Windows findet keinen Speicherplatz,Festplatten nicht sichtbar,Trojaner,Malware

Gorkamorka · 04.01.2012, 15:38

Hallo Leute,
Hab das gleiche Problem wie User - Elen in ihrem Thema : http://www.trojaner-board.de/97710-t...cherplatz.html

Habe mir SUPERAntiSpyware gezogen und damit wenigstens verhindert das der PC runterfährt wenn man die Fake-Fehlermeldungen schließt.
Es wird zwar (soweit ich weis) alles wieder angezeigt, Ordner etc, aber trotzdem bin ich Skeptisch!
Was die Schritte angeht habe ich bis jetzt nur OTL und Defogger benutzt, so wie in der Checkliste. Bei all dem anderem warte ich lieber auf Eure Anweisungen! Habe meinem PC das Internet "entzogen" und benutze einen Laptop!

Hier die Logfiles der Progs : (Finde das Logfile von S-A-Spyware nicht)

OTL logfile created on: 04.01.2012 15:12:11 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Shadow\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,08% Memory free
8,23 Gb Paging File | 7,01 Gb Available in Paging File | 85,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 247,41 Gb Free Space | 53,12% Space Free | Partition Type: NTFS
Drive D: | 186,31 Gb Total Space | 118,60 Gb Free Space | 63,66% Space Free | Partition Type: NTFS
Drive G: | 1,96 Gb Total Space | 1,93 Gb Free Space | 98,46% Space Free | Partition Type: FAT

Computer Name: PHANTOM | User Name: Shadow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Shadow\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Internet\Ad-Aware\AWSC.exe ()
PRC - C:\Phantom\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Phantom\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ASUS\AASP\1.00.45\aaCenter.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\ASUS\AASP\1.00.45\aaCenter.exe ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.45\PowerDll.dll ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.45\cpuutil.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (cmdAgent) -- C:\Internet\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TunngleService) -- C:\Internet\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Internet\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Hamachi2Svc) -- C:\Internet\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirService) -- C:\Phantom\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Phantom\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TomTomHOMEService) -- C:\Phantom\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (TuneUp.UtilitiesSvc) -- C:\Phantom\TuneUp_2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (SSScsiSV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\Drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\DRIVERS\tap0901t.sys (Tunngle.net)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174) -- C:\Windows\SysNative\DRIVERS\tdrpm174.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\DRIVERS\timntr.sys (Acronis)
DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys (Acronis)
DRV:64bit: - (snapman380) Acronis Snapshots Manager (Build 380) -- C:\Windows\SysNative\DRIVERS\snman380.sys (Acronis)
DRV:64bit: - (48728) -- C:\Windows\SysNative\48728.sys ()
DRV:64bit: - (usbser) -- C:\Windows\SysNative\DRIVERS\usbser.sys (Microsoft Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\SysNative\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV:64bit: - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\Windows\SysNative\drivers\sfdrv01a.sys (Protection Technology (StarForce))
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (vcd10bus) -- C:\Windows\SysNative\DRIVERS\vcd10bus.sys (H+H Software GmbH)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (AMD, Inc.)
DRV:64bit: - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV:64bit: - (vcd9bus) -- C:\Windows\SysNative\DRIVERS\vcd9bus.sys (H+H Software GmbH)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (TuneUpUtilitiesDrv) -- C:\Phantom\TuneUp_2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) -- C:\Grafik\PowerDVD\000.fcl (Cyberlink Corp.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (usbhub) -- C:\Windows\SysWOW64\drivers\usbhub.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "yahoo.de"
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}:5.0.13
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.11
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.4.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Grafik\Real\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Grafik\Real\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Grafik\Real\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.18 20:09:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.18 20:09:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Internet\FireFox\components [2020.01.18 14:05:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Internet\FireFox\plugins [2011.10.24 20:10:58 | 000,000,000 | ---D | M]

[2011.10.02 07:02:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Extensions
[2010.02.24 19:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010.05.03 19:40:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011.10.02 07:02:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Extensions\prism@developer.mozilla.org
[2011.12.08 20:55:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\extensions
[2011.12.08 20:55:13 | 000,000,000 | ---D | M] (Winload) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.12.08 21:29:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\h621le6t.default\extensions
[2010.04.30 17:23:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\h621le6t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.16 21:55:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\h621le6t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.12.28 23:10:02 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\h621le6t.default\extensions\2020Player@2020Technologies.com
[2010.04.05 06:13:00 | 000,000,000 | ---D | M] (Ovi maps browser plugin) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\h621le6t.default\extensions\maps@ovi.com
[2010.07.30 05:51:24 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\h621le6t.default\extensions\YoutubeDownloader@PeterOlayev.com
[2011.12.08 21:09:53 | 000,000,907 | ---- | M] () -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\h621le6t.default\searchplugins\conduit.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\h621le6t.default\searchplugins\icqplugin.xml
[2009.08.13 22:06:22 | 000,000,000 | ---D | M] (Java Console) -- C:\INTERNET\FIREFOX\EXTENSIONS\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
[2010.05.03 19:40:10 | 000,000,000 | ---D | M] (Java Console) -- C:\INTERNET\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

O1 HOSTS File: ([2012.01.03 21:23:25 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Phantom\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Phantom\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Internet\ICQ 7.5\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Internet\ICQ 7.5\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Phantom\Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab (Java Plug-in 1.5.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03C08226-5055-40B6-9990-A4CEC205E0FB}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EE415C3-186D-4613-81DA-0A4A2687C3FB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Shadow\Pictures\wallpaper-850185.jpg
O24 - Desktop BackupWallPaper: C:\Users\Shadow\Pictures\wallpaper-850185.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{12f949c5-bcdb-11de-82bf-001e8c4afa0c}\Shell - "" = AutoRun
O33 - MountPoints2\{12f949c5-bcdb-11de-82bf-001e8c4afa0c}\Shell\AutoRun\command - "" = F:\steambackup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

MsConfig:64bit - State: "services" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2020.01.18 08:52:24 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\LAG
[2020.01.18 08:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\LAG
[2012.01.03 21:55:54 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Roaming\SUPERAntiSpyware.com
[2012.01.03 21:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.01.03 21:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.01.03 21:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.01.03 21:23:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.03 21:13:16 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Shadow\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.03 21:13:16 | 004,367,676 | ---- | C] (Swearware) -- C:\Users\Shadow\Desktop\cofi.exe
[2012.01.03 21:13:16 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Shadow\Desktop\tdsskiller.exe
[2012.01.03 21:13:15 | 013,794,984 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Shadow\Desktop\SUPERAntiSpyware.exe
[2012.01.03 21:13:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Shadow\Desktop\OTL.exe
[2012.01.01 07:51:35 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Roaming\Petroglyph
[2011.12.31 08:50:55 | 000,000,000 | ---D | C] -- C:\Users\Shadow\Documents\Red Alert 3
[2011.12.31 08:38:28 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Roaming\Red Alert 3
[2011.12.27 15:01:06 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\AliensVsPredator
[2011.12.20 20:00:29 | 000,000,000 | ---D | C] -- C:\Users\Shadow\Desktop\GAS
[2011.12.17 18:57:50 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\LucasArts
[2011.12.09 12:53:16 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\Skyrim
[2011.12.08 20:55:07 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\Conduit
[2011.12.08 20:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011.12.08 15:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.12.08 15:41:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011.12.08 15:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[1 C:\Users\Shadow\*.tmp files -> C:\Users\Shadow\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2040.08.13 19:21:05 | 000,006,136 | ---- | M] () -- C:\Users\Shadow\AppData\Local\TimerStop64.sys
[2012.01.04 15:10:24 | 001,474,544 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.04 15:10:24 | 000,639,210 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.04 15:10:24 | 000,604,804 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.04 15:10:24 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.04 15:10:24 | 000,108,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.04 15:05:32 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.01.04 15:05:12 | 000,003,392 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.04 15:05:12 | 000,003,392 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.04 15:05:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.03 22:31:37 | 000,001,622 | ---- | M] () -- C:\Users\Shadow\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.01.03 21:55:28 | 000,001,763 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.03 21:42:12 | 000,000,000 | ---- | M] () -- C:\Users\Shadow\defogger_reenable
[2012.01.03 21:38:58 | 000,050,477 | ---- | M] () -- C:\Users\Shadow\Desktop\Defogger.exe
[2012.01.03 21:30:56 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.01.03 21:30:56 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.01.03 20:18:26 | 013,794,984 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Shadow\Desktop\SUPERAntiSpyware.exe
[2012.01.03 20:16:12 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Shadow\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.03 20:14:44 | 000,080,384 | ---- | M] () -- C:\Users\Shadow\Desktop\MBRCheck.exe
[2012.01.03 20:03:20 | 004,367,676 | ---- | M] (Swearware) -- C:\Users\Shadow\Desktop\cofi.exe
[2012.01.03 20:02:12 | 000,684,297 | ---- | M] () -- C:\Users\Shadow\Desktop\unhide.exe
[2012.01.03 19:49:16 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Shadow\Desktop\tdsskiller.exe
[2012.01.03 19:47:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Shadow\Desktop\OTL.exe
[2012.01.02 20:29:03 | 000,061,065 | ---- | M] () -- C:\Users\Shadow\Documents\Bank of Scottland.pdf
[2012.01.01 07:50:55 | 000,000,715 | ---- | M] () -- C:\Users\Shadow\Desktop\sweaw.lnk
[2011.12.31 08:38:24 | 000,000,040 | ---- | M] () -- C:\ProgramData\ra3.ini
[2011.12.28 18:44:34 | 000,012,480 | ---- | M] () -- C:\Users\Shadow\Documents\Vertragswerte_28122011_1844.pdf
[2011.12.28 18:43:17 | 000,117,099 | ---- | M] () -- C:\Users\Shadow\Documents\Verbraucherinformationen_Tagesgeld_online.pdf
[2011.12.28 18:41:12 | 000,140,368 | ---- | M] () -- C:\Users\Shadow\Documents\Bedingungen_fuer_die_Nutzung_des_Elektronischen_Kontoauszugs.pdf
[2011.12.28 18:41:06 | 000,137,048 | ---- | M] () -- C:\Users\Shadow\Documents\Bedingungen_fuer_die_Nutzung_des_Elektronischen_Postfachs.pdf
[2011.12.28 18:40:58 | 000,156,810 | ---- | M] () -- C:\Users\Shadow\Documents\Bedingungen_Online-Banking.pdf
[2011.12.28 18:40:48 | 000,201,080 | ---- | M] () -- C:\Users\Shadow\Documents\Tagesgeldkonto.pdf
[2011.12.25 09:50:30 | 000,000,910 | ---- | M] () -- C:\Users\Shadow\Desktop\SupremeCommander.lnk
[2011.12.23 10:52:59 | 000,260,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.19 19:59:06 | 000,022,696 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2011.12.19 19:58:57 | 000,041,200 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2011.12.19 19:58:55 | 000,301,224 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2011.12.19 19:58:54 | 000,389,840 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2011.12.19 17:30:53 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.12.17 20:09:13 | 000,000,718 | ---- | M] () -- C:\Users\Shadow\Desktop\LEGOStarWarsSaga.lnk
[2011.12.16 15:57:46 | 000,000,807 | ---- | M] () -- C:\Users\Shadow\Desktop\Sniper Ghost Warrior.lnk
[2011.12.15 22:07:12 | 000,281,656 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.12.15 22:07:12 | 000,281,656 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.15 21:49:51 | 000,281,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.12.15 20:56:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.09 20:32:08 | 000,000,707 | ---- | M] () -- C:\Users\Shadow\Desktop\SkyrimLauncher.lnk
[2011.12.06 15:33:55 | 000,000,682 | ---- | M] () -- C:\Users\Shadow\Desktop\AssassinsCreed_Dx10.lnk
[1 C:\Users\Shadow\*.tmp files -> C:\Users\Shadow\*.tmp -> ]

========== Files Created - No Company Name ==========

[2040.08.13 19:21:05 | 000,006,136 | ---- | C] () -- C:\Users\Shadow\AppData\Local\TimerStop64.sys
[2012.01.04 15:05:31 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.01.03 22:31:37 | 000,001,622 | ---- | C] () -- C:\Users\Shadow\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.01.03 21:55:28 | 000,001,763 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.03 21:42:12 | 000,000,000 | ---- | C] () -- C:\Users\Shadow\defogger_reenable
[2012.01.03 21:41:22 | 000,050,477 | ---- | C] () -- C:\Users\Shadow\Desktop\Defogger.exe
[2012.01.03 21:13:16 | 000,684,297 | ---- | C] () -- C:\Users\Shadow\Desktop\unhide.exe
[2012.01.03 21:13:16 | 000,080,384 | ---- | C] () -- C:\Users\Shadow\Desktop\MBRCheck.exe
[2012.01.02 20:29:03 | 000,061,065 | ---- | C] () -- C:\Users\Shadow\Documents\Bank of Scottland.pdf
[2012.01.01 07:50:55 | 000,000,715 | ---- | C] () -- C:\Users\Shadow\Desktop\sweaw.lnk
[2011.12.31 08:38:24 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011.12.28 18:44:34 | 000,012,480 | ---- | C] () -- C:\Users\Shadow\Documents\Vertragswerte_28122011_1844.pdf
[2011.12.28 18:43:17 | 000,117,099 | ---- | C] () -- C:\Users\Shadow\Documents\Verbraucherinformationen_Tagesgeld_online.pdf
[2011.12.28 18:41:12 | 000,140,368 | ---- | C] () -- C:\Users\Shadow\Documents\Bedingungen_fuer_die_Nutzung_des_Elektronischen_Kontoauszugs.pdf
[2011.12.28 18:41:06 | 000,137,048 | ---- | C] () -- C:\Users\Shadow\Documents\Bedingungen_fuer_die_Nutzung_des_Elektronischen_Postfachs.pdf
[2011.12.28 18:40:58 | 000,156,810 | ---- | C] () -- C:\Users\Shadow\Documents\Bedingungen_Online-Banking.pdf
[2011.12.28 18:40:48 | 000,201,080 | ---- | C] () -- C:\Users\Shadow\Documents\Tagesgeldkonto.pdf
[2011.12.25 09:50:01 | 000,000,910 | ---- | C] () -- C:\Users\Shadow\Desktop\SupremeCommander.lnk
[2011.12.17 20:09:13 | 000,000,718 | ---- | C] () -- C:\Users\Shadow\Desktop\LEGOStarWarsSaga.lnk
[2011.12.16 15:57:46 | 000,000,807 | ---- | C] () -- C:\Users\Shadow\Desktop\Sniper Ghost Warrior.lnk
[2011.12.09 20:32:08 | 000,000,707 | ---- | C] () -- C:\Users\Shadow\Desktop\SkyrimLauncher.lnk
[2011.12.06 15:33:55 | 000,000,682 | ---- | C] () -- C:\Users\Shadow\Desktop\AssassinsCreed_Dx10.lnk
[2011.11.20 16:51:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.10.25 21:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.10.19 22:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.04 16:43:20 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.09.04 16:43:20 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.08.29 19:39:39 | 000,000,067 | ---- | C] () -- C:\Windows\FinalSun.ini
[2011.06.26 11:37:39 | 000,080,256 | ---- | C] () -- C:\Windows\SysWow64\ezGOSvc.dll
[2011.05.29 20:25:03 | 000,000,680 | ---- | C] () -- C:\Users\Shadow\AppData\Local\d3d9caps.dat
[2011.05.29 07:53:56 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.05.26 18:03:55 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.05.19 21:11:02 | 000,000,221 | ---- | C] () -- C:\Windows\YODESK.INI
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.10.29 16:44:15 | 002,506,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_new_5-9-08.exe
[2010.07.21 17:23:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2010.06.14 10:35:00 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.05.11 17:19:42 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.05.11 17:19:42 | 000,013,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.05.11 17:19:41 | 000,012,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010.05.11 17:19:41 | 000,010,304 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010.05.02 12:33:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.04.12 19:12:27 | 002,407,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe
[2010.03.28 21:27:08 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.03.20 13:33:06 | 000,000,094 | ---- | C] () -- C:\Users\Shadow\AppData\Local\fusioncache.dat
[2010.03.20 13:32:23 | 001,477,406 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.01.05 20:59:45 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.01.05 20:59:11 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.01.05 20:59:11 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009.12.28 23:23:00 | 000,000,635 | ---- | C] () -- C:\Windows\Sta2.INI
[2009.12.27 21:53:17 | 000,001,442 | ---- | C] () -- C:\Windows\eReg.dat
[2009.10.15 21:36:31 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.08.18 22:08:09 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2009.08.16 18:41:46 | 000,131,797 | ---- | C] () -- C:\Windows\hpoins14.dat
[2009.08.16 18:41:46 | 000,001,996 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2009.08.15 00:09:54 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2009.08.14 22:54:35 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.08.13 22:08:29 | 000,087,040 | ---- | C] () -- C:\Windows\SysWow64\TrayIcon12.dll
[2009.08.13 22:08:29 | 000,061,952 | ---- | C] () -- C:\Windows\SysWow64\ajnetmask.dll
[2009.08.13 21:21:27 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.13 18:23:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.08.13 18:23:04 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.08.13 18:22:52 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.08.13 18:22:52 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.08.13 15:09:43 | 000,120,320 | ---- | C] () -- C:\Users\Shadow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.13 14:53:52 | 000,002,188 | ---- | C] () -- C:\Users\Shadow\AppData\Local\d3d9caps64.dat
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\MMSwitch.dll
[2005.10.14 11:56:48 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\MMAVILNG.exe
[1999.01.27 12:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\indounin.dll
[1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll

========== LOP Check ==========

[2011.11.21 17:37:45 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\.minecraft
[2009.08.14 22:55:12 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\ACD Systems
[2009.08.13 23:57:24 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Acronis
[2011.08.30 12:02:44 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2011.07.09 13:37:44 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009.08.14 20:11:45 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Dr. DivX 2.0 OSS
[2010.04.23 17:15:19 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.14 13:34:35 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Hothead Games
[2011.05.10 16:42:12 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\ICQ
[2010.11.04 22:52:22 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Leadertech
[2011.01.18 20:09:53 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Local
[2011.07.30 14:52:27 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Need for Speed World
[2010.04.05 06:06:18 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\PC Suite
[2012.01.01 07:51:35 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Petroglyph
[2011.09.01 12:44:18 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Qoqey
[2010.10.30 12:24:05 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Quest3D
[2011.12.31 08:49:56 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Red Alert 3
[2010.10.30 12:24:05 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Roaming
[2009.08.13 21:45:38 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\SpeedProject
[2011.11.04 12:55:10 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\SPORE
[2011.06.28 17:11:39 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Star Trek Armada II Fleet Operations
[2009.08.13 18:41:24 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\TMP
[2010.07.26 18:35:48 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\TomTom
[2010.08.12 22:38:08 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\TS3Client
[2010.12.06 18:27:31 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\TuneUp Software
[2011.12.30 15:23:30 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Tunngle
[2011.12.05 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Ubisoft
[2011.09.08 17:53:29 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Vitu
[2011.01.12 23:04:06 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Watchtower
[2011.07.21 18:27:02 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\XRay Engine
[2012.01.04 15:05:32 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.01.04 15:04:19 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2010.12.06 18:28:37 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.10.15 14:43:23 | 000,000,000 | ---D | M] -- C:\aoufhiusdfh
[2011.09.15 15:41:33 | 000,000,000 | ---D | M] -- C:\ATI
[2011.12.23 10:38:14 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.09.01 21:48:33 | 000,000,000 | ---D | M] -- C:\Brenner
[2011.11.03 09:04:15 | 000,000,000 | ---D | M] -- C:\Grafik
[2011.12.08 21:06:46 | 000,000,000 | ---D | M] -- C:\Internet
[2011.02.17 09:50:34 | 000,000,000 | R--D | M] -- C:\MSOCache
[2008.01.21 04:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.05.26 13:55:14 | 000,000,000 | ---D | M] -- C:\Phantom
[2012.01.03 21:55:27 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.08 21:09:13 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.01.03 22:00:40 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.10.12 16:37:24 | 000,000,000 | ---D | M] -- C:\Recycle.Bin
[2011.12.30 17:20:35 | 000,000,000 | ---D | M] -- C:\Spiele
[2012.01.04 15:13:08 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.25 09:48:52 | 000,000,000 | ---D | M] -- C:\Temp
[2011.12.08 20:55:07 | 000,000,000 | ---D | M] -- C:\Users
[2012.01.03 21:29:59 | 000,000,000 | ---D | M] -- C:\Windows
[2012.01.03 21:23:25 | 000,000,000 | ---D | M] -- C:\_OTL

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >

< MD5 for: AFD.SYS >
[2011.04.21 15:20:24 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=0CC146C4ADDEA45791B18B1E2659F4A9 -- C:\Windows\SysNative\drivers\afd.sys
[2011.04.21 15:20:24 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=0CC146C4ADDEA45791B18B1E2659F4A9 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_35be4fb214130ed1\afd.sys
[2009.04.10 21:44:26 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=12415CCFD3E7CEC55B5184E67B039FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_35f2572213ec5bd2\afd.sys
[2011.04.21 14:54:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=7B8E5F3A0626CA83B706F0738830845F -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_366a5ebb2d168a9d\afd.sys
[2011.04.21 14:42:48 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=9BB97042FA331A0FB4BDD98B9280A50A -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_33ef7c5016dab752\afd.sys
[2011.04.21 14:47:41 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B53144D2EBB0843DD0436F5EA6953F65 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_34958b832fe3983b\afd.sys
[2008.01.21 03:48:18 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=DB37041AB857ABC7E179E856D8E1582C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_3406de1616ca9086\afd.sys

< MD5 for: EXPLORER.EXE >
[2009.04.10 23:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.10 23:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.01.21 03:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 03:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 03:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WININIT.EXE >
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.10 23:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.10 23:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP

06A4C76

< End of report >

__________________Extra Log______________________________________

OTL Extras logfile created on: 04.01.2012 15:17:11 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Shadow\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,35 Gb Available Physical Memory | 83,88% Memory free
8,17 Gb Paging File | 7,68 Gb Available in Paging File | 94,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 250,25 Gb Free Space | 53,73% Space Free | Partition Type: NTFS
Drive D: | 186,31 Gb Total Space | 118,60 Gb Free Space | 63,66% Space Free | Partition Type: NTFS
Drive G: | 1,96 Gb Total Space | 1,93 Gb Free Space | 98,46% Space Free | Partition Type: FAT

Computer Name: PHANTOM | User Name: Shadow | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Internet\FireFox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Phantom\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Phantom\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Phantom\WinAmp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Phantom\WinAmp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Phantom\WinAmp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Phantom\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Phantom\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Phantom\WinAmp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Phantom\WinAmp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Phantom\WinAmp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 1
"AntiSpyWareDisableNotify" = 1
"InternetSettingsDisableNotify" = 0
"UacDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = A5 60 8E 6E 3C 1C CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2923808587-2242505919-1898164138-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BE9F0B8-FF3D-5CAA-9BF2-CB6F3DF75D3B}" = ccc-utility64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
"{52FB2985-F3AD-DAA7-7645-4E38A5B96E17}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.5.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SpeedCommander 12 (x64)" = SpeedCommander 12 (x64)
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1BF82343-8EE6-8B76-90CF-31059B9D1842}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{31B5B620-CA8A-4F99-A64E-7DDB3D1BBB69}_is1" = appleJuice Client
"{3248F0A8-6813-11D6-A77B-00B0D0150130}" = J2SE Runtime Environment 5.0 Update 13
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4038EAF0-6F8E-4068-88F6-A417958B8AC5}" = PDF Manual NW-E010 Series
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{54510837-257F-4E9A-B359-731000028301}" = Red Faction: Guerrilla
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59E04C6D-9EE0-4F70-9358-62108888C719}" = 2010 DR PEPPER EA GAMES EVERY BOTTLE/CUP WINS PROMOTION
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = Saboteur™
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70C3CC75-9E14-D215-8FAD-5ABEAE3125D9}" = Catalyst Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8F2754CA-B124-4530-9542-00FE699EA8FD}" = Watchtower Library 2010 - Deutsch
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{975E4CAE-D408-48DA-9346-65D7DB72B7DE}" = Hama Double Action Air Grip
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A588FF79-CFDD-4FB1-B2D3-FED2DC884B52}" = Watchtower Library 2009 - Deutsch
"{A837BCE6-BCB1-4A44-8807-A678EAF06933}" = ANNO 1404 Entwickler-Tools
"{AA2E6BFE-4351-481C-A720-47CB3506570B}" = ACDSee 8
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD095458-EFF3-46CB-8BE4-DC1675FB8B49}" = Relentless Software Prerequisites
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Essentials
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E5297029-A17F-4520-BF1E-41D48731B8CB}_is1" = WinTimeKill 3.1
"{E9A1960E-7756-2299-C700-DC7CA6EDD6E4}" = Catalyst Control Center InstallProxy
"{E9D98510-A8B6-E39C-B8BA-BA9A511E040C}" = Catalyst Control Center Graphics Previews Common
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F00C56DC-3121-42BC-A4CB-9233D2265EB5}_is1" = Fleet Operations version 3.2.3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CDex" = CDex extraction audio
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DivX Setup.divx.com" = DivX-Setup
"eMule MorphXT_is1" = eMule MorphXT 12.6
"eMule_is1" = morphemuleversion
"ICQToolbar" = ICQ Toolbar
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD Ultra
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"LogMeIn Hamachi" = LogMeIn Hamachi
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.5.6
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Recovery Toolbox for RAR_is1" = Recovery Toolbox for RAR 1.1
"Sniper Ghost Warrior Update 3_is1" = Sniper Ghost Warrior Update 3
"Steam App 17480" = Command and Conquer: Red Alert 3
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 24200" = DC Universe Online
"Steam App 24790" = Command and Conquer 3: Tiberium Wars
"Steam App 24810" = Command and Conquer 3: Kane's Wrath
"Steam App 40100" = Supreme Commander 2
"Steam App 440" = Team Fortress 2
"Steam App 4560" = Company of Heroes
"Steam App 620" = Portal 2
"Steam App 65800" = Dungeon Defenders
"TomTom HOME" = TomTom HOME 2.8.2.2264
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Tunngle beta_is1" = Tunngle beta
"Winamp" = Winamp (remove only)
"WinLiveSuite_Wave3" = Windows Live Essentials
"xp-AntiSpy" = xp-AntiSpy 3.97-8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dr. DivX 2.0 OSS" = Dr. DivX 2.0 OSS
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24.09.2010 06:53:57 | Computer Name = Phantom | Source = WinMgmt | ID = 10
Description =

Error - 24.09.2010 07:20:48 | Computer Name = Phantom | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cfp.exe, Version 4.1.18600.916, Zeitstempel
0x4c054785, fehlerhaftes Modul msxml3.dll, Version 8.100.5003.0, Zeitstempel 0x4c1266a0,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000006ee6, Prozess-ID 0x880, Anwendungsstartzeit
01cb5bda84092518.

Error - 24.09.2010 07:21:21 | Computer Name = Phantom | Source = WinMgmt | ID = 10
Description =

Error - 24.09.2010 07:23:56 | Computer Name = Phantom | Source = WinMgmt | ID = 10
Description =

Error - 24.09.2010 15:35:05 | Computer Name = Phantom | Source = WinMgmt | ID = 10
Description =

Error - 24.09.2010 15:36:09 | Computer Name = Phantom | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cfp.exe, Version 4.1.18600.916, Zeitstempel
0x4c054785, fehlerhaftes Modul msxml3.dll, Version 8.100.5003.0, Zeitstempel 0x4c1266a0,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001166, Prozess-ID 0x8b0, Anwendungsstartzeit
01cb5c1fba0392c8.

Error - 24.09.2010 15:36:59 | Computer Name = Phantom | Source = WinMgmt | ID = 10
Description =

Error - 24.09.2010 15:38:37 | Computer Name = Phantom | Source = WinMgmt | ID = 10
Description =

Error - 24.09.2010 16:38:20 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 25.09.2010 03:14:54 | Computer Name = Phantom | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Spiele\SoftonicDownloader49884.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

[ System Events ]
Error - 03.01.2012 16:12:19 | Computer Name = Phantom | Source = Service Control Manager | ID = 7001
Description =

Error - 03.01.2012 16:12:19 | Computer Name = Phantom | Source = Service Control Manager | ID = 7026
Description =

Error - 03.01.2012 16:12:23 | Computer Name = Phantom | Source = DCOM | ID = 10005
Description =

Error - 03.01.2012 16:12:24 | Computer Name = Phantom | Source = DCOM | ID = 10005
Description =

Error - 03.01.2012 16:12:24 | Computer Name = Phantom | Source = DCOM | ID = 10005
Description =

Error - 03.01.2012 16:12:24 | Computer Name = Phantom | Source = DCOM | ID = 10005
Description =

Error - 03.01.2012 16:12:24 | Computer Name = Phantom | Source = Service Control Manager | ID = 7001
Description =

Error - 03.01.2012 16:12:24 | Computer Name = Phantom | Source = Service Control Manager | ID = 7001
Description =

Error - 03.01.2012 16:12:57 | Computer Name = Phantom | Source = Service Control Manager | ID = 7001
Description =

Error - 03.01.2012 16:12:58 | Computer Name = Phantom | Source = Service Control Manager | ID = 7001
Description =

[ TuneUp Events ]
Error - 30.12.2011 12:11:55 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 30.12.2011 19:22:30 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 31.12.2011 04:28:02 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 01.01.2012 03:02:52 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 01.01.2012 05:37:56 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 01.01.2012 10:20:42 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 01.01.2012 16:26:05 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 02.01.2012 11:47:01 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 02.01.2012 14:39:39 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 03.01.2012 12:05:47 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

< End of report >

cosinus · 04.01.2012, 19:23

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Gorkamorka · 04.01.2012, 22:40

Danke für die schnelle Antwort. Ich werde die Scans wohl erst morgen nach der Arbeit machen können. Ich bitte um Geduld mit mir

Gorkamorka · 05.01.2012, 19:19

Danke, habe mir schon gedacht das es nicht richtig war wie ich die Logs kopiert habe . Ich glaube ich hab mist gebaut. Mit dem ESET. Er hat gescannt und 5 Trj und 1 Malware gefunden. Da ich comodo benutzte (vorher deaktiviert) startete er zu Anfang nicht. Musste Comodo wieder starten den prozess freigeben und dann wieder beenden. Habe dann mehrmals einen scan laufen lassen und jetzt steht im log nicht mehr (soweit ich das beurteilen kann) das und was er gelöscht hat. habe bei Malwarebytes die in Quarantäne verschobenen gelöscht!

Log's :

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.24.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19170
Shadow :: PHANTOM [Administrator]

Schutz: Deaktiviert

05.01.2012 16:56:52
mbam-log-2012-01-05 (17-58-06).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 378802
Laufzeit: 58 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\YVIBBBHA8C (Trojan.Agent) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 2
C:\Recycle.Bin (Trojan.Spyeyes) -> Keine Aktion durchgeführt.
C:\aoufhiusdfh (Trojan.SpyEyes) -> Keine Aktion durchgeführt.

Infizierte Dateien: 3
C:\Brenner\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Keine Aktion durchgeführt.
C:\Spiele\Anno 1404\MT-X\MT-eXperience.exe (Trojan.AVKiller.Gen) -> Keine Aktion durchgeführt.
C:\aoufhiusdfh\46F3A94C63D846E (Trojan.SpyEyes) -> Keine Aktion durchgeführt.

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5bf2475104c6684e9177af0f335dc3d7
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-05 05:53:09
# local_time=2012-01-05 06:53:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 1983698 100681282 1997400 0
# compatibility_mode=3073 16777213 80 71 1212846 5366945 0 0
# compatibility_mode=5892 16776574 100 56 75596475 163308624 0 0
# compatibility_mode=8192 67108863 100 0 4005 4005 0 0
# scanned=7460
# found=0
# cleaned=0
# scan_time=1271
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5bf2475104c6684e9177af0f335dc3d7
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-05 05:55:53
# local_time=2012-01-05 06:55:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 1984998 100682582 1998700 0
# compatibility_mode=3073 16777213 80 71 1214146 5368245 0 0
# compatibility_mode=5892 16776574 100 56 75597775 163309924 0 0
# compatibility_mode=8192 67108863 100 0 5305 5305 0 0
# scanned=48
# found=0
# cleaned=0
# scan_time=135
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5bf2475104c6684e9177af0f335dc3d7
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-05 05:58:39
# local_time=2012-01-05 06:58:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 1985152 100682736 1998854 0
# compatibility_mode=3073 16777213 80 71 1214300 5368399 0 0
# compatibility_mode=5892 16776574 100 56 75597929 163310078 0 0
# compatibility_mode=8192 67108863 100 0 5459 5459 0 0
# scanned=48
# found=0
# cleaned=0
# scan_time=147
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5bf2475104c6684e9177af0f335dc3d7
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-05 06:02:12
# local_time=2012-01-05 07:02:12 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 1985489 100683073 1999191 0
# compatibility_mode=3073 16777213 80 71 1214637 5368736 0 0
# compatibility_mode=5892 16776574 100 56 75598266 163310415 0 0
# compatibility_mode=8192 67108863 100 0 5796 5796 0 0
# scanned=48
# found=0
# cleaned=0
# scan_time=23
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5bf2475104c6684e9177af0f335dc3d7
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-05 06:02:35
# local_time=2012-01-05 07:02:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 1985530 100683114 1999232 0
# compatibility_mode=3073 16777213 80 71 1214678 5368777 0 0
# compatibility_mode=5892 16776574 100 56 75598307 163310456 0 0
# compatibility_mode=8192 67108863 100 0 5837 5837 0 0
# scanned=48
# found=0
# cleaned=0
# scan_time=4
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5bf2475104c6684e9177af0f335dc3d7
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-05 06:03:00
# local_time=2012-01-05 07:03:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 1985553 100683137 1999255 0
# compatibility_mode=3073 16777213 80 71 1214701 5368800 0 0
# compatibility_mode=5892 16776574 100 56 75598330 163310479 0 0
# compatibility_mode=8192 67108863 100 0 5860 5860 0 0
# scanned=48
# found=0
# cleaned=0
# scan_time=7

cosinus · 05.01.2012, 21:51

Zitat:

C:\aoufhiusdfh\46F3A94C63D846E (Trojan.SpyEyes)

Wenn du auch noch andere Dinge erledigen willst als nur Zocken oder Solitär spielen wie zB E-Mails abrufen oder alles was Logins erfordert dann solltest du deine Daten sichern, den Rechner komplett plätten und eine Neuinstallation von Windows durchführen.
Anschließend auch sämtliche Passwörter ändern!!!

Mit komplett plätten wird gemeint: alle Partitionen auflösen, neu erstellen und formatieren. Helfen kann dabei ein Tool wie DBAN oder die Laufwerksverwaltung in einem Ubuntu im Ausprobiermodus.

Praktischerweise kann man mit diesem Live-Linux auch ziemlich gefahrlos all seine wichtigen Daten auf eine externe Platte sichern.
kopiere nur persönliche Dateien, Musik, Videos, etc. auf die Backupplatte, KEINE ausführbaren Dateien wie Programme/Spiele/Setups!!

Gorkamorka · 05.01.2012, 23:40

Ist also so schlimm ja ? Gibt es keine möglichkeit das Vieh auszumerzen ? Oder macht er einem nur vor das man ihn gelöscht hat? (Malwarebytes)
Ich habe noch ein Backup meiner Platte von Acronis True Image...würde das auch gehen ? Also alles in den Urzustand setzten ?

Danke schonmal im Voraus !

cosinus · 06.01.2012, 09:56

Zum Thema Datensicherung von infizierten Systemen; mach das über ne Live-CD wie Knoppix, Ubuntu (zweiter Link in meiner Signatur) oder über PartedMagic. Grund: Bei einem Live-System sind keine Schädlinge des infizierten Windows-Systems aktiv, damit ist dann auch eine negative Beeinflussung des Backups durch Schädlinge ausgeschlossen.

Du brauchst natürlich auch ein Sicherungsmedium, am besten dürfte eine externe Platte sein. Sofern du nicht allzuviel sichern musst, kann auch ein USB-Stick ausreichen.

Hier eine kurze Anleitung zu PartedMagic, funktioniert prinzipell so aber fast genauso mit allen anderen Live-Systemen auch.

1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 180 MB sein
2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows
3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist

4. Du müsstest ein Symbol "Mount Devices" finden, das doppelklicken
5. Mounte die Partitionen wo Windows installiert ist, meistens isses /dev/sda1 und natürlich noch etwaige andere Partitionen, wo noch Daten liegen und die gesichert werden müssen - natürlich auch die der externen Platte (du bekommmst nur Lese- und Schreibzugriffe auf die Dateisysteme, wenn diese gemountet sind)
6. Kopiere die Daten der internen Platte auf die externe Platte - kopiere nur persönliche Dateien, Musik, Videos, etc. auf die Backupplatte, KEINE ausführbaren Dateien wie Programme/Spiele/Setups!!
7. Wenn fertig, starte den Rechner neu, schalte die ext. Platte ab und boote von der Windows-DVD zur Neuinstallation (Anleitung beachten)

Gorkamorka · 06.01.2012, 13:59

Da du auf Acronis garnicht erst eingehst, nehme ich an das das nix ist ?! Die datei exestiert schon ne weile !

Das alle Programme mir nach Vollständigen Scans sagen das der PC frei ist hat nix zu beudeuten nehme ich auch an ?!
Wo liegt eigentlich der Unterschied bei dem Ding von Elen der ihr geholfen habt und mir ? Da unsere PC's die selben Symptome hatten ?!

cosinus · 06.01.2012, 15:10

Zitat:

Da du auf Acronis garnicht erst eingehst, nehme ich an das das nix ist ?!

Ja wenn dir das Image reicht dann nimm nur das

Woher soll ich wissen wie aktuell deine Daten sein müssen.

Ich schrieb immer nur wie man optimalerweise vorgeht wenn man noch Daten von einem infizeriten System aus sichern sollte

Windows findet keinen Speicherplatz,Festplatten nicht sichtbar,Trojaner,Malware

Log-Analyse und Auswertung: Windows findet keinen Speicherplatz,Festplatten nicht sichtbar,Trojaner,Malware