Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: 95p.com Plage

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.01.2012, 01:45   #1
ArcKitten
 
95p.com Plage - Standard

95p.com Plage



So nach viel Zeitaufwand und lesen von über 1000 Textzeilen...Wieder ein nerviger Virus der uns viel Freude verschafft, ich weis das vllt ein weiterer Post hier unnötig erscheint aber nachdem ich verschiedene Meinungen gelesen hab und mein Freund dessen PC grad infiziert ist und von dem ich aus tippe net den PC neu aufsetzen will...hier ein paar Logs
Danke im Vorraus und verzeihung für die Belästigung mit dem Thema.
Angehängte Dateien
Dateityp: txt ESET.txt (1,0 KB, 206x aufgerufen)
Dateityp: txt mbam-log-2012-01-05 (00-52-38).txt (3,2 KB, 145x aufgerufen)

Alt 05.01.2012, 01:48   #2
ArcKitten
 
95p.com Plage - Standard

95p.com Plage



Und weil net alle Logs draufpassten...

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.01.2012 00:39:55 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Shadow\Documents
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,53 Gb Available Physical Memory | 69,21% Memory free
15,97 Gb Paging File | 13,08 Gb Available in Paging File | 81,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863,01 Gb Total Space | 1756,92 Gb Free Space | 94,31% Space Free | Partition Type: NTFS
 
Computer Name: SHADOW-PC | User Name: Shadow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Shadow\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Users\Shadow\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
PRC - C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe (ESET)
PRC - C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe ()
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-52.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-52.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-50.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll ()
MOD - C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe ()
MOD - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PhoneUpdate.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe ()
MOD - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\TMonitorAPI.dll ()
MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL ()
MOD - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\Report.dll ()
MOD - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\VObject.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (cmdagent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (CyberLink PowerDVD 11.0 Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (CyberLink)
SRV - (CyberLink PowerDVD 11.0 Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
SRV - (CLHNServiceForPowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WCUService_STC_FF) -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe (Splashtop Inc.)
SRV - (WCUService_STC_IE) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe (Splashtop Inc.)
SRV - (SCBackService) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Smart TimeLock) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (ntk_PowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys (Cyberlink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_Prot
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 84 CC 0B 9B 99 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.msn.com/?ocid=iehp"
FF - prefs.js..extensions.enabledItems: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351}:3.7
FF - prefs.js..extensions.stconnect.backup.keyword.URL: "splashtop:search?"
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2011.11.02 21:41:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2011.11.02 21:41:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d9284e50-81fc-11da-a72b-0800200c9a66}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2011.11.02 21:41:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.05 00:04:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.05 00:04:03 | 000,000,000 | ---D | M]
 
[2011.11.02 21:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shadow\AppData\Roaming\mozilla\Extensions
[2012.01.05 00:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shadow\AppData\Roaming\mozilla\Firefox\Profiles\zccwybjr.default\extensions
[2012.01.04 23:46:45 | 000,000,000 | ---D | M] (Personas Rotator) -- C:\Users\Shadow\AppData\Roaming\mozilla\Firefox\Profiles\zccwybjr.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
[2011.11.05 11:32:08 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Shadow\AppData\Roaming\mozilla\Firefox\Profiles\zccwybjr.default\extensions\DefaultManager@Microsoft
[2012.01.05 00:02:37 | 000,001,832 | ---- | M] () -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\zccwybjr.default\searchplugins\bing-1.xml
[2011.11.02 21:43:27 | 000,001,747 | ---- | M] () -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\zccwybjr.default\searchplugins\bing.xml
[2011.11.02 21:43:27 | 000,002,187 | ---- | M] () -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\zccwybjr.default\searchplugins\google.xml
[2011.11.02 21:43:27 | 000,001,020 | ---- | M] () -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\zccwybjr.default\searchplugins\yahoo.xml
[2012.01.05 00:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.04 23:46:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.06.16 05:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Shadow\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [MediaGet2] C:\Users\Shadow\AppData\Local\MediaGet2\mediaget.exe --minimized File not found
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Programme\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Shadow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8097F8EF-5ABB-4564-BE8F-B75721261B08}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{babff960-1c31-11e1-b305-50e54931a315}\Shell - "" = AutoRun
O33 - MountPoints2\{babff960-1c31-11e1-b305-50e54931a315}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.05 00:38:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Shadow\Documents\OTL.exe
[2012.01.05 00:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.01.05 00:36:09 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Shadow\Documents\esetsmartinstaller_enu.exe
[2012.01.05 00:32:54 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Shadow\Documents\tdsskiller.exe
[2012.01.05 00:30:08 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Roaming\Malwarebytes
[2012.01.05 00:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.05 00:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.05 00:30:00 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.05 00:30:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.05 00:29:24 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Shadow\Documents\mbam-setup-1.60.0.1800.exe
[2012.01.05 00:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2012.01.05 00:01:51 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{1552EE5F-9ABF-4D4B-BCD8-FC0EB3B833F0}
[2012.01.05 00:01:40 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{F8B921D6-652C-4593-B313-689373466B11}
[2012.01.04 23:49:32 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{05A0FB20-79B2-4064-BC75-20D95737C4F3}
[2012.01.04 22:19:24 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012.01.04 21:48:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2012.01.04 21:48:29 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Roaming\PC Tools
[2012.01.04 21:48:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012.01.04 21:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012.01.04 12:56:19 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{E959A525-935D-4A52-A948-CB2F2D834CA5}
[2012.01.04 12:55:57 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{3E088277-9664-480B-95EF-B9F985F80391}
[2012.01.04 01:47:27 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012.01.04 01:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.01.04 01:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.01.04 00:55:32 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{CC3DD2ED-6392-4634-872B-157A1AF3A9A1}
[2012.01.04 00:55:11 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{95B0D545-C7EB-4BDD-BC79-54123206F4B0}
[2012.01.03 19:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2012.01.03 18:23:31 | 000,000,000 | ---D | C] -- C:\Users\Shadow\Documents\My Games
[2012.01.03 12:54:47 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{2262EE8E-EB2F-4631-BC15-47916027E0DA}
[2012.01.03 00:54:25 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{C3BDBA2E-77A6-402E-8775-9214C09F706A}
[2012.01.03 00:54:04 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{994B9451-2CC1-47C1-BA2E-A62EAFB439BA}
[2012.01.02 16:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Intenium
[2012.01.02 14:49:10 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Roaming\Alawar Entertainment
[2012.01.02 12:53:17 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{3DF93B57-6492-4214-9083-E89A0E376F17}
[2012.01.02 12:53:07 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{AFFCB2BE-4D29-429A-AA1D-6B2E8F2F4726}
[2011.12.29 10:42:30 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{1307F123-6F86-4977-90DA-140B904D224C}
[2011.12.29 10:42:19 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{F617E36F-774C-4DF8-8C0A-9B76ED5A7991}
[2011.12.26 19:12:32 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{D25FC9B7-8424-45C4-B7DF-B935202D3EBC}
[2011.12.26 19:12:10 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{5060D417-6263-4169-AF03-874D67E6B425}
[2011.12.25 14:25:29 | 000,000,000 | ---D | C] -- C:\Users\Shadow\Desktop\ULES01213
[2011.12.25 13:39:19 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{0CCAC6C6-630B-4A5A-8E16-E339D3BF1B2B}
[2011.12.25 13:39:08 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{7BB45D96-0B07-4428-A188-F5C8F02017E1}
[2011.12.24 18:36:32 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{49D18AB4-A84D-413A-BF11-C4C14D968C45}
[2011.12.24 18:36:11 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{6B3C682A-3A27-4576-9207-11C3C409BAE2}
[2011.12.24 06:35:46 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{216B875B-B934-4A06-B270-3EE48337DE48}
[2011.12.23 19:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pinball
[2011.12.23 18:35:12 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{117C5B62-258B-4794-8023-CC91EE9ECDD9}
[2011.12.23 18:35:00 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{2C1D6043-3B72-4308-B906-F017D26A062E}
[2011.12.18 12:47:16 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{F71B12C7-9874-47E3-BDEE-F17DFF9CEBE1}
[2011.12.18 12:47:03 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{84B15BE3-240B-4B21-9937-CFD7056629B9}
[2011.12.17 13:04:43 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{019945CE-A302-4030-AA5F-30AAEFDE6CE0}
[2011.12.17 13:04:33 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{7B2D6771-A448-48CA-B13E-1E55D92AAE0F}
[2011.12.17 00:38:20 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{DF59E8B4-E564-4A3B-9291-406C0077170D}
[2011.12.17 00:38:09 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{3C6787AD-002C-4786-8552-5AFF1B2CA1E3}
[2011.12.15 20:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011.12.15 20:29:40 | 000,839,680 | ---- | C] (hxxp://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2011.12.15 20:29:40 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2011.12.15 20:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2011.12.15 19:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.12.15 19:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011.12.15 19:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.12.15 19:42:50 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{BB96657F-B987-4ECA-AFD0-53AD5A2850A8}
[2011.12.15 19:42:40 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{F36FA131-A6BA-4E4C-AB7E-034FB5FB08D8}
[2011.12.12 10:42:38 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{80CAD702-7637-422E-B4E2-9A87DFC79DAA}
[2011.12.12 10:42:27 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{7AEE0E03-66E3-4FDD-907A-C62981D966F5}
[2011.12.09 15:12:51 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{A8CC8245-D549-4775-96A4-A5C6A62FEC26}
[2011.12.09 15:12:40 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{48569153-9F6B-4E44-97D0-7DBA0E09A2F0}
[2011.12.07 15:45:14 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{A91C774C-156E-4EAF-9252-C3D280D84D3B}
[2011.12.07 15:45:04 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{68B4B2E2-CFAE-42AD-A1C8-588934674E6A}
[2011.12.06 14:17:50 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Roaming\dvdcss
[2011.12.06 12:03:33 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{49BA861A-EBB5-423B-9FD2-ED02561C8E56}
[2011.12.06 12:03:22 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{DAA5929D-9776-4B1F-AD7E-0B6F3E7ECEC2}
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.05 00:38:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Shadow\Documents\OTL.exe
[2012.01.05 00:36:10 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Shadow\Documents\esetsmartinstaller_enu.exe
[2012.01.05 00:32:58 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Shadow\Documents\tdsskiller.exe
[2012.01.05 00:30:01 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.05 00:29:29 | 010,847,608 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Shadow\Documents\mbam-setup-1.60.0.1800.exe
[2012.01.05 00:22:19 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.05 00:22:19 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.05 00:15:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.05 00:15:08 | 2134,401,023 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.05 00:04:04 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.04 23:57:56 | 001,518,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.04 23:57:56 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.04 23:57:56 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.04 23:57:56 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.04 23:57:56 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.04 20:34:14 | 000,073,404 | ---- | M] () -- C:\Users\Shadow\Documents\407250_10150507244519320_5780044319_8627153_2055915179_n.jpg
[2012.01.04 20:20:33 | 000,007,598 | ---- | M] () -- C:\Users\Shadow\AppData\Local\Resmon.ResmonCfg
[2012.01.04 20:11:50 | 000,024,450 | ---- | M] () -- C:\Users\Shadow\Documents\VISA_2012_01_REF_NR_26440114002.pdf
[2012.01.04 02:15:43 | 000,141,720 | ---- | M] () -- C:\Users\Shadow\Documents\335389_10150505807814320_5780044319_8621138_1754773448_o.jpg
[2012.01.03 15:56:28 | 000,177,782 | ---- | M] () -- C:\Users\Shadow\Documents\412676_10150503244589320_5780044319_8609019_1469018082_o.jpg
[2012.01.03 15:55:54 | 000,254,158 | ---- | M] () -- C:\Users\Shadow\Documents\340169_10150503491209320_5780044319_8610731_1800783599_o.jpg
[2012.01.03 15:55:22 | 000,164,175 | ---- | M] () -- C:\Users\Shadow\Documents\327346_10150503596569320_5780044319_8611382_1150341992_o.jpg
[2012.01.03 15:55:06 | 000,355,598 | ---- | M] () -- C:\Users\Shadow\Documents\337399_10150503641859320_5780044319_8611682_1308915590_o.jpg
[2012.01.03 15:54:42 | 000,290,759 | ---- | M] () -- C:\Users\Shadow\Documents\327038_10150503931384320_5780044319_8613388_1866960812_o.jpg
[2012.01.03 15:53:41 | 000,352,636 | ---- | M] () -- C:\Users\Shadow\Documents\414609_10150504090649320_5780044319_8614195_1554694238_o.jpg
[2012.01.03 15:51:24 | 000,266,660 | ---- | M] () -- C:\Users\Shadow\Documents\323808_10150504798689320_5780044319_8617082_1536897009_o.jpg
[2011.12.19 19:59:15 | 000,022,696 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2011.12.19 19:58:57 | 000,041,200 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2011.12.19 19:58:55 | 000,301,224 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2011.12.19 19:58:54 | 000,389,840 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2011.12.17 03:19:49 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.01.05 00:30:01 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.05 00:02:18 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.04 20:34:13 | 000,073,404 | ---- | C] () -- C:\Users\Shadow\Documents\407250_10150507244519320_5780044319_8627153_2055915179_n.jpg
[2012.01.04 20:11:49 | 000,024,450 | ---- | C] () -- C:\Users\Shadow\Documents\VISA_2012_01_REF_NR_26440114002.pdf
[2012.01.04 02:15:43 | 000,141,720 | ---- | C] () -- C:\Users\Shadow\Documents\335389_10150505807814320_5780044319_8621138_1754773448_o.jpg
[2012.01.04 01:29:37 | 000,007,598 | ---- | C] () -- C:\Users\Shadow\AppData\Local\Resmon.ResmonCfg
[2012.01.03 15:56:28 | 000,177,782 | ---- | C] () -- C:\Users\Shadow\Documents\412676_10150503244589320_5780044319_8609019_1469018082_o.jpg
[2012.01.03 15:55:53 | 000,254,158 | ---- | C] () -- C:\Users\Shadow\Documents\340169_10150503491209320_5780044319_8610731_1800783599_o.jpg
[2012.01.03 15:55:21 | 000,164,175 | ---- | C] () -- C:\Users\Shadow\Documents\327346_10150503596569320_5780044319_8611382_1150341992_o.jpg
[2012.01.03 15:55:06 | 000,355,598 | ---- | C] () -- C:\Users\Shadow\Documents\337399_10150503641859320_5780044319_8611682_1308915590_o.jpg
[2012.01.03 15:54:41 | 000,290,759 | ---- | C] () -- C:\Users\Shadow\Documents\327038_10150503931384320_5780044319_8613388_1866960812_o.jpg
[2012.01.03 15:53:40 | 000,352,636 | ---- | C] () -- C:\Users\Shadow\Documents\414609_10150504090649320_5780044319_8614195_1554694238_o.jpg
[2012.01.03 15:51:23 | 000,266,660 | ---- | C] () -- C:\Users\Shadow\Documents\323808_10150504798689320_5780044319_8617082_1536897009_o.jpg
[2011.12.15 20:29:41 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.12.15 20:29:40 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.12.15 20:29:40 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.12.15 20:29:40 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.12.15 20:29:40 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.11.03 15:13:22 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.11.03 10:41:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.02 22:35:40 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.11.02 22:17:07 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.11.02 21:11:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.11.02 21:05:40 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.11.02 20:56:23 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.08.27 08:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2012.01.02 14:49:10 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Alawar Entertainment
[2012.01.04 23:46:45 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Azureus
[2011.11.03 15:13:13 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Babylon
[2011.11.07 09:10:12 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\BabylonToolbar
[2011.11.04 16:33:11 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Ebner
[2011.11.02 21:20:17 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\InterTrust
[2011.11.05 16:27:24 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Leadertech
[2011.11.05 16:17:37 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\OpenCandy
[2011.11.28 15:22:55 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\OpenOffice.org
[2011.11.04 21:23:03 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Sony
[2011.11.02 20:57:44 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Splashtop
[2011.11.21 09:48:47 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Windows Live Writer
[2009.07.14 06:08:49 | 000,024,318 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.16 21:56:03 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Adobe
[2012.01.02 14:49:10 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Alawar Entertainment
[2011.11.03 10:41:56 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\ATI
[2012.01.04 23:46:45 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Azureus
[2011.11.03 15:13:13 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Babylon
[2011.11.07 09:10:12 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\BabylonToolbar
[2011.11.25 12:31:36 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\CyberLink
[2011.12.06 14:17:50 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\dvdcss
[2011.11.04 16:33:11 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Ebner
[2011.11.03 09:26:03 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Gretech
[2011.11.02 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Identities
[2011.11.02 21:05:19 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\InstallShield
[2011.11.02 21:20:17 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\InterTrust
[2011.11.05 16:27:24 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Leadertech
[2011.11.05 16:25:50 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Logishrd
[2011.11.05 16:27:33 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Logitech
[2011.11.02 23:04:47 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Macromedia
[2012.01.05 00:30:08 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Malwarebytes
[2011.04.12 08:54:56 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Media Center Programs
[2011.11.08 18:32:57 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Media Player Classic
[2011.11.10 11:42:59 | 000,000,000 | --SD | M] -- C:\Users\Shadow\AppData\Roaming\Microsoft
[2011.11.02 21:11:48 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Mozilla
[2011.11.05 16:17:37 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\OpenCandy
[2011.11.28 15:22:55 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\OpenOffice.org
[2012.01.04 21:48:29 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\PC Tools
[2011.11.04 21:23:03 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Sony
[2011.11.02 20:57:44 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Splashtop
[2011.11.02 22:17:37 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\vlc
[2011.11.06 10:51:48 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Winamp
[2011.11.21 09:48:47 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
[2011.11.02 22:54:48 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Shadow\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2011.11.05 16:27:24 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Shadow\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011.08.01 17:32:56 | 005,845,544 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\Shadow\AppData\Roaming\OpenCandy\FE94D596C1DE4EEC822A7A08B19F7AE8\ds_DeDnCD_driverscanner.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
         
--- --- ---
Angehängte Dateien
Dateityp: txt Extras.Txt (27,3 KB, 162x aufgerufen)
__________________


Geändert von ArcKitten (05.01.2012 um 02:25 Uhr)

Alt 05.01.2012, 13:14   #3
markusg
/// Malware-holic
 
95p.com Plage - Standard

95p.com Plage



hi,
1. ist das neu aufsetzen bei dieser malware sowieso das beste.
2. hättest du das thema über keygens und cracks lesen sollen, da heißt es deutlich, das wir bei solchen funden:
C:\Users\Shadow\Desktop\keygen,sonyvegas,usb ordner,lolita komplex\Keygen.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
nur beim formatieren, neu aufsetzen und absichern des pcs helfen, da solche software bzw deren verwendung strafbar ist.
__________________
__________________

Alt 05.01.2012, 15:48   #4
ArcKitten
 
95p.com Plage - Standard

95p.com Plage



Tut mir leid bezüglich dessen, ich hatte gestern noch keine zeit mir die logs überhaupt durchzulesen. wie gesagt is der PC eines freundes ich hab keine ahnung was er tut. aber das problem scheint jetz behoben zu sein und werde mich jetz um die absicherung seines PCs kümmern.
nochmals verzeihung für die störung

Alt 05.01.2012, 15:49   #5
markusg
/// Malware-holic
 
95p.com Plage - Standard

95p.com Plage



ich bezweifle sehr das das system sauber ist, aber das müsst ihr wissen mit welchem risiko ihr leben wollt.
es ist außerdem nicht sonderlich sinnvoll ein einmal infiziertes system zu sichern, das macht nur sinn bei einem garantiert sauberen pc.
im übrigen fühle ich mich nicht gestört :-)

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu 95p.com Plage
95p.com, aufsetzen, belästigung, erschein, erscheint, freude, freund, gen, infiziert, meinungen, nerviger, neu, neu aufsetzen, nötig, plage, thema, unnötig, verschiedene, virus, weiterer, zeile



Ähnliche Themen: 95p.com Plage


  1. Die Plage Sality und Abuse Sperre vom Provider
    Plagegeister aller Art und deren Bekämpfung - 18.08.2015 (3)
  2. Pop-up Plage bei Firefox - Teil 2
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (19)
  3. Pop-up Plage bei Firefox
    Plagegeister aller Art und deren Bekämpfung - 14.04.2014 (15)
  4. Pop-up Plage Teil 3
    Plagegeister aller Art und deren Bekämpfung - 13.04.2014 (6)
  5. Malware Defense - Die neue Plage...aber woher?
    Diskussionsforum - 11.01.2010 (10)
  6. Plage in C:\WINXP\system32\drivers\etc\hosts
    Log-Analyse und Auswertung - 10.12.2009 (25)
  7. Bifrost plage
    Mülltonne - 01.01.2009 (0)
  8. Virtumonde.dll - Plage
    Plagegeister aller Art und deren Bekämpfung - 15.10.2008 (9)
  9. Upload nahezu nicht vorhanden, Surfen eine Plage
    Plagegeister aller Art und deren Bekämpfung - 04.08.2008 (16)
  10. Csrss.exe Plage
    Plagegeister aller Art und deren Bekämpfung - 12.06.2008 (2)
  11. Trojaner Plage!!
    Plagegeister aller Art und deren Bekämpfung - 12.01.2008 (1)
  12. ESTALIVE Plage / HJT Logfile
    Plagegeister aller Art und deren Bekämpfung - 10.07.2007 (1)
  13. Desktop Plage
    Plagegeister aller Art und deren Bekämpfung - 29.12.2005 (11)
  14. Internet Explorer Popup-Plage, Bitte helft mir!
    Log-Analyse und Auswertung - 18.12.2005 (10)
  15. pop-up plage - brauche hilfe!
    Plagegeister aller Art und deren Bekämpfung - 15.11.2005 (8)
  16. Hallo Highjaker Plage trotz Anti Virus Help!!
    Log-Analyse und Auswertung - 27.08.2005 (2)
  17. Die Plage mit Startpage Trojaner
    Log-Analyse und Auswertung - 25.02.2005 (3)

Zum Thema 95p.com Plage - So nach viel Zeitaufwand und lesen von über 1000 Textzeilen...Wieder ein nerviger Virus der uns viel Freude verschafft, ich weis das vllt ein weiterer Post hier unnötig erscheint aber nachdem - 95p.com Plage...
Archiv
Du betrachtest: 95p.com Plage auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.