Shadow315 | 23.02.2012 17:12 | Neuer OTL-Log: Code:
OTL logfile created on: 23.02.2012 13:19:44 - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Shadow315\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,50% Memory free
4,24 Gb Paging File | 3,16 Gb Available in Paging File | 74,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 315,33 Gb Total Space | 91,53 Gb Free Space | 29,03% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 13,42 Gb Free Space | 67,08% Space Free | Partition Type: FAT32
Drive J: | 931,51 Gb Total Space | 744,92 Gb Free Space | 79,97% Space Free | Partition Type: NTFS
Computer Name: SHADOW315-PC | User Name: Shadow315 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.02.22 19:30:47 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Shadow315\Desktop\OTL(1).exe
PRC - [2012.01.22 08:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.10.12 21:10:00 | 000,397,312 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.10.12 21:09:32 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.10.12 16:18:28 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.04.01 06:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011.10.12 20:28:52 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011.08.07 21:41:18 | 000,046,592 | ---- | M] () -- C:\Program Files\Windows Live\Contacts\VERSION.dll
MOD - [2011.08.07 14:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\detour32.dll
MOD - [2011.04.11 13:58:21 | 000,390,656 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\lame_enc.dll
MOD - [2011.04.11 13:58:17 | 000,370,688 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\libsndfile.dll
MOD - [2010.01.20 19:55:31 | 000,163,728 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.01.22 08:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.12 21:09:32 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.10.12 16:18:28 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.04.01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.04.01 06:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.03.16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2012.02.21 12:29:49 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.11.02 10:13:12 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys -- (a2acc)
DRV - [2011.10.12 21:55:06 | 008,598,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2011.10.12 21:55:06 | 008,598,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.10.12 21:55:06 | 008,598,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.10.12 20:30:18 | 000,257,024 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.06.06 23:06:42 | 000,081,936 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011.05.19 13:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011.04.01 06:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2011.04.01 06:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.06.23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2008.05.02 09:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.05.02 09:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.05.02 09:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.05.02 09:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2004.10.26 10:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1955313859-1678149478-2173258271-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.farmerama.de/
IE - HKU\S-1-5-21-1955313859-1678149478-2173258271-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1955313859-1678149478-2173258271-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C E9 8C 6E 2A BE CB 01 [binary data]
IE - HKU\S-1-5-21-1955313859-1678149478-2173258271-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1955313859-1678149478-2173258271-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Bigpoint Games DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2843456&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Bigpoint Games DE Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.united-forum.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {0e3dbc69-a682-48da-84e1-82c63a5d678e}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.109
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2843456&q=&SearchSource=2"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.09.12 00:23:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 11:31:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.18 11:31:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b9\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 9\components [2011.01.20 14:21:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b9\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 9\plugins
[2008.09.10 13:40:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shadow315\AppData\Roaming\mozilla\Extensions
[2012.02.19 11:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shadow315\AppData\Roaming\mozilla\Firefox\Profiles\wa7hn65n.default\extensions
[2010.10.07 07:43:20 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Shadow315\AppData\Roaming\mozilla\Firefox\Profiles\wa7hn65n.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2012.02.19 00:13:52 | 000,000,000 | ---D | M] (Bigpoint Games DE Community Toolbar) -- C:\Users\Shadow315\AppData\Roaming\mozilla\Firefox\Profiles\wa7hn65n.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e}
[2010.10.07 07:43:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Shadow315\AppData\Roaming\mozilla\Firefox\Profiles\wa7hn65n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.19 00:13:50 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\Shadow315\AppData\Roaming\mozilla\Firefox\Profiles\wa7hn65n.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2012.02.19 11:36:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Shadow315\AppData\Roaming\mozilla\Firefox\Profiles\wa7hn65n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.17 02:17:33 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Shadow315\AppData\Roaming\mozilla\Firefox\Profiles\wa7hn65n.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.03.31 10:17:29 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Shadow315\AppData\Roaming\mozilla\Firefox\Profiles\wa7hn65n.default\extensions\engine@conduit.com
[2009.09.27 07:38:21 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Shadow315\AppData\Roaming\mozilla\Firefox\Profiles\wa7hn65n.default\extensions\moveplayer@movenetworks.com
[2010.10.07 07:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shadow315\AppData\Roaming\mozilla\Firefox\Profiles\wa7hn65n.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2011.01.12 21:02:48 | 000,000,937 | ---- | M] () -- C:\Users\Shadow315\AppData\Roaming\Mozilla\Firefox\Profiles\wa7hn65n.default\searchplugins\conduit.xml
[2010.03.07 20:23:00 | 000,002,272 | ---- | M] () -- C:\Users\Shadow315\AppData\Roaming\Mozilla\Firefox\Profiles\wa7hn65n.default\searchplugins\google-und-download-suche.xml
[2012.02.18 11:31:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.02.16 15:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 11:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
O1 HOSTS File: ([2012.02.23 06:25:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1955313859-1678149478-2173258271-1000..\Run: [DAEMON Tools Lite] J:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1955313859-1678149478-2173258271-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1955313859-1678149478-2173258271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-1955313859-1678149478-2173258271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - Reg Error: Value error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.182 80.69.100.230
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6A378D7-69B5-4196-B7CF-54089DE93890}: DhcpNameServer = 80.69.100.182 80.69.100.230
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Shadow315\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Shadow315\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpFolder: C:^Users^Shadow315^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: Logitech Vid - hkey= - key= - C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
MsConfig - StartUpReg: LWS - hkey= - key= - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
MsConfig - StartUpReg: NBCore - hkey= - key= - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe (Nero AG)
MsConfig - StartUpReg: PlusService - hkey= - key= - C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - State: "startup" - 2
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{0AF45D3F-8287-45B9-8DAC-F4B808AB1136} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.XVID - xvidvfw.dll File not found
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.02.23 10:54:47 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{3886E663-1762-4252-A2D9-6837AB777513}
[2012.02.23 10:54:16 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{A5EF1E61-7AA8-4387-8966-D4945030E491}
[2012.02.23 09:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012.02.23 09:19:54 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{32D94D4B-CBB3-4B7E-9E4A-BC32841A99FA}
[2012.02.23 06:32:32 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\temp
[2012.02.23 06:26:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.02.23 00:59:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.02.23 00:59:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.02.23 00:59:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.02.23 00:59:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.02.23 00:59:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.02.23 00:59:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.02.22 23:16:18 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{B0C7B858-43B7-4924-8591-A40A05F156C1}
[2012.02.22 21:02:04 | 004,417,295 | R--- | C] (Swearware) -- C:\Users\Shadow315\Desktop\ComboFix.exe
[2012.02.22 19:30:47 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Shadow315\Desktop\OTL(1).exe
[2012.02.22 11:15:26 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{A69EBF72-C5FF-411D-9A99-18662C7B64B0}
[2012.02.22 11:14:53 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{76F65C0C-38D4-4046-A6DC-D560EABC3A48}
[2012.02.21 19:15:20 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{70369FB5-FDF5-4047-ACE7-EAC3AB076ADC}
[2012.02.21 19:14:44 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{A9B2DCA6-76B1-43FF-86A0-F70E1EEE9EA8}
[2012.02.21 18:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.21 12:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.02.21 12:29:49 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.02.21 12:28:47 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Roaming\DAEMON Tools Lite
[2012.02.21 12:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.02.21 07:26:39 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Roaming\Malwarebytes
[2012.02.21 07:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.21 07:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.21 07:26:17 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.21 07:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.21 07:13:26 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{F24AF1E4-A10B-4A70-BEB1-7EDCBC84D6DF}
[2012.02.21 07:13:06 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{27544704-F64E-44C7-BF51-ADE1D80F822C}
[2012.02.20 21:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.02.20 16:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.02.20 12:01:37 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{41AAFA97-7F6D-46CD-9897-5759D7404B2C}
[2012.02.20 12:01:07 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{8143BD9A-AE43-4337-8999-D6F4F568ADF6}
[2012.02.20 11:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.02.20 11:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.02.20 01:34:49 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\Documents\My Webcam Recordings
[2012.02.20 01:34:29 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Roaming\Systweak
[2012.02.20 01:33:45 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\MessengerDiscovery
[2012.02.20 01:33:33 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\Babylon
[2012.02.20 01:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.02.20 01:33:30 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Roaming\Babylon
[2012.02.20 01:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\MessengerDiscovery
[2012.02.20 00:00:33 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{77D89F3E-EBCB-475F-8267-93A12962E96B}
[2012.02.19 11:59:53 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{5DD57861-B579-46BA-8E6E-719AD013B49E}
[2012.02.19 11:59:27 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{BE4D851E-B32B-4429-B665-93D5EC85931C}
[2012.02.18 23:58:35 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{204E4CC5-711D-43F6-94B9-E6966E8899A4}
[2012.02.18 11:57:55 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{01585FDF-8634-4906-B8E3-3A6A3FEEC5F2}
[2012.02.18 11:57:32 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{3AC257C3-4755-47DB-BDE4-68002E435479}
[2012.02.17 23:56:45 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{4F9C5384-21A0-4D11-9D81-7488AE728FF8}
[2012.02.17 11:56:05 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{A5DE6D9E-1210-4C28-8788-FFD923B09CF3}
[2012.02.17 11:55:41 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{86B2D14D-4AC3-4DDB-BE76-AF98D9064556}
[2012.02.16 23:55:09 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{1553FBF2-89C8-477F-ABCF-3AFD1D162359}
[2012.02.16 23:54:47 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{9C66E938-635D-4833-B1FE-7667EA36AA80}
[2012.02.16 11:54:19 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{D91C4C36-EC4C-4C40-8123-C67510B66019}
[2012.02.16 11:53:56 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{85D85A01-539E-49B0-9AA8-381427DE7B98}
[2012.02.15 23:53:17 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{63529CF6-DE38-45D8-9225-C189FB3A5884}
[2012.02.15 11:52:38 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{9049A75C-2ABF-4FAD-B15A-C437DF41C3A8}
[2012.02.15 11:52:14 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{B51EBE4B-3D5B-4471-804B-75899572F3ED}
[2012.02.14 23:51:36 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{66613ABE-BE9F-4335-97C0-9635D2B5BAA0}
[2012.02.14 11:50:53 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{25211C75-1B94-470D-AC8C-3E17394E38C9}
[2012.02.14 11:50:29 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{D82F350A-48B8-4242-924F-83AD7755DA6D}
[2012.02.13 23:49:58 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{31832502-5729-46BC-9203-9996A04C12BA}
[2012.02.13 23:49:36 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{C5304BBD-DD08-455B-B27A-3990A26D8DDA}
[2012.02.13 11:48:09 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{5BB8FCC7-E86E-4A04-9E39-F2C2228A962D}
[2012.02.13 11:47:47 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{9FE56245-7F92-4D13-8B66-D566F49F3B69}
[2012.02.12 23:47:15 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{72DF1494-0B94-4D87-8E81-F79E2BBA5BB2}
[2012.02.12 23:46:52 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{8243B488-FA54-4648-83C4-8E477D9EA619}
[2012.02.12 11:46:21 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{26FFCFA4-106E-4F11-A2D7-69B81D9F7C0E}
[2012.02.12 11:46:00 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{D2D0E211-CACF-425F-8E9A-14885D258F4D}
[2012.02.11 23:03:25 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{05D98FCF-AAA3-4C81-8B2B-32B1DEAAC092}
[2012.02.11 11:02:45 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{F7A3C5E5-F676-4BC4-88F4-E6F53A32CF93}
[2012.02.11 11:02:21 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{D952C589-CE28-42A8-AA3A-9616DCFF76A6}
[2012.02.10 23:01:42 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{72B188B0-987C-42D0-A150-A64422146FAA}
[2012.02.10 23:01:17 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{74F69919-0FB5-4C41-A6FB-AF9FBB3B91C5}
[2012.02.10 11:00:45 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{755DB9B5-6DC5-4419-B532-7F8B206AD4A1}
[2012.02.10 11:00:24 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{EA58C833-3C34-46A0-BBF4-6E7D21044A18}
[2012.02.09 22:59:52 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{B8035375-0067-4953-A009-65F112255112}
[2012.02.09 10:59:08 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{60AF0DAC-E6C8-4B88-B6B4-230FD70666AE}
[2012.02.09 10:58:44 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{022D775A-818C-4A15-A97E-9BF25240A2CF}
[2012.02.08 22:58:03 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{26895E1E-3F5A-4FAE-8746-F2F40664FBA1}
[2012.02.08 10:57:27 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{369C0F28-25A8-4DB7-B856-2BDCAA097377}
[2012.02.08 10:57:06 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{C23E9956-0E87-4DF4-8199-188CF99951AE}
[2012.02.07 22:56:36 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{440DEE2B-C1F6-4F38-BD16-66CE35C76648}
[2012.02.07 10:56:00 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{D97EDF86-00FF-4462-8749-F8D251008614}
[2012.02.07 10:55:39 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{C467DCDC-CD8C-4E8E-9F76-44E7A06AB207}
[2012.02.06 22:55:06 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{1A7B318D-2377-44B1-80A0-04BFFAE82153}
[2012.02.06 10:54:28 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{4796BB5A-8163-4181-8507-5470C219DDBB}
[2012.02.06 10:54:07 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{89FB9DA1-B7A9-4AF2-B7E6-CD1C1BCAB632}
[2012.02.05 21:54:27 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{934F41B0-5B91-4795-BCAA-D80410DDA170}
[2012.02.05 09:54:04 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{604DC800-7E53-4B29-B293-9D159B3C0727}
[2012.02.05 09:53:43 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{FFADA01F-81C7-4EDC-BCFE-EC20233EABF0}
[2012.02.03 12:14:20 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{731C4AAD-3FC8-437A-BD5B-44624970AB15}
[2012.02.03 12:14:09 | 000,000,000 | ---D | C] -- C:\Users\Shadow315\AppData\Local\{ED16CA66-A6DC-4B86-BF42-91AD67D42B9C}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.02.23 13:18:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.23 12:44:31 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.23 12:44:31 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.23 12:18:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.23 10:44:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.23 06:25:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.02.23 03:20:19 | 000,676,444 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.23 03:20:19 | 000,636,302 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.23 03:20:19 | 000,146,834 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.23 03:20:19 | 000,120,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.22 21:02:12 | 004,417,295 | R--- | M] (Swearware) -- C:\Users\Shadow315\Desktop\ComboFix.exe
[2012.02.22 19:30:47 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Shadow315\Desktop\OTL(1).exe
[2012.02.21 12:31:43 | 000,000,607 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.02.21 12:29:49 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.02.21 08:07:40 | 000,203,264 | ---- | M] () -- C:\Users\Shadow315\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.21 07:26:25 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.21 03:31:07 | 000,306,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.20 21:49:39 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.02.20 16:06:37 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.02.20 11:40:19 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.20 01:47:41 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012.02.20 01:33:51 | 000,000,237 | ---- | M] () -- C:\user.js
[2012.02.19 13:38:25 | 010,982,955 | ---- | M] () -- C:\Users\Shadow315\Desktop\3p Licence 2 Kill SNA Club Mix .mp3
[2012.02.19 11:55:23 | 000,000,841 | ---- | M] () -- C:\Users\Shadow315\Desktop\World of Warcraft.lnk
[2012.02.17 16:40:02 | 000,378,172 | ---- | M] () -- C:\Users\Shadow315\ok.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.02.23 00:59:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.02.23 00:59:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.02.23 00:59:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.02.23 00:59:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.02.23 00:59:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.02.22 00:00:19 | 013,903,445 | ---- | C] () -- C:\Users\Shadow315\Desktop\Allegria.mp3
[2012.02.21 12:31:43 | 000,000,607 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.02.21 07:26:25 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.20 21:49:39 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.02.20 21:48:18 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.02.20 16:06:37 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.02.20 11:40:19 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.20 01:43:25 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012.02.20 01:33:43 | 000,000,237 | ---- | C] () -- C:\user.js
[2012.02.19 13:37:54 | 010,982,955 | ---- | C] () -- C:\Users\Shadow315\Desktop\3p Licence 2 Kill SNA Club Mix .mp3
[2012.02.17 16:40:02 | 000,378,172 | ---- | C] () -- C:\Users\Shadow315\ok.jpg
[2011.10.12 20:28:52 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.10.12 16:16:30 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.08.17 20:48:44 | 000,237,701 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.06.02 21:42:26 | 000,000,000 | ---- | C] () -- C:\Windows\System32\imwords.dat
[2011.06.02 21:42:26 | 000,000,000 | ---- | C] () -- C:\Windows\System32\im_markovian.dat
[2011.05.28 09:07:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\imblacklist.dat
[2011.05.28 08:29:50 | 000,867,468 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.04.01 06:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.04.01 06:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.04.01 06:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.04.01 05:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.03.22 22:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.02.20 10:43:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.10.24 19:34:19 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.03.24 00:49:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.02.24 23:54:59 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010.02.24 23:54:59 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010.02.24 23:54:59 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
========== LOP Check ==========
[2009.06.17 00:26:49 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Ankh
[2009.07.28 10:58:31 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Any Video Converter
[2012.02.20 01:33:30 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Babylon
[2012.02.20 11:42:11 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\BitTorrent
[2009.10.12 12:32:36 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\BullGuard
[2009.05.13 11:31:34 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Command & Conquer 3 Kanes Rache
[2010.10.14 19:02:32 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.02.21 12:32:18 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\DAEMON Tools Lite
[2012.02.21 07:43:28 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\DataCast
[2010.11.26 20:20:01 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Extensible XML Editor
[2011.09.24 17:03:33 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\FreshDiagnose
[2011.05.28 14:51:15 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\GetRightToGo
[2008.10.12 22:32:41 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\KaLoMa
[2010.05.22 08:52:01 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Leadertech
[2011.03.21 08:45:58 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\LolClient
[2009.11.19 20:31:13 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\MAGIX
[2009.08.28 23:57:42 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Octoshape
[2011.03.20 13:38:40 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\PlayFirst
[2012.02.23 11:53:02 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\QuickScan
[2009.03.19 23:33:42 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Red Alert 3 Demo
[2011.05.26 18:51:40 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\RIFT
[2010.03.23 15:49:05 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\SystemSuite
[2012.02.21 07:41:21 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Systweak
[2008.09.22 13:48:35 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Template
[2010.02.04 10:04:53 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\The Bat!
[2012.02.20 11:42:11 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\TS3Client
[2009.09.09 11:56:50 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Turbine
[2009.06.17 09:48:47 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\uTorrent
[2009.11.17 23:56:12 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\VistaCodecs
[2008.09.25 20:31:28 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Xilisoft Corporation
[2012.02.20 11:13:54 | 000,000,000 | ---D | M] -- C:\Users\The_Crow\AppData\Roaming\Systweak
[2012.02.23 10:43:00 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.07.26 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Adobe
[2009.07.26 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\AdobeUM
[2009.06.17 00:26:49 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Ankh
[2009.07.28 10:58:31 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Any Video Converter
[2012.02.20 01:33:30 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Babylon
[2012.02.20 11:42:11 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\BitTorrent
[2009.10.12 12:32:36 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\BullGuard
[2009.05.13 11:31:34 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Command & Conquer 3 Kanes Rache
[2010.10.14 19:02:32 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.02.21 12:32:18 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\DAEMON Tools Lite
[2012.02.21 07:43:28 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\DataCast
[2010.06.01 23:54:40 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\DivX
[2009.02.11 13:09:41 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Download Manager
[2010.11.26 20:20:01 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Extensible XML Editor
[2011.09.24 17:03:33 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\FreshDiagnose
[2011.05.28 14:51:15 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\GetRightToGo
[2008.09.10 13:34:28 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Identities
[2008.10.12 22:32:41 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\KaLoMa
[2010.05.22 08:52:01 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Leadertech
[2011.03.21 08:45:58 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\LolClient
[2008.09.10 18:27:39 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Macromedia
[2009.11.19 20:31:13 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\MAGIX
[2012.02.21 07:26:39 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Media Center Programs
[2010.10.14 11:08:58 | 000,000,000 | --SD | M] -- C:\Users\Shadow315\AppData\Roaming\Microsoft
[2009.06.07 08:23:09 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Mozilla
[2009.02.21 05:13:08 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Nero
[2009.08.28 23:57:42 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Octoshape
[2011.03.20 13:38:40 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\PlayFirst
[2012.02.23 11:53:02 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\QuickScan
[2008.09.12 00:25:49 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Real
[2009.03.19 23:33:42 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Red Alert 3 Demo
[2011.05.26 18:51:40 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\RIFT
[2010.10.14 19:00:57 | 000,000,000 | RH-D | M] -- C:\Users\Shadow315\AppData\Roaming\SecuROM
[2012.02.20 11:42:11 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Skype
[2009.01.27 00:15:21 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Symantec
[2010.03.23 15:49:05 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\SystemSuite
[2012.02.21 07:41:21 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Systweak
[2010.02.13 23:01:03 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\teamspeak2
[2008.09.22 13:48:35 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Template
[2010.02.04 10:04:53 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\The Bat!
[2012.02.20 11:42:11 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\TS3Client
[2009.09.09 11:56:50 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Turbine
[2009.06.17 09:48:47 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\uTorrent
[2009.11.17 23:56:12 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\VistaCodecs
[2008.09.14 18:51:47 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\WinRAR
[2008.09.25 20:31:28 | 000,000,000 | ---D | M] -- C:\Users\Shadow315\AppData\Roaming\Xilisoft Corporation
< %APPDATA%\*.exe /s >
[2011.06.08 12:47:19 | 003,120,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Shadow315\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2011.02.16 21:34:15 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Shadow315\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011.06.15 16:22:38 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Shadow315\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.04.17 09:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.04.17 09:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008.09.11 02:11:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.09.11 02:11:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.09.11 02:11:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.09.11 02:11:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTORV.SYS >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: USER32.DLL >
[2008.09.11 02:02:10 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll
[2008.09.11 02:02:10 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
< MD5 for: USERINIT.EXE >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WININIT.EXE >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
< MD5 for: WINLOGON.EXE >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
========== Files - Unicode (All) ==========
[2011.06.28 06:19:42 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2011.06.28 06:19:42 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
========== Alternate Data Streams ==========
@Alternate Data Stream - 10 bytes -> C:\Users\Shadow315\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe:BDU
< End of report > |