fac9686  Name des fehlerhaften Moduls: TheSecretWorldDX11.exe,
 Version: 1.0.0.0, Zeitstempel: 0x4fac9686  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x005e2653  ID des fehlerhaften Prozesses: 0x1938  Startzeit der fehlerhaften Anwendung:
 0x01cd2fa8bcfa42fb  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Funcom\The
 Secret World\TheSecretWorldDX11.exe  Pfad des fehlerhaften Moduls: C:\Program Files
 (x86)\Funcom\The Secret World\TheSecretWorldDX11.exe  Berichtskennung: 132e8577-9b9c-11e1-810e-002511a295ca
 
Error - 12.05.2012 05:34:06 | Computer Name = Nanapi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TheSecretWorldDX11.exe, Version: 
1.0.0.0, Zeitstempel: 0x4fac9686  Name des fehlerhaften Moduls: TheSecretWorldDX11.exe,
 Version: 1.0.0.0, Zeitstempel: 0x4fac9686  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x004f80c5  ID des fehlerhaften Prozesses: 0x118c  Startzeit der fehlerhaften Anwendung:
 0x01cd30212c8682a4  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Funcom\The
 Secret World\TheSecretWorldDX11.exe  Pfad des fehlerhaften Moduls: C:\Program Files
 (x86)\Funcom\The Secret World\TheSecretWorldDX11.exe  Berichtskennung: 9de15e50-9c15-11e1-bbdc-002511a295ca
 
Error - 12.05.2012 18:24:33 | Computer Name = Nanapi-PC | Source = Application Hang | ID = 1002
Description = Programm launcher.exe, Version 3.1.9.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 15cc    Startzeit:
 01cd308ddaa05e20    Endzeit: 5    Anwendungspfad: C:\Program Files (x86)\Origin Games\Star
 Wars - The Old Republic\launcher.exe    Berichts-ID: 310638a7-9c81-11e1-bbdc-002511a295ca

 
Error - 22.05.2012 09:25:28 | Computer Name = Nanapi-PC | Source = Application Hang | ID = 1002
Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: e00    Startzeit: 01cd381e52ea9ba9    Endzeit: 6    Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE

Berichts-ID:
 95e7000c-a411-11e1-a6ff-002511a295ca  
 
Error - 22.05.2012 09:52:40 | Computer Name = Nanapi-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 22.05.2012 09:52:41 | Computer Name = Nanapi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RightNow.Installer.exe, Version: 
11.2.6.126, Zeitstempel: 0x4f235559  Name des fehlerhaften Moduls: KERNELBASE.dll,
 Version: 6.1.7600.16850, Zeitstempel: 0x4e211da1  Ausnahmecode: 0xe0434352  Fehleroffset:
 0x000000000000a88d  ID des fehlerhaften Prozesses: 0x864  Startzeit der fehlerhaften
 Anwendung: 0x01cd38215d084e08  Pfad der fehlerhaften Anwendung: C:\Users\Nanapi\AppData\Local\Apps\2.0\V1NM763D.BQD\PQECB571.7EL\righ..ster_a97a87e43982fbb5_000b.0002_a8e19043459aafca\RightNow.Installer.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 65ad9545-a415-11e1-be5a-002511a295ca
 
Error - 22.05.2012 10:05:52 | Computer Name = Nanapi-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 22.05.2012 10:05:53 | Computer Name = Nanapi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RightNow.Installer.exe, Version: 
11.2.6.126, Zeitstempel: 0x4f235559  Name des fehlerhaften Moduls: KERNELBASE.dll,
 Version: 6.1.7600.16850, Zeitstempel: 0x4e211da1  Ausnahmecode: 0xe0434352  Fehleroffset:
 0x000000000000a88d  ID des fehlerhaften Prozesses: 0x9d4  Startzeit der fehlerhaften
 Anwendung: 0x01cd3823fa8113b3  Pfad der fehlerhaften Anwendung: C:\Users\Nanapi\AppData\Local\Apps\2.0\V1NM763D.BQD\PQECB571.7EL\righ..ster_a97a87e43982fbb5_000b.0002_a8e19043459aafca\RightNow.Installer.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 3dc88bef-a417-11e1-be5a-002511a295ca
 
Error - 22.05.2012 18:02:37 | Computer Name = Nanapi-PC | Source = System Restore | ID = 8210
Description = 
 
[ System Events ]
Error - 20.05.2012 01:07:55 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 20.05.2012 01:07:55 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 22.05.2012 08:59:48 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EPSON V5 Service4(01)" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 22.05.2012 08:59:48 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EPSON V3 Service4(01)" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 22.05.2012 09:21:56 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 22.05.2012 09:21:56 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 22.05.2012 11:15:52 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 22.05.2012 11:15:52 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 22.05.2012 17:49:13 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 22.05.2012 17:49:13 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >
         

--- --- ---
und CCleaner:

Code: Alles auswählenAufklappen

ATTFilter

AChat v0.150	SourceForge.NET	09.03.2012		0.150
Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	04.05.2012	6,00MB	11.2.202.235
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	04.05.2012	6,00MB	11.2.202.235
Adobe Photoshop CS3	Adobe Systems Incorporated	22.05.2012	1.127MB	10.0
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	15.05.2012	121,5MB	10.1.3
AION Free-To-Play	Gameforge	25.03.2012	22,6MB	2.70.0000
Apple Application Support	Apple Inc.	13.03.2012	61,0MB	2.1.7
Apple Mobile Device Support	Apple Inc.	13.03.2012	24,9MB	5.1.1.4
Apple Software Update	Apple Inc.	13.03.2012	2,38MB	2.1.3.127
AudibleManager	Audible, Inc.	22.05.2012		2006659200.48.56.36113642
Auto Mouse Mover 1.3.3	MurGee.com	10.05.2012	0,73MB	1.3
Babylon toolbar on IE		22.05.2012		
Bamboo	Wacom Technology Corp.	18.04.2012		5.2.5-5
Blender	Blender Foundation	08.05.2012		2.63-release
Bonjour	Apple Inc.	13.03.2012	2,00MB	3.0.0.10
CCleaner	Piriform	22.05.2012		3.18
Creative Systeminformationen		22.05.2012		
DAEMON Tools Lite	DT Soft Ltd	22.05.2012		4.45.3.0297
Diablo III	Blizzard Entertainment	22.05.2012		1.0.1.9558
DisplayFusion 3.4.0	Binary Fortress Software	05.03.2012	7,23MB	3.4.0.0
EPSON SX210 Series Printer Uninstall	SEIKO EPSON Corporation	11.05.2012		
EVE Online Demo	CCP	22.05.2012		
EVEMon	battleclinic.com	22.05.2012		1.6.0.3464
Free Opener	EZ Freeware	25.03.2012	52,5MB	1.4
Google Chrome	Google Inc.	22.05.2012		19.0.1084.46
iTunes	Apple Inc.	28.03.2012	156,9MB	10.6.1.7
Java(TM) 6 Update 22	Oracle	25.03.2012	97,1MB	6.0.220
Java(TM) 6 Update 31	Oracle	24.03.2012	95,1MB	6.0.310
JDownloader 0.9	AppWork GmbH	22.05.2012		0.9
K-Lite Codec Pack 7.0.0 (Standard)		25.03.2012	33,0MB	7.0.0
Logitech Gaming Software 8.20	Logitech Inc.	06.03.2012	76,6MB	8.20.74
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	21.05.2012	18,0MB	1.61.0.1400
Mass Effect	Electronic Arts, Inc.	22.05.2012		1.00
Mass Effect™ 3	Electronic Arts	22.05.2012		1.0.0.0
McAfee Security Scan Plus	McAfee, Inc.	22.05.2012	8,30MB	2.0.181.2
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	25.03.2012	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	25.03.2012	2,94MB	4.0.30319
Microsoft .NET Framework 4 Extended	Microsoft Corporation	25.03.2012	52,0MB	4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	25.03.2012	10,7MB	4.0.30319
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	05.03.2012	0,42MB	8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	05.03.2012	0,77MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	25.03.2012	0,77MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	06.03.2012	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	05.03.2012	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	05.03.2012	13,8MB	10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	05.03.2012	11,1MB	10.0.40219
Mozilla Firefox 12.0 (x86 de)	Mozilla	22.05.2012	36,2MB	12.0
Mozilla Maintenance Service	Mozilla	22.05.2012	0,21MB	12.0
Mozilla Thunderbird 12.0.1 (x86 de)	Mozilla	22.05.2012	38,1MB	12.0.1
NC Launcher (GameForge)	NCsoft	22.05.2012		
NVIDIA 3D Vision Controller-Treiber 295.73	NVIDIA Corporation	05.03.2012		295.73
NVIDIA 3D Vision Treiber 295.73	NVIDIA Corporation	05.03.2012		295.73
NVIDIA Grafiktreiber 295.73	NVIDIA Corporation	05.03.2012		295.73
NVIDIA PhysX-Systemsoftware 9.12.0209	NVIDIA Corporation	05.03.2012		9.12.0209
NVIDIA Update 1.7.11	NVIDIA Corporation	05.03.2012		1.7.11
openCanvas 5.1.04	portalgraphics.net	18.04.2012	6,64MB	5.1.04
OpenOffice.org 3.3	OpenOffice.org	25.03.2012	415MB	3.3.9567
OpenVPN 2.1_rc22		22.05.2012		2.1_rc22
Opera 11.61	Opera Software ASA	22.05.2012		11.61.1250
Origin	Electronic Arts, Inc.	22.05.2012		8.5.0.4554
PCstunnel		22.05.2012		
ShadowExplorer 0.8	ShadowExplorer.com	21.05.2012		0.8.430.0
Skype™ 5.8	Skype Technologies S.A.	05.03.2012	19,0MB	5.8.158
Sound Blaster World of Warcraft Wireless Headset	Creative Technology Limited	22.05.2012		1.0
Star Wars: The Old Republic	Electronic Arts, Inc.	22.05.2012		1.0.0.0
Steam	Valve Corporation	05.03.2012	35,5MB	1.0.0.0
The Secret World	Funcom	09.05.2012		1.0.0
VLC media player 2.0.0	VideoLAN	22.05.2012		2.0.0
VoiceOver Kit	Apple Inc.	14.05.2012	41,8MB	1.42.128.0
WebTablet FB Plugin	Wacom Technology Corp.	22.05.2012		2.0.0.1
WebTablet IE Plugin	Wacom Technology Corp.	22.05.2012		1.1.0.12
WebTablet Netscape Plugin	Wacom Technology Corp.	22.05.2012		1.1.0.10
WinRAR 4.11 (64-Bit)	win.rar GmbH	06.03.2012		4.11.0
WinZip 16.0	WinZip Computing, S.L. 	26.04.2012	88,2MB	16.0.9715
µTorrent		22.05.2012		3.1.3
         

1.
Deinstalliere, falls unter Systemsteuerung-> Software/Programme existiert:

Code: Alles auswählenAufklappen

ATTFilter

Babylon toolbar <- Adware 
         

Leider oft tragen sich "ungebetene Gäste direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars

Zitat:

Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
die aktuelle Webseite als Startseite unter die Lupe nehmen
unter Extras ⇒ Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!

2.
Hast du es denn in der Hosts selbst eingetragen bzw absichtlich zugefügt? Wenn ja, warum?

Code: Alles auswählenAufklappen

ATTFilter

O1 - Hosts: 10.6.0.2 www.emea.alchemicdream.org
O1 - Hosts: www.emea.alchemicdream.org to 10.6.0.1
         

3.
Hast Du absichtlich die IP so als Proxy eingestellt?

Code: Alles auswählenAufklappen

ATTFilter

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 174.142.166.19:3128
         

Wenn ja, warum? Wenn nein:
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus
im Internet Explorer:
Extras => Internetoptionen => Verbindungen => Lan-Einstellungen
Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen.

4.
Wenn Du nicht absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten (vermutlich durch Adobe Reader), deinstalliere:

Code: Alles auswählenAufklappen

ATTFilter

McAfee Security Scan Plus
vermutlich über Adobe (Flash Player) auf dem rechner gelandet!
         

obwohl selbst die Programmierer/hersteller ein sehr gute Ruf hat, durch dieses "Helferprinzip" wird dein PC nicht noch mehr geschützt, aber beeinträchtigt die Systemleistung
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

5.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

• Starte die OTL.exe.
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :

Code: Alles auswählenAufklappen

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109989&babsrc=SP_ss&mntrId=0606b79a000000000000002511a295ca
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 174.142.166.19:3128
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6433050e-67bb-11e1-ad09-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6433050e-67bb-11e1-ad09-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         

• und füge es hier ein:
• Schließe alle Programme.
• Klicke auf den Fix Button.
• Klick auf .
• OTL verlangt einen Neustart. Bitte zulassen.
• Nach dem Neustart findest Du ein Textdokument.
  Kopiere den Inhalt hier in Deinen Thread.

6.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version für 64 Bit: Java(TM) 7 Update 4 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

7.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

8.
reinige dein System mit CCleaner:

• "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
• "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
• Starte dein System neu auf

9.

• lade Dir SUPERAntiSpyware FREE Edition herunter.
  Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
• installiere das Programm und update online.
• starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
• setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
• anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
• auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
• um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
• drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

10.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

11.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

12.
erneut einen Scan mit OTL:

• Doppelklick auf die OTL.exe
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
  Wähle bitte Standard-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.
• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
  Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.

damit ich weiß, welche Änderungen Du vorgenommen hast:

Zitat:

► Berichte mir kurz über alle Umsetzungsschritte (zu jedem Punkt), die Du erledigt hast!

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Hallo =)

1.
Is nun deinstalliert.

2. und 3.
Wurde bewusst so eingestellt, trozdem danke für den Hinweis!

4.
Ist nun auch deinstalliert.

5.

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6433050e-67bb-11e1-ad09-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6433050e-67bb-11e1-ad09-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6433050e-67bb-11e1-ad09-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6433050e-67bb-11e1-ad09-806e6f6e6963}\ not found.
File E:\setup.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Nanapi\Downloads\cmd.bat deleted successfully.
C:\Users\Nanapi\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Nanapi
->Temp folder emptied: 568570885 bytes
->Temporary Internet Files folder emptied: 35814832 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1174897889 bytes
->Google Chrome cache emptied: 13071030 bytes
->Opera cache emptied: 17242391 bytes
->Flash cache emptied: 70625 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 98352340 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46356772 bytes
RecycleBin emptied: 30934761520 bytes
 
Total Files Cleaned = 31.366,00 mb
 
 
OTL by OldTimer - Version 3.2.43.1 log created on 05232012_164231

Files\Folders moved on Reboot...
C:\Users\Nanapi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

6.
Java wurde Aktualisiert!

8.
wurde ebenfalls behoben.

9.

Code: Alles auswählenAufklappen

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/23/2012 at 06:02 PM

Application Version : 5.0.1150

Core Rules Database Version : 8635
Trace Rules Database Version: 6447

Scan type       : Complete Scan
Total Scan Time : 00:34:59

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned      : 599
Memory threats detected   : 0
Registry items scanned    : 68166
Registry threats detected : 0
File items scanned        : 91633
File threats detected     : 2

Trojan.Agent/Gen-InstallIQ
	C:\USERS\NANAPI\DOWNLOADS\FREEOPENER2.0.1.0.EXE
	C:\USERS\NANAPI\DOWNLOADS\UGJDPTYONUGSPSDGVQ
         

--Rest folgt--

leider ist kein bearbeiten mehr möglich, daher muss es so gehen..

11.
den Scan habe ich nun auch durchgeführt, leider keine Log datei ausgespuckt bekommen, hatte aber auch keine Funde.

12.
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 23.05.2012 19:50:47 - Run 3
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\Nanapi\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,74 Gb Available Physical Memory | 71,81% Memory free
16,00 Gb Paging File | 13,01 Gb Available in Paging File | 81,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,95 Gb Total Space | 281,05 Gb Free Space | 61,37% Space Free | Partition Type: NTFS
Drive D: | 360,81 Gb Total Space | 348,24 Gb Free Space | 96,52% Space Free | Partition Type: NTFS
Drive F: | 497,05 Mb Total Space | 489,72 Mb Free Space | 98,52% Space Free | Partition Type: FAT
Drive M: | 97,66 Gb Total Space | 65,49 Gb Free Space | 67,06% Space Free | Partition Type: NTFS
 
Computer Name: NANAPI-PC | User Name: Nanapi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.23 16:40:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Nanapi\Downloads\OTL.exe
PRC - [2012.05.23 14:48:00 | 000,040,960 | ---- | M] (RightNow Technologies, Inc.) -- C:\Users\Nanapi\AppData\Roaming\RightNow_Technologies\frogster\InitEngine\RightNow.InitEngine.exe
PRC - [2012.05.22 17:15:13 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.04.25 15:50:06 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.25 15:03:24 | 000,993,792 | ---- | M] (Deckers & Staelens VOF) -- C:\Program Files (x86)\AD Talk\AD Talk.exe
PRC - [2012.03.19 21:36:48 | 000,043,008 | ---- | M] (Alchemic Dream Inc.) -- C:\Users\Nanapi\Desktop\AD Ticket Counter.exe
PRC - [2012.03.06 22:19:49 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.01.12 12:11:24 | 000,118,784 | ---- | M] (Michal Trojnara) -- C:\Program Files (x86)\PCstunnel\stunnel.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.07 22:11:56 | 000,659,224 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe
PRC - [2011.08.25 16:35:06 | 000,095,640 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\AppHookx86.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009.11.16 20:59:28 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2007.01.25 00:07:34 | 002,851,328 | ---- | M] (AChat team) -- C:\Program Files (x86)\AChat\AChat.exe
PRC - [2006.11.17 18:42:46 | 000,053,341 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.22 17:15:13 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.05.22 17:15:12 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.05.22 17:15:12 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2012.05.22 17:15:12 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.05.22 17:15:12 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.05.10 13:14:03 | 000,624,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\41d68b79da934255ca82b466b93d7938\System.AddIn.ni.dll
MOD - [2012.05.10 13:14:03 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\59be5fb54e018032511415f0b0523ee3\System.AddIn.Contract.ni.dll
MOD - [2012.05.10 13:13:04 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\a5b389ddffcb10f23884f01c0e1954d9\WindowsFormsIntegration.ni.dll
MOD - [2012.05.10 13:13:04 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\0a80fd3af7e48eb9cc9099fee5814dff\UIAutomationTypes.ni.dll
MOD - [2012.05.10 13:13:04 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\05787d96761cf20b76b927ace10ef1d3\UIAutomationProvider.ni.dll
MOD - [2012.05.10 13:12:26 | 000,391,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f44e12702dadeae606b8eaca609b1336\System.Xml.Linq.ni.dll
MOD - [2012.05.10 13:12:22 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\371591225ee369c94784e24dc22f2e45\System.ServiceProcess.ni.dll
MOD - [2012.05.10 13:12:18 | 001,897,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\65f64efe2aec0291c18453af0c3eb19b\System.Web.Services.ni.dll
MOD - [2012.05.10 13:12:16 | 001,781,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\9b6f1bcb2cf4e6ad429cd721b942f30f\System.Xaml.ni.dll
MOD - [2012.05.10 13:12:14 | 012,076,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\e9f1e1c33ec639a0945a6a4f2458b7b4\System.Web.ni.dll
MOD - [2012.05.10 13:12:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\082473bbeed448eb13a7f348cf33e98f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 13:11:42 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\62c1a496dff99a6e5f5e4278d31ca4c1\Accessibility.ni.dll
MOD - [2012.05.10 02:27:45 | 017,998,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\52f7c62736eb9b6370632e7eb99bec83\PresentationFramework.ni.dll
MOD - [2012.05.10 02:27:32 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9eebaf24f66d6f75e35bb3df6af1c9aa\PresentationCore.ni.dll
MOD - [2012.05.10 02:27:23 | 003,856,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\933e8e44a2b9361822b29aae6070e2a2\WindowsBase.ni.dll
MOD - [2012.05.10 02:27:22 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ee6e30c355ec2ffab1525b42253f7aef\PresentationFramework.Aero.ni.dll
MOD - [2012.05.10 02:25:44 | 011,002,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Design\51dfa58af4a59e4af2a4c2363246af21\System.Design.ni.dll
MOD - [2012.05.10 02:25:39 | 013,196,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e3290e9cf0eced36ca662cf67df4a939\System.Windows.Forms.ni.dll
MOD - [2012.05.10 02:25:34 | 007,052,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012.05.10 02:25:31 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012.05.10 02:25:31 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c821be068070b07a9a339ab7152bc95e\System.Drawing.ni.dll
MOD - [2012.05.10 02:25:29 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012.05.10 02:25:28 | 000,729,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\efe46aa882d9ac31f7fbbdc004fc99d5\System.Security.ni.dll
MOD - [2012.05.10 02:25:27 | 009,090,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012.05.10 02:25:22 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012.05.05 15:01:08 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012.04.25 15:50:06 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.03.26 16:43:31 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.02.09 21:05:16 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012.01.05 12:28:36 | 000,067,584 | ---- | M] () -- C:\Program Files (x86)\PCstunnel\ZLIB1.dll
MOD - [2010.12.31 13:05:52 | 000,090,112 | ---- | M] () -- C:\Users\Nanapi\AppData\Roaming\RightNow_Technologies\frogster\SiteFiles\FunctionValidator.dll
MOD - [2004.08.28 01:47:21 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\AD Talk\libbind.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.22 17:15:13 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.05 15:01:09 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.27 14:49:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.04.25 15:50:06 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.07 20:32:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012.03.07 20:31:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe -- (sesvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.20 15:26:26 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009.11.16 20:59:28 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.12.18 01:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007.01.12 01:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.07 10:43:49 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.09.08 17:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2011.09.08 17:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011.09.08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.11.20 15:26:50 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.07.31 12:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WRfiltv.sys -- (WRfiltv)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 80 7F 7D CA FB CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 15:50:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.06 22:23:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.03.06 22:23:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nanapi\AppData\Roaming\mozilla\Extensions
[2012.05.22 23:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nanapi\AppData\Roaming\mozilla\Firefox\Profiles\75y9d9j9.default\extensions
[2012.04.25 15:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\NANAPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\75Y9D9J9.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.04.25 15:50:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nanapi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin:  Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\Nanapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Nanapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Nanapi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.12.16 03:03:07 | 000,000,905 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 10.6.0.2 www.emea.alchemicdream.org
O1 - Hosts: www.emea.alchemicdream.org to 10.6.0.1
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AChat] C:\Program Files (x86)\AChat\AChat.exe (AChat team)
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_SD0A7.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Nanapi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AD Talk.lnk = C:\Program Files (x86)\AD Talk\AD Talk.exe (Deckers & Staelens VOF)
O4 - Startup: C:\Users\Nanapi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Nanapi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PCstunnel.lnk = C:\Program Files (x86)\PCstunnel\stunnel.exe (Michal Trojnara)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BC62D34-F182-43D9-8A3A-E228EDD5D5E0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.23 17:07:19 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\SUPERAntiSpyware.com
[2012.05.23 17:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.05.23 17:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.05.23 17:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.05.23 16:42:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.23 12:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.23 12:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.05.23 12:12:15 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Local\Google
[2012.05.23 12:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.05.22 19:06:52 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\www.shadowexplorer.com
[2012.05.22 19:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2012.05.22 19:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShadowExplorer
[2012.05.22 17:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.22 17:44:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.22 16:23:06 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\Malwarebytes
[2012.05.22 16:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.22 16:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.22 16:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Inspector File Recovery
[2012.05.22 15:34:52 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\Avira
[2012.05.22 15:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.05.22 15:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.05.14 21:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012.05.14 21:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012.05.11 15:33:21 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\SFBot
[2012.05.11 15:33:06 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\Desktop\sf
[2012.05.10 22:45:17 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Local\Funcom
[2012.05.10 22:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom
[2012.05.10 22:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funcom
[2012.05.09 16:54:37 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.05.09 16:54:37 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.09 16:54:37 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.05.09 16:54:37 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.05.09 16:54:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.05.09 16:54:17 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.09 16:54:16 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.09 16:54:16 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.09 13:03:20 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\.thumbnails
[2012.05.09 13:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2012.05.09 13:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2012.05.04 17:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012.04.27 14:50:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.04.27 14:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012.04.27 14:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012.04.27 14:31:14 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Local\WinZip
[2012.04.27 14:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012.04.27 14:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2012.04.27 14:29:47 | 000,000,000 | ---D | C] -- C:\Users\Nanapi\AppData\Roaming\uTorrent
[2012.04.25 15:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.25 15:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.23 19:44:10 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 19:44:10 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 19:36:52 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.23 19:36:40 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012.05.23 19:36:34 | 2146,807,807 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.23 19:22:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.23 19:01:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.23 17:06:55 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.23 17:04:51 | 000,043,668 | ---- | M] () -- C:\Users\Nanapi\Documents\cc_20120523_170439.reg
[2012.05.23 11:12:53 | 001,612,560 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.23 11:12:53 | 000,696,638 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.23 11:12:53 | 000,651,956 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.23 11:12:53 | 000,147,934 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.23 11:12:53 | 000,120,888 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.22 23:35:10 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012.05.22 23:35:10 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012.05.22 23:23:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA(51).DAT
[2012.05.22 23:22:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat(36).dat
[2012.05.22 19:06:44 | 000,001,885 | ---- | M] () -- C:\Users\Nanapi\Desktop\ShadowExplorer.lnk
[2012.05.22 17:44:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.22 14:41:18 | 000,000,000 | ---- | M] () -- C:\Users\Nanapi\Desktop\LsLAqLAELAvgrvguvgs
[2012.05.14 21:43:36 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.10 23:59:36 | 000,000,554 | ---- | M] () -- C:\Users\Nanapi\Desktop\XGVvElUJApGuyasd
[2012.05.10 22:45:16 | 000,001,203 | ---- | M] () -- C:\Users\Public\Desktop\The Secret World.lnk
[2012.05.10 12:55:11 | 002,222,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.09 13:02:59 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Blender.lnk
[2012.05.07 23:19:16 | 000,001,405 | ---- | M] () -- C:\Users\Nanapi\Desktop\Photoshop (2) - Verknüpfung.lnk
[2012.05.05 15:01:08 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.05 15:01:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.05 15:01:03 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.29 15:47:45 | 001,565,686 | ---- | M] () -- C:\Users\Nanapi\Desktop\VGUGdfxaeDTsXaeL
[2012.04.29 15:47:45 | 001,565,686 | ---- | M] () -- C:\Users\Nanapi\Desktop\mcpatcher-2.3.6_02.exe
[2012.04.29 15:25:01 | 000,278,561 | ---- | M] () -- C:\Users\Nanapi\Desktop\Minecraft(1).exe
 
========== Files Created - No Company Name ==========
 
[2012.05.23 17:06:55 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.23 17:04:48 | 000,043,668 | ---- | C] () -- C:\Users\Nanapi\Documents\cc_20120523_170439.reg
[2012.05.23 12:12:21 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.23 12:12:19 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.22 23:31:15 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012.05.22 23:31:15 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012.05.22 19:06:44 | 000,001,885 | ---- | C] () -- C:\Users\Nanapi\Desktop\ShadowExplorer.lnk
[2012.05.22 17:44:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.22 16:45:08 | 000,845,941 | ---- | C] () -- C:\Users\Nanapi\Desktop\Desert.jpg
[2012.05.22 16:45:08 | 000,780,831 | ---- | C] () -- C:\Users\Nanapi\Desktop\Koala.jpg
[2012.05.22 16:45:08 | 000,777,835 | ---- | C] () -- C:\Users\Nanapi\Desktop\Penguins.jpg
[2012.05.22 16:45:08 | 000,620,888 | ---- | C] () -- C:\Users\Nanapi\Desktop\Tulips.jpg
[2012.05.22 16:45:08 | 000,561,276 | ---- | C] () -- C:\Users\Nanapi\Desktop\Lighthouse.jpg
[2012.05.22 16:43:36 | 000,027,648 | ---- | C] () -- C:\Users\Nanapi\Desktop\VuAefJNoXxgEeGOnyXdQj
[2012.05.22 16:43:36 | 000,027,648 | ---- | C] () -- C:\Users\Nanapi\Desktop\unDdGNATsNLatgJ
[2012.05.22 16:43:36 | 000,022,324 | ---- | C] () -- C:\Users\Nanapi\Desktop\ryXsNqXeVdvsVvLlnlUO
[2012.05.22 16:43:36 | 000,022,020 | ---- | C] () -- C:\Users\Nanapi\Desktop\pxvALDdgolUvEe
[2012.05.14 21:22:37 | 000,001,207 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.10 22:45:16 | 000,001,203 | ---- | C] () -- C:\Users\Public\Desktop\The Secret World.lnk
[2012.05.09 13:02:59 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Blender.lnk
[2012.05.07 23:19:31 | 000,001,405 | ---- | C] () -- C:\Users\Nanapi\Desktop\Photoshop (2) - Verknüpfung.lnk
[2012.04.29 15:47:42 | 001,565,686 | ---- | C] () -- C:\Users\Nanapi\Desktop\VGUGdfxaeDTsXaeL
[2012.04.29 15:47:42 | 001,565,686 | ---- | C] () -- C:\Users\Nanapi\Desktop\mcpatcher-2.3.6_02.exe
[2012.04.29 15:25:01 | 000,278,561 | ---- | C] () -- C:\Users\Nanapi\Desktop\Minecraft(1).exe
[2012.04.27 14:53:48 | 000,000,872 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2012.04.27 14:52:45 | 000,000,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2012.04.27 14:51:46 | 000,001,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2012.04.27 14:51:38 | 000,000,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
[2012.04.27 14:50:28 | 000,000,846 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
[2012.03.26 16:03:36 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.03.26 15:13:58 | 001,588,838 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.07 20:32:17 | 000,001,801 | ---- | C] () -- C:\Windows\WRcfg.ini
[2012.03.07 20:32:17 | 000,000,388 | ---- | C] () -- C:\Windows\WRMCcfg.ini
[2012.03.07 20:32:16 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.03.07 20:32:16 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== LOP Check ==========
 
[2012.05.22 23:58:06 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\.minecraft
[2012.05.23 00:00:41 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\AChat
[2012.05.22 15:41:45 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\AD Talk
[2012.05.22 14:48:10 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\Babylon
[2012.05.22 23:58:06 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\DAEMON Tools Lite
[2012.05.22 14:48:10 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\DisplayFusion
[2012.05.22 14:48:10 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\EVEMon
[2012.03.07 00:06:36 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\Leadertech
[2012.03.26 16:57:16 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\OpenOffice.org
[2012.03.06 20:57:18 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\Opera
[2012.05.22 14:48:15 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\Origin
[2012.05.22 23:58:08 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\portalgraphics
[2012.05.22 23:58:08 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\RightNow_Technologies
[2012.05.11 15:33:21 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\SFBot
[2012.03.06 22:23:15 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\Thunderbird
[2012.05.23 16:57:39 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\uTorrent
[2012.05.23 00:00:41 | 000,000,000 | ---D | M] -- C:\Users\Nanapi\AppData\Roaming\www.shadowexplorer.com
[2012.05.22 23:23:02 | 000,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA(51).DAT
[2009.07.14 07:08:49 | 000,030,366 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(52).TXT
[2009.07.14 07:08:49 | 000,030,870 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         

--- --- ---

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 23.05.2012 19:50:47 - Run 3
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\Nanapi\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,74 Gb Available Physical Memory | 71,81% Memory free
16,00 Gb Paging File | 13,01 Gb Available in Paging File | 81,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,95 Gb Total Space | 281,05 Gb Free Space | 61,37% Space Free | Partition Type: NTFS
Drive D: | 360,81 Gb Total Space | 348,24 Gb Free Space | 96,52% Space Free | Partition Type: NTFS
Drive F: | 497,05 Mb Total Space | 489,72 Mb Free Space | 98,52% Space Free | Partition Type: FAT
Drive M: | 97,66 Gb Total Space | 65,49 Gb Free Space | 67,06% Space Free | Partition Type: NTFS
 
Computer Name: NANAPI-PC | User Name: Nanapi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06248BC0-EA70-4B32-B915-F222365A48BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0B31D0C1-A874-4A9D-BE60-625A99338F03}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{1F18F33E-2C92-4568-AF6D-FFF2137E8607}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{226D70CB-B3F5-410C-977E-46456A13DD76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{30C8F297-0D3C-40EF-9621-3E22C7B125AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{31B8A62B-4770-46BA-BD85-1395A487FB03}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3CFB4309-9C0A-4D24-A049-8D207388EB21}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4D44EB6C-03C2-4B52-B7C1-BE65C2FEA92C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5D69EFA4-AF7C-4196-9094-AB719EE591C4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{80B89988-9D3E-4309-A0C0-355534466E4A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{81700DA7-AC37-42D7-A398-F79638CD9F54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{862E4826-E4F6-41AE-8CC9-AEA745871284}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8D539E87-7808-467A-90E4-1FAF0B80E8EA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8D72B97B-5EB7-47D2-844A-571309556963}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{925DE13B-920F-4909-B766-130A91BC6C96}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{99100CAD-B7B2-4FA5-8934-989FFB0616AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9A2C55B2-0A4C-495A-94FC-0712E99F463E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A9DDA244-A4B1-4095-A252-352C3A4D70BD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BB7F73ED-4A9B-442E-BBD7-6FD42EA57E73}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BBE57936-668C-4A63-B881-136D1297FAAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D5665E03-FDDA-41C4-AC9F-3ADB1DAC7DE4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DA786DF6-BA89-49CE-A817-7ED3E25B3FBA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DB868C6B-F52E-4972-8719-ADDFF9E77BEC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F8755E77-6AB6-41B4-9F32-9C5BA4827D51}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B71C2DF-4252-443E-9DBD-388D2B9E7144}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{194AC8CB-0895-40D1-8676-264075E8E41D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1A0B42FD-BB7C-4F53-A8B0-6BF992D537AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1A972EDD-060E-4841-A961-C85DBD06947D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1DF23F37-2081-433C-9733-B1F1C094C9E1}" = protocol=6 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe | 
"{21211307-0A76-446D-964C-5CD830AD1228}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\star wars - the old republic\launcher.exe | 
"{284FA45B-B622-491F-BBFE-E908BB0EAAAA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2863E1F1-F5EF-4A19-81AF-D2DC87AB1451}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
"{2969915D-48B5-4536-8287-6A7B680ADB65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{497A6276-C84D-4AFD-ABB5-8E9A0A90E77C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe | 
"{5A55004D-8099-4FA4-8FE8-8896A68040CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5E85D880-B01A-434A-9B55-238C93285957}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5F6D52D0-A388-4397-827D-B1E3458FB90B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{63A200C5-BD29-41FA-9810-B6D388CF5372}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe | 
"{65CE6DF4-A82A-4E1D-8DF6-A55318A30C75}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6CF0F469-5C2A-4200-BD31-D0C8F2F5B9EA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{6D175E44-54E7-4AB0-9029-51E8CB4589A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6FBE7749-6129-400C-A0C5-AB707EE41C11}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{76D19408-3DEB-4613-A24A-D605E12A273A}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{7AB2C367-7E61-472F-9AC7-B04778177FCB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{7AEF7A29-5BE0-4E1A-80A7-737A48F6190F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8D9363F3-E7BB-4F3D-98A8-D66263FCE3CA}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe | 
"{8FEF9E21-96F0-4F9A-A7BC-C6D9323726E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe | 
"{90027F42-FCDC-44A6-B820-1A01230EB7D9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9381FFC7-9D17-4A3E-90DD-C2DFEA6B28CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{984B7067-D2CA-4350-8880-AB6733CC1667}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{993A979C-E059-4DFC-B277-EA1D53CAED4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9E6F57D8-0F4F-4EB4-A407-D725932775B1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{A506929A-6438-41AE-B291-98BA15E6234E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\star wars - the old republic\launcher.exe | 
"{AB66DBE2-BAC6-4491-97A5-3BE55A60EB4B}" = protocol=6 | dir=out | app=system | 
"{AEF18C25-28B4-4D00-9B5A-6A834099BBDD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BE8759F4-C72D-4DE2-8FE9-E64EF0544B79}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C3C7D8BC-FD19-4A73-AFF8-274798BFB743}" = protocol=17 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe | 
"{CD4CECDA-2CB1-4879-BC39-0DC8338ED3FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D0100B5B-E60F-40D9-AB70-71A5ED34A64E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D0CD1FC4-3348-4E35-87A2-1ABB981FC8D7}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{D68F30F7-483B-486E-9D85-6EF61AE7980D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{D8C19521-F52A-445E-AEA3-DAC102925641}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{DD86C093-B3D1-433C-9A53-CEB0495ED7B5}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
"{DEB02804-B2F8-42F4-A8AF-324AF4CE71C7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E334D512-10F9-462E-AC94-5A1A2E07A1D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe | 
"{E41FF75D-D7CC-4F6D-BB55-BA7B852C3688}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{EFE79E4A-4BDC-4F8B-83FB-05498BE7BA33}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F0E3172D-1CC4-46A6-899F-D20ED472C1F5}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{F3B06FD4-E3D7-44C7-92AA-19FA60D2A54B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F6129A19-53AA-4262-93C3-B56EF918BE94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe | 
"{F971813C-A066-4219-B72F-04D24058F187}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FBC9DFED-23FC-4CF9-9510-BFB9317CC45D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{080124C2-1E04-4243-A3C2-C22C908197B6}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"TCP Query User{0E4FD924-A82A-421E-B63B-670E337C0AC0}C:\program files (x86)\achat\achat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\achat\achat.exe | 
"TCP Query User{26CEE0C0-1FE8-4801-98BA-16EDAAF48C06}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{49A917EC-CEBD-4ED8-8FBE-576ADEE372C8}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe | 
"TCP Query User{57467F4C-6AA1-426D-93D2-23A11926EAD0}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"TCP Query User{5BB88F56-9899-4197-B2D7-4478270F9735}C:\program files (x86)\achat\achat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\achat\achat.exe | 
"TCP Query User{788AFC9D-892B-4BBB-90CF-BF7DBB6521E8}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{FF2F4937-FB21-4D41-8AFC-21C556C02442}C:\program files (x86)\ad talk\ad talk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe | 
"UDP Query User{16006B64-D67E-471A-904E-12F46D53C135}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{2B223835-467E-4A5D-ABD2-E2721719EFD6}C:\program files (x86)\ad talk\ad talk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ad talk\ad talk.exe | 
"UDP Query User{4BC95F01-3A3A-4E94-A4D9-0C5E94C71098}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"UDP Query User{650A81CD-026C-4028-9C2A-FAA3D80A3065}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"UDP Query User{A463C496-3A70-4FE1-BD2A-3882414C7FCE}C:\program files (x86)\achat\achat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\achat\achat.exe | 
"UDP Query User{C6C47C5E-9419-41EF-9EC5-906606DFCE51}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe | 
"UDP Query User{E82A1280-FCBF-4918-8BAA-51B70B9E1CC9}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"UDP Query User{FB3F8E85-11DF-49E5-A863-87DF47941D80}C:\program files (x86)\achat\achat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\achat\achat.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1" = Free Opener
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Blender" = Blender
"CCleaner" = CCleaner
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Pen Tablet Driver" = Bamboo
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08FD4323-8909-4973-BD2E-7250D2D93D0C}_is1" = Auto Mouse Mover 1.3.3
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E00F999C-80D1-460F-BCE1-CD0140215CBC}}_is1" = openCanvas 5.1.04
"{E010C6F5-3EE2-4293-A461-0FFCF4CF01A5}" = Sound Blaster World of Warcraft Wireless Headset
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"5513-1208-7298-9440" = JDownloader 0.9
"AChat_is1" = AChat v0.150
"AD Talk" = AD Talk
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AudibleManager" = AudibleManager
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.4.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"EVEMon" = EVEMon
"Google Chrome" = Google Chrome
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenVPN" = OpenVPN 2.1_rc22
"Opera 11.61.1250" = Opera 11.61
"Origin" = Origin
"PCstunnel" = PCstunnel
"ShadowExplorer_is1" = ShadowExplorer 0.8
"Steam App 8510" = EVE Online Demo
"SysInfo" = Creative Systeminformationen
"The Secret World_is1" = The Secret World
"VLC media player" = VLC media player 2.0.0
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fc3cd95d63145b11" = RightNow (frogster)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.05.2012 13:37:05 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 23.05.2012 13:37:05 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 23.05.2012 13:37:06 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 23.05.2012 13:37:06 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 23.05.2012 13:37:08 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 23.05.2012 13:37:08 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 23.05.2012 13:37:08 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 23.05.2012 13:37:08 | Computer Name = Nanapi-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 23.05.2012 13:41:35 | Computer Name = Nanapi-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Nanapi\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 23.05.2012 13:50:17 | Computer Name = Nanapi-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.43.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 17dc    Startzeit:
 01cd390b9b29b172    Endzeit: 8    Anwendungspfad: C:\Users\Nanapi\Downloads\OTL.exe    Berichts-ID:
 b1d543c2-a4ff-11e1-a590-002511a295ca  
 
[ System Events ]
Error - 22.05.2012 08:59:48 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EPSON V3 Service4(01)" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 22.05.2012 09:21:56 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 22.05.2012 09:21:56 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 22.05.2012 11:15:52 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 22.05.2012 11:15:52 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 22.05.2012 17:49:13 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 22.05.2012 17:49:13 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 23.05.2012 10:42:31 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 23.05.2012 13:37:08 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 23.05.2012 13:37:08 | Computer Name = Nanapi-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
 
< End of report >
         

--- --- ---

1.
Fixen mit OTL

• Starte die OTL.exe.
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :

Code: Alles auswählenAufklappen

ATTFilter

:OTL
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012.05.23 19:36:52 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.23 19:22:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.23 12:12:21 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.23 12:12:19 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

:Files
C:\Users\Nanapi\AppData\Roaming\Babylon
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         

• und füge es hier ein:
• Schließe alle Programme.
• Klicke auf den Fix Button.
• Klick auf .
• OTL verlangt einen Neustart. Bitte zulassen.
• Nach dem Neustart findest Du ein Textdokument.
  Kopiere den Inhalt hier in Deinen Thread.

2.
Am besten alle verschlüsselten Daten extern sichern (auf leere USB-Stick oder ext. Festplatte). Dann mit Entschlüsselung beginnen. Also am Computer sollen die geänderten Daten um Nummer sicher zu gehen zuerst unberührt bleiben
Wenn alles gut geht, kannst Du dann am PC weiter machen

3.
Vorgehen beim Verschlüsselungs-Trojaner :-> http://www.trojaner-board.de/114783-...ubersicht.html
► SemperVideo hat ein Video zum Thema erstellt.
weitere Tipps:
-> Trustezeb.A Decryptor
** Außerdem kannst versuchen die verschlüsselte Dateien auf einen leeren USB Stick speichern. Wenn Du weiß was für dateien sind (z.B *.jpg, *.doc usw) dann benenne sie alle wieder in Originalform wie vorher, also z.B in eine .jpg Datei

1:

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
========== FILES ==========
C:\Users\Nanapi\AppData\Roaming\Babylon folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Nanapi\Downloads\cmd.bat deleted successfully.
C:\Users\Nanapi\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Nanapi
->Temp folder emptied: 416965 bytes
->Temporary Internet Files folder emptied: 1377749 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 256492511 bytes
->Google Chrome cache emptied: 14768129 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 3578 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1825 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 13576831 bytes
 
Total Files Cleaned = 273,00 mb
 
 
OTL by OldTimer - Version 3.2.43.1 log created on 05242012_112627

Files\Folders moved on Reboot...
C:\Users\Nanapi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

2. und 3.

Ich hab nun ein Bilderpärchen auf meinen USB stick gezogen unf leder schein es nicht zu funktionieren, mit kneinen der Programme. Dr. Web und DecryptHelper sagen mir, dass es sich um die selbe datei handelt. Einer will die verschlüsselte Datei gar nicht erst erkennen weil sie kein "logged" davor hat und und die restlichen machen leider gar nichts :/
Ich kann einige Bilder mit einem .jp versehen oder direkt in der Bildervorschau ansehen, das scheint aber nur ein minimaler teil zu sein. Selbes habe ich mit .txt dokumenten versucht. Die Funktionieren gar nicht auf diese Weise.

die Empfohlene Anleitungen stehen Dir (mir auch) momentan zur Verfügung. Ansonsten alle Verschlüsselte Daten sichern, vlt gelingt es bald ein Gegenmittel herzustellen. Die Experten arbeiten sehr intensiv daran, hoffentlich gibt es bald eine Lösung, die funktioniert