Windows findet keinen Speicherplatz,Festplatten nicht sichtbar,Trojaner,Malware

Gorkamorka · 04.01.2012, 15:38

Hallo Leute,
Hab das gleiche Problem wie User - Elen in ihrem Thema : http://www.trojaner-board.de/97710-t...cherplatz.html

Habe mir SUPERAntiSpyware gezogen und damit wenigstens verhindert das der PC runterfährt wenn man die Fake-Fehlermeldungen schließt.
Es wird zwar (soweit ich weis) alles wieder angezeigt, Ordner etc, aber trotzdem bin ich Skeptisch!
Was die Schritte angeht habe ich bis jetzt nur OTL und Defogger benutzt, so wie in der Checkliste. Bei all dem anderem warte ich lieber auf Eure Anweisungen! Habe meinem PC das Internet "entzogen" und benutze einen Laptop!

Hier die Logfiles der Progs : (Finde das Logfile von S-A-Spyware nicht)

OTL logfile created on: 04.01.2012 15:12:11 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Shadow\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,08% Memory free
8,23 Gb Paging File | 7,01 Gb Available in Paging File | 85,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 247,41 Gb Free Space | 53,12% Space Free | Partition Type: NTFS
Drive D: | 186,31 Gb Total Space | 118,60 Gb Free Space | 63,66% Space Free | Partition Type: NTFS
Drive G: | 1,96 Gb Total Space | 1,93 Gb Free Space | 98,46% Space Free | Partition Type: FAT

Computer Name: PHANTOM | User Name: Shadow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Shadow\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Internet\Ad-Aware\AWSC.exe ()
PRC - C:\Phantom\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Phantom\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ASUS\AASP\1.00.45\aaCenter.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\ASUS\AASP\1.00.45\aaCenter.exe ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.45\PowerDll.dll ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.45\cpuutil.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (cmdAgent) -- C:\Internet\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TunngleService) -- C:\Internet\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Internet\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Hamachi2Svc) -- C:\Internet\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirService) -- C:\Phantom\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Phantom\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TomTomHOMEService) -- C:\Phantom\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (TuneUp.UtilitiesSvc) -- C:\Phantom\TuneUp_2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (SSScsiSV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\Drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\DRIVERS\tap0901t.sys (Tunngle.net)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174) -- C:\Windows\SysNative\DRIVERS\tdrpm174.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\DRIVERS\timntr.sys (Acronis)
DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys (Acronis)
DRV:64bit: - (snapman380) Acronis Snapshots Manager (Build 380) -- C:\Windows\SysNative\DRIVERS\snman380.sys (Acronis)
DRV:64bit: - (48728) -- C:\Windows\SysNative\48728.sys ()
DRV:64bit: - (usbser) -- C:\Windows\SysNative\DRIVERS\usbser.sys (Microsoft Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\SysNative\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV:64bit: - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\Windows\SysNative\drivers\sfdrv01a.sys (Protection Technology (StarForce))
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (vcd10bus) -- C:\Windows\SysNative\DRIVERS\vcd10bus.sys (H+H Software GmbH)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (AMD, Inc.)
DRV:64bit: - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV:64bit: - (vcd9bus) -- C:\Windows\SysNative\DRIVERS\vcd9bus.sys (H+H Software GmbH)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (TuneUpUtilitiesDrv) -- C:\Phantom\TuneUp_2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) -- C:\Grafik\PowerDVD\000.fcl (Cyberlink Corp.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (usbhub) -- C:\Windows\SysWOW64\drivers\usbhub.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "yahoo.de"
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}:5.0.13
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.11
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.4.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Grafik\Real\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Grafik\Real\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Grafik\Real\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.18 20:09:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.18 20:09:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Internet\FireFox\components [2020.01.18 14:05:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Internet\FireFox\plugins [2011.10.24 20:10:58 | 000,000,000 | ---D | M]

[2011.10.02 07:02:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Extensions
[2010.02.24 19:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010.05.03 19:40:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011.10.02 07:02:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Extensions\prism@developer.mozilla.org
[2011.12.08 20:55:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\extensions
[2011.12.08 20:55:13 | 000,000,000 | ---D | M] (Winload) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.12.08 21:29:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\h621le6t.default\extensions
[2010.04.30 17:23:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\h621le6t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.16 21:55:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\h621le6t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.12.28 23:10:02 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\h621le6t.default\extensions\2020Player@2020Technologies.com
[2010.04.05 06:13:00 | 000,000,000 | ---D | M] (Ovi maps browser plugin) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\h621le6t.default\extensions\maps@ovi.com
[2010.07.30 05:51:24 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\h621le6t.default\extensions\YoutubeDownloader@PeterOlayev.com
[2011.12.08 21:09:53 | 000,000,907 | ---- | M] () -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\h621le6t.default\searchplugins\conduit.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\h621le6t.default\searchplugins\icqplugin.xml
[2009.08.13 22:06:22 | 000,000,000 | ---D | M] (Java Console) -- C:\INTERNET\FIREFOX\EXTENSIONS\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
[2010.05.03 19:40:10 | 000,000,000 | ---D | M] (Java Console) -- C:\INTERNET\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

O1 HOSTS File: ([2012.01.03 21:23:25 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Phantom\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Phantom\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Internet\ICQ 7.5\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Internet\ICQ 7.5\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Phantom\Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab (Java Plug-in 1.5.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03C08226-5055-40B6-9990-A4CEC205E0FB}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EE415C3-186D-4613-81DA-0A4A2687C3FB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Shadow\Pictures\wallpaper-850185.jpg
O24 - Desktop BackupWallPaper: C:\Users\Shadow\Pictures\wallpaper-850185.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{12f949c5-bcdb-11de-82bf-001e8c4afa0c}\Shell - "" = AutoRun
O33 - MountPoints2\{12f949c5-bcdb-11de-82bf-001e8c4afa0c}\Shell\AutoRun\command - "" = F:\steambackup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

MsConfig:64bit - State: "services" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2020.01.18 08:52:24 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\LAG
[2020.01.18 08:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\LAG
[2012.01.03 21:55:54 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Roaming\SUPERAntiSpyware.com
[2012.01.03 21:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.01.03 21:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.01.03 21:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.01.03 21:23:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.03 21:13:16 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Shadow\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.03 21:13:16 | 004,367,676 | ---- | C] (Swearware) -- C:\Users\Shadow\Desktop\cofi.exe
[2012.01.03 21:13:16 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Shadow\Desktop\tdsskiller.exe
[2012.01.03 21:13:15 | 013,794,984 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Shadow\Desktop\SUPERAntiSpyware.exe
[2012.01.03 21:13:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Shadow\Desktop\OTL.exe
[2012.01.01 07:51:35 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Roaming\Petroglyph
[2011.12.31 08:50:55 | 000,000,000 | ---D | C] -- C:\Users\Shadow\Documents\Red Alert 3
[2011.12.31 08:38:28 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Roaming\Red Alert 3
[2011.12.27 15:01:06 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\AliensVsPredator
[2011.12.20 20:00:29 | 000,000,000 | ---D | C] -- C:\Users\Shadow\Desktop\GAS
[2011.12.17 18:57:50 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\LucasArts
[2011.12.09 12:53:16 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\Skyrim
[2011.12.08 20:55:07 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\Conduit
[2011.12.08 20:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011.12.08 15:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.12.08 15:41:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011.12.08 15:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[1 C:\Users\Shadow\*.tmp files -> C:\Users\Shadow\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2040.08.13 19:21:05 | 000,006,136 | ---- | M] () -- C:\Users\Shadow\AppData\Local\TimerStop64.sys
[2012.01.04 15:10:24 | 001,474,544 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.04 15:10:24 | 000,639,210 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.04 15:10:24 | 000,604,804 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.04 15:10:24 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.04 15:10:24 | 000,108,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.04 15:05:32 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.01.04 15:05:12 | 000,003,392 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.04 15:05:12 | 000,003,392 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.04 15:05:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.03 22:31:37 | 000,001,622 | ---- | M] () -- C:\Users\Shadow\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.01.03 21:55:28 | 000,001,763 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.03 21:42:12 | 000,000,000 | ---- | M] () -- C:\Users\Shadow\defogger_reenable
[2012.01.03 21:38:58 | 000,050,477 | ---- | M] () -- C:\Users\Shadow\Desktop\Defogger.exe
[2012.01.03 21:30:56 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.01.03 21:30:56 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.01.03 20:18:26 | 013,794,984 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Shadow\Desktop\SUPERAntiSpyware.exe
[2012.01.03 20:16:12 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Shadow\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.03 20:14:44 | 000,080,384 | ---- | M] () -- C:\Users\Shadow\Desktop\MBRCheck.exe
[2012.01.03 20:03:20 | 004,367,676 | ---- | M] (Swearware) -- C:\Users\Shadow\Desktop\cofi.exe
[2012.01.03 20:02:12 | 000,684,297 | ---- | M] () -- C:\Users\Shadow\Desktop\unhide.exe
[2012.01.03 19:49:16 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Shadow\Desktop\tdsskiller.exe
[2012.01.03 19:47:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Shadow\Desktop\OTL.exe
[2012.01.02 20:29:03 | 000,061,065 | ---- | M] () -- C:\Users\Shadow\Documents\Bank of Scottland.pdf
[2012.01.01 07:50:55 | 000,000,715 | ---- | M] () -- C:\Users\Shadow\Desktop\sweaw.lnk
[2011.12.31 08:38:24 | 000,000,040 | ---- | M] () -- C:\ProgramData\ra3.ini
[2011.12.28 18:44:34 | 000,012,480 | ---- | M] () -- C:\Users\Shadow\Documents\Vertragswerte_28122011_1844.pdf
[2011.12.28 18:43:17 | 000,117,099 | ---- | M] () -- C:\Users\Shadow\Documents\Verbraucherinformationen_Tagesgeld_online.pdf
[2011.12.28 18:41:12 | 000,140,368 | ---- | M] () -- C:\Users\Shadow\Documents\Bedingungen_fuer_die_Nutzung_des_Elektronischen_Kontoauszugs.pdf
[2011.12.28 18:41:06 | 000,137,048 | ---- | M] () -- C:\Users\Shadow\Documents\Bedingungen_fuer_die_Nutzung_des_Elektronischen_Postfachs.pdf
[2011.12.28 18:40:58 | 000,156,810 | ---- | M] () -- C:\Users\Shadow\Documents\Bedingungen_Online-Banking.pdf
[2011.12.28 18:40:48 | 000,201,080 | ---- | M] () -- C:\Users\Shadow\Documents\Tagesgeldkonto.pdf
[2011.12.25 09:50:30 | 000,000,910 | ---- | M] () -- C:\Users\Shadow\Desktop\SupremeCommander.lnk
[2011.12.23 10:52:59 | 000,260,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.19 19:59:06 | 000,022,696 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2011.12.19 19:58:57 | 000,041,200 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2011.12.19 19:58:55 | 000,301,224 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2011.12.19 19:58:54 | 000,389,840 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2011.12.19 17:30:53 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.12.17 20:09:13 | 000,000,718 | ---- | M] () -- C:\Users\Shadow\Desktop\LEGOStarWarsSaga.lnk
[2011.12.16 15:57:46 | 000,000,807 | ---- | M] () -- C:\Users\Shadow\Desktop\Sniper Ghost Warrior.lnk
[2011.12.15 22:07:12 | 000,281,656 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.12.15 22:07:12 | 000,281,656 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.15 21:49:51 | 000,281,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.12.15 20:56:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.09 20:32:08 | 000,000,707 | ---- | M] () -- C:\Users\Shadow\Desktop\SkyrimLauncher.lnk
[2011.12.06 15:33:55 | 000,000,682 | ---- | M] () -- C:\Users\Shadow\Desktop\AssassinsCreed_Dx10.lnk
[1 C:\Users\Shadow\*.tmp files -> C:\Users\Shadow\*.tmp -> ]

========== Files Created - No Company Name ==========

[2040.08.13 19:21:05 | 000,006,136 | ---- | C] () -- C:\Users\Shadow\AppData\Local\TimerStop64.sys
[2012.01.04 15:05:31 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.01.03 22:31:37 | 000,001,622 | ---- | C] () -- C:\Users\Shadow\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.01.03 21:55:28 | 000,001,763 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.03 21:42:12 | 000,000,000 | ---- | C] () -- C:\Users\Shadow\defogger_reenable
[2012.01.03 21:41:22 | 000,050,477 | ---- | C] () -- C:\Users\Shadow\Desktop\Defogger.exe
[2012.01.03 21:13:16 | 000,684,297 | ---- | C] () -- C:\Users\Shadow\Desktop\unhide.exe
[2012.01.03 21:13:16 | 000,080,384 | ---- | C] () -- C:\Users\Shadow\Desktop\MBRCheck.exe
[2012.01.02 20:29:03 | 000,061,065 | ---- | C] () -- C:\Users\Shadow\Documents\Bank of Scottland.pdf
[2012.01.01 07:50:55 | 000,000,715 | ---- | C] () -- C:\Users\Shadow\Desktop\sweaw.lnk
[2011.12.31 08:38:24 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011.12.28 18:44:34 | 000,012,480 | ---- | C] () -- C:\Users\Shadow\Documents\Vertragswerte_28122011_1844.pdf
[2011.12.28 18:43:17 | 000,117,099 | ---- | C] () -- C:\Users\Shadow\Documents\Verbraucherinformationen_Tagesgeld_online.pdf
[2011.12.28 18:41:12 | 000,140,368 | ---- | C] () -- C:\Users\Shadow\Documents\Bedingungen_fuer_die_Nutzung_des_Elektronischen_Kontoauszugs.pdf
[2011.12.28 18:41:06 | 000,137,048 | ---- | C] () -- C:\Users\Shadow\Documents\Bedingungen_fuer_die_Nutzung_des_Elektronischen_Postfachs.pdf
[2011.12.28 18:40:58 | 000,156,810 | ---- | C] () -- C:\Users\Shadow\Documents\Bedingungen_Online-Banking.pdf
[2011.12.28 18:40:48 | 000,201,080 | ---- | C] () -- C:\Users\Shadow\Documents\Tagesgeldkonto.pdf
[2011.12.25 09:50:01 | 000,000,910 | ---- | C] () -- C:\Users\Shadow\Desktop\SupremeCommander.lnk
[2011.12.17 20:09:13 | 000,000,718 | ---- | C] () -- C:\Users\Shadow\Desktop\LEGOStarWarsSaga.lnk
[2011.12.16 15:57:46 | 000,000,807 | ---- | C] () -- C:\Users\Shadow\Desktop\Sniper Ghost Warrior.lnk
[2011.12.09 20:32:08 | 000,000,707 | ---- | C] () -- C:\Users\Shadow\Desktop\SkyrimLauncher.lnk
[2011.12.06 15:33:55 | 000,000,682 | ---- | C] () -- C:\Users\Shadow\Desktop\AssassinsCreed_Dx10.lnk
[2011.11.20 16:51:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.10.25 21:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.10.19 22:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.04 16:43:20 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.09.04 16:43:20 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.08.29 19:39:39 | 000,000,067 | ---- | C] () -- C:\Windows\FinalSun.ini
[2011.06.26 11:37:39 | 000,080,256 | ---- | C] () -- C:\Windows\SysWow64\ezGOSvc.dll
[2011.05.29 20:25:03 | 000,000,680 | ---- | C] () -- C:\Users\Shadow\AppData\Local\d3d9caps.dat
[2011.05.29 07:53:56 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.05.26 18:03:55 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.05.19 21:11:02 | 000,000,221 | ---- | C] () -- C:\Windows\YODESK.INI
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.10.29 16:44:15 | 002,506,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_new_5-9-08.exe
[2010.07.21 17:23:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2010.06.14 10:35:00 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.05.11 17:19:42 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.05.11 17:19:42 | 000,013,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.05.11 17:19:41 | 000,012,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010.05.11 17:19:41 | 000,010,304 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010.05.02 12:33:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.04.12 19:12:27 | 002,407,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe
[2010.03.28 21:27:08 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.03.20 13:33:06 | 000,000,094 | ---- | C] () -- C:\Users\Shadow\AppData\Local\fusioncache.dat
[2010.03.20 13:32:23 | 001,477,406 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.01.05 20:59:45 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.01.05 20:59:11 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.01.05 20:59:11 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009.12.28 23:23:00 | 000,000,635 | ---- | C] () -- C:\Windows\Sta2.INI
[2009.12.27 21:53:17 | 000,001,442 | ---- | C] () -- C:\Windows\eReg.dat
[2009.10.15 21:36:31 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.08.18 22:08:09 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2009.08.16 18:41:46 | 000,131,797 | ---- | C] () -- C:\Windows\hpoins14.dat
[2009.08.16 18:41:46 | 000,001,996 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2009.08.15 00:09:54 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2009.08.14 22:54:35 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.08.13 22:08:29 | 000,087,040 | ---- | C] () -- C:\Windows\SysWow64\TrayIcon12.dll
[2009.08.13 22:08:29 | 000,061,952 | ---- | C] () -- C:\Windows\SysWow64\ajnetmask.dll
[2009.08.13 21:21:27 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.13 18:23:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.08.13 18:23:04 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.08.13 18:22:52 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.08.13 18:22:52 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.08.13 15:09:43 | 000,120,320 | ---- | C] () -- C:\Users\Shadow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.13 14:53:52 | 000,002,188 | ---- | C] () -- C:\Users\Shadow\AppData\Local\d3d9caps64.dat
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\MMSwitch.dll
[2005.10.14 11:56:48 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\MMAVILNG.exe
[1999.01.27 12:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\indounin.dll
[1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll

========== LOP Check ==========

[2011.11.21 17:37:45 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\.minecraft
[2009.08.14 22:55:12 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\ACD Systems
[2009.08.13 23:57:24 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Acronis
[2011.08.30 12:02:44 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2011.07.09 13:37:44 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009.08.14 20:11:45 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Dr. DivX 2.0 OSS
[2010.04.23 17:15:19 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.14 13:34:35 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Hothead Games
[2011.05.10 16:42:12 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\ICQ
[2010.11.04 22:52:22 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Leadertech
[2011.01.18 20:09:53 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Local
[2011.07.30 14:52:27 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Need for Speed World
[2010.04.05 06:06:18 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\PC Suite
[2012.01.01 07:51:35 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Petroglyph
[2011.09.01 12:44:18 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Qoqey
[2010.10.30 12:24:05 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Quest3D
[2011.12.31 08:49:56 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Red Alert 3
[2010.10.30 12:24:05 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Roaming
[2009.08.13 21:45:38 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\SpeedProject
[2011.11.04 12:55:10 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\SPORE
[2011.06.28 17:11:39 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Star Trek Armada II Fleet Operations
[2009.08.13 18:41:24 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\TMP
[2010.07.26 18:35:48 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\TomTom
[2010.08.12 22:38:08 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\TS3Client
[2010.12.06 18:27:31 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\TuneUp Software
[2011.12.30 15:23:30 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Tunngle
[2011.12.05 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Ubisoft
[2011.09.08 17:53:29 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Vitu
[2011.01.12 23:04:06 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Watchtower
[2011.07.21 18:27:02 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\XRay Engine
[2012.01.04 15:05:32 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.01.04 15:04:19 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2010.12.06 18:28:37 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.10.15 14:43:23 | 000,000,000 | ---D | M] -- C:\aoufhiusdfh
[2011.09.15 15:41:33 | 000,000,000 | ---D | M] -- C:\ATI
[2011.12.23 10:38:14 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.09.01 21:48:33 | 000,000,000 | ---D | M] -- C:\Brenner
[2011.11.03 09:04:15 | 000,000,000 | ---D | M] -- C:\Grafik
[2011.12.08 21:06:46 | 000,000,000 | ---D | M] -- C:\Internet
[2011.02.17 09:50:34 | 000,000,000 | R--D | M] -- C:\MSOCache
[2008.01.21 04:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.05.26 13:55:14 | 000,000,000 | ---D | M] -- C:\Phantom
[2012.01.03 21:55:27 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.08 21:09:13 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.01.03 22:00:40 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.10.12 16:37:24 | 000,000,000 | ---D | M] -- C:\Recycle.Bin
[2011.12.30 17:20:35 | 000,000,000 | ---D | M] -- C:\Spiele
[2012.01.04 15:13:08 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.25 09:48:52 | 000,000,000 | ---D | M] -- C:\Temp
[2011.12.08 20:55:07 | 000,000,000 | ---D | M] -- C:\Users
[2012.01.03 21:29:59 | 000,000,000 | ---D | M] -- C:\Windows
[2012.01.03 21:23:25 | 000,000,000 | ---D | M] -- C:\_OTL

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >

< MD5 for: AFD.SYS >
[2011.04.21 15:20:24 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=0CC146C4ADDEA45791B18B1E2659F4A9 -- C:\Windows\SysNative\drivers\afd.sys
[2011.04.21 15:20:24 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=0CC146C4ADDEA45791B18B1E2659F4A9 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_35be4fb214130ed1\afd.sys
[2009.04.10 21:44:26 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=12415CCFD3E7CEC55B5184E67B039FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_35f2572213ec5bd2\afd.sys
[2011.04.21 14:54:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=7B8E5F3A0626CA83B706F0738830845F -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_366a5ebb2d168a9d\afd.sys
[2011.04.21 14:42:48 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=9BB97042FA331A0FB4BDD98B9280A50A -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_33ef7c5016dab752\afd.sys
[2011.04.21 14:47:41 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B53144D2EBB0843DD0436F5EA6953F65 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_34958b832fe3983b\afd.sys
[2008.01.21 03:48:18 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=DB37041AB857ABC7E179E856D8E1582C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_3406de1616ca9086\afd.sys

< MD5 for: EXPLORER.EXE >
[2009.04.10 23:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.10 23:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.01.21 03:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 03:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 03:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WININIT.EXE >
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.10 23:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.10 23:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP

06A4C76

< End of report >

__________________Extra Log______________________________________

OTL Extras logfile created on: 04.01.2012 15:17:11 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Shadow\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,35 Gb Available Physical Memory | 83,88% Memory free
8,17 Gb Paging File | 7,68 Gb Available in Paging File | 94,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 250,25 Gb Free Space | 53,73% Space Free | Partition Type: NTFS
Drive D: | 186,31 Gb Total Space | 118,60 Gb Free Space | 63,66% Space Free | Partition Type: NTFS
Drive G: | 1,96 Gb Total Space | 1,93 Gb Free Space | 98,46% Space Free | Partition Type: FAT

Computer Name: PHANTOM | User Name: Shadow | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Internet\FireFox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Phantom\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Phantom\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Phantom\WinAmp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Phantom\WinAmp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Phantom\WinAmp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Phantom\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Phantom\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Phantom\WinAmp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Phantom\WinAmp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Phantom\WinAmp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 1
"AntiSpyWareDisableNotify" = 1
"InternetSettingsDisableNotify" = 0
"UacDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = A5 60 8E 6E 3C 1C CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2923808587-2242505919-1898164138-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BE9F0B8-FF3D-5CAA-9BF2-CB6F3DF75D3B}" = ccc-utility64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
"{52FB2985-F3AD-DAA7-7645-4E38A5B96E17}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.5.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SpeedCommander 12 (x64)" = SpeedCommander 12 (x64)
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1BF82343-8EE6-8B76-90CF-31059B9D1842}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{31B5B620-CA8A-4F99-A64E-7DDB3D1BBB69}_is1" = appleJuice Client
"{3248F0A8-6813-11D6-A77B-00B0D0150130}" = J2SE Runtime Environment 5.0 Update 13
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4038EAF0-6F8E-4068-88F6-A417958B8AC5}" = PDF Manual NW-E010 Series
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{54510837-257F-4E9A-B359-731000028301}" = Red Faction: Guerrilla
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59E04C6D-9EE0-4F70-9358-62108888C719}" = 2010 DR PEPPER EA GAMES EVERY BOTTLE/CUP WINS PROMOTION
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = Saboteur™
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70C3CC75-9E14-D215-8FAD-5ABEAE3125D9}" = Catalyst Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8F2754CA-B124-4530-9542-00FE699EA8FD}" = Watchtower Library 2010 - Deutsch
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{975E4CAE-D408-48DA-9346-65D7DB72B7DE}" = Hama Double Action Air Grip
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A588FF79-CFDD-4FB1-B2D3-FED2DC884B52}" = Watchtower Library 2009 - Deutsch
"{A837BCE6-BCB1-4A44-8807-A678EAF06933}" = ANNO 1404 Entwickler-Tools
"{AA2E6BFE-4351-481C-A720-47CB3506570B}" = ACDSee 8
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD095458-EFF3-46CB-8BE4-DC1675FB8B49}" = Relentless Software Prerequisites
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Essentials
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E5297029-A17F-4520-BF1E-41D48731B8CB}_is1" = WinTimeKill 3.1
"{E9A1960E-7756-2299-C700-DC7CA6EDD6E4}" = Catalyst Control Center InstallProxy
"{E9D98510-A8B6-E39C-B8BA-BA9A511E040C}" = Catalyst Control Center Graphics Previews Common
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F00C56DC-3121-42BC-A4CB-9233D2265EB5}_is1" = Fleet Operations version 3.2.3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CDex" = CDex extraction audio
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DivX Setup.divx.com" = DivX-Setup
"eMule MorphXT_is1" = eMule MorphXT 12.6
"eMule_is1" = morphemuleversion
"ICQToolbar" = ICQ Toolbar
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD Ultra
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"LogMeIn Hamachi" = LogMeIn Hamachi
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.5.6
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Recovery Toolbox for RAR_is1" = Recovery Toolbox for RAR 1.1
"Sniper Ghost Warrior Update 3_is1" = Sniper Ghost Warrior Update 3
"Steam App 17480" = Command and Conquer: Red Alert 3
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 24200" = DC Universe Online
"Steam App 24790" = Command and Conquer 3: Tiberium Wars
"Steam App 24810" = Command and Conquer 3: Kane's Wrath
"Steam App 40100" = Supreme Commander 2
"Steam App 440" = Team Fortress 2
"Steam App 4560" = Company of Heroes
"Steam App 620" = Portal 2
"Steam App 65800" = Dungeon Defenders
"TomTom HOME" = TomTom HOME 2.8.2.2264
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Tunngle beta_is1" = Tunngle beta
"Winamp" = Winamp (remove only)
"WinLiveSuite_Wave3" = Windows Live Essentials
"xp-AntiSpy" = xp-AntiSpy 3.97-8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dr. DivX 2.0 OSS" = Dr. DivX 2.0 OSS
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24.09.2010 06:53:57 | Computer Name = Phantom | Source = WinMgmt | ID = 10
Description =

Error - 24.09.2010 07:20:48 | Computer Name = Phantom | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cfp.exe, Version 4.1.18600.916, Zeitstempel
0x4c054785, fehlerhaftes Modul msxml3.dll, Version 8.100.5003.0, Zeitstempel 0x4c1266a0,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000006ee6, Prozess-ID 0x880, Anwendungsstartzeit
01cb5bda84092518.

Error - 24.09.2010 07:21:21 | Computer Name = Phantom | Source = WinMgmt | ID = 10
Description =

Error - 24.09.2010 07:23:56 | Computer Name = Phantom | Source = WinMgmt | ID = 10
Description =

Error - 24.09.2010 15:35:05 | Computer Name = Phantom | Source = WinMgmt | ID = 10
Description =

Error - 24.09.2010 15:36:09 | Computer Name = Phantom | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cfp.exe, Version 4.1.18600.916, Zeitstempel
0x4c054785, fehlerhaftes Modul msxml3.dll, Version 8.100.5003.0, Zeitstempel 0x4c1266a0,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001166, Prozess-ID 0x8b0, Anwendungsstartzeit
01cb5c1fba0392c8.

Error - 24.09.2010 15:36:59 | Computer Name = Phantom | Source = WinMgmt | ID = 10
Description =

Error - 24.09.2010 15:38:37 | Computer Name = Phantom | Source = WinMgmt | ID = 10
Description =

Error - 24.09.2010 16:38:20 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 25.09.2010 03:14:54 | Computer Name = Phantom | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Spiele\SoftonicDownloader49884.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

[ System Events ]
Error - 03.01.2012 16:12:19 | Computer Name = Phantom | Source = Service Control Manager | ID = 7001
Description =

Error - 03.01.2012 16:12:19 | Computer Name = Phantom | Source = Service Control Manager | ID = 7026
Description =

Error - 03.01.2012 16:12:23 | Computer Name = Phantom | Source = DCOM | ID = 10005
Description =

Error - 03.01.2012 16:12:24 | Computer Name = Phantom | Source = DCOM | ID = 10005
Description =

Error - 03.01.2012 16:12:24 | Computer Name = Phantom | Source = DCOM | ID = 10005
Description =

Error - 03.01.2012 16:12:24 | Computer Name = Phantom | Source = DCOM | ID = 10005
Description =

Error - 03.01.2012 16:12:24 | Computer Name = Phantom | Source = Service Control Manager | ID = 7001
Description =

Error - 03.01.2012 16:12:24 | Computer Name = Phantom | Source = Service Control Manager | ID = 7001
Description =

Error - 03.01.2012 16:12:57 | Computer Name = Phantom | Source = Service Control Manager | ID = 7001
Description =

Error - 03.01.2012 16:12:58 | Computer Name = Phantom | Source = Service Control Manager | ID = 7001
Description =

[ TuneUp Events ]
Error - 30.12.2011 12:11:55 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 30.12.2011 19:22:30 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 31.12.2011 04:28:02 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 01.01.2012 03:02:52 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 01.01.2012 05:37:56 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 01.01.2012 10:20:42 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 01.01.2012 16:26:05 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 02.01.2012 11:47:01 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 02.01.2012 14:39:39 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 03.01.2012 12:05:47 | Computer Name = Phantom | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

< End of report >

Windows findet keinen Speicherplatz,Festplatten nicht sichtbar,Trojaner,Malware

Log-Analyse und Auswertung: Windows findet keinen Speicherplatz,Festplatten nicht sichtbar,Trojaner,Malware

Windows findet keinen Speicherplatz,Festplatten nicht sichtbar,Trojaner,Malware

Ähnliche Themen: Windows findet keinen Speicherplatz,Festplatten nicht sichtbar,Trojaner,Malware