| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 95p.com PlageWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.01.2012, 01:45
| #1 |
| |  95p.com Plage So nach viel Zeitaufwand und lesen von über 1000 Textzeilen...Wieder ein nerviger Virus der uns viel Freude verschafft, ich weis das vllt ein weiterer Post hier unnötig erscheint aber nachdem ich verschiedene Meinungen gelesen hab und mein Freund dessen PC grad infiziert ist und von dem ich aus tippe net den PC neu aufsetzen will...hier ein paar Logs Danke im Vorraus und verzeihung für die Belästigung mit dem Thema. |
|
05.01.2012, 01:48
| #2 |
| | 95p.com Plage Und weil net alle Logs draufpassten...
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.01.2012 00:39:55 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Shadow\Documents 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,53 Gb Available Physical Memory | 69,21% Memory free 15,97 Gb Paging File | 13,08 Gb Available in Paging File | 81,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1863,01 Gb Total Space | 1756,92 Gb Free Space | 94,31% Space Free | Partition Type: NTFS Computer Name: SHADOW-PC | User Name: Shadow | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Shadow\Documents\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Users\Shadow\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) PRC - C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe (ESET) PRC - C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe () PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe () PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe () PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe (Gigabyte Technology CO., LTD.) PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-52.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\avformat-52.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-50.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll () MOD - C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe () MOD - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PhoneUpdate.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe () MOD - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\TMonitorAPI.dll () MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL () MOD - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\Report.dll () MOD - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\VObject.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (cmdagent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe () SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (CyberLink PowerDVD 11.0 Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (CyberLink) SRV - (CyberLink PowerDVD 11.0 Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink) SRV - (CLHNServiceForPowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe () SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (WCUService_STC_FF) -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe (Splashtop Inc.) SRV - (WCUService_STC_IE) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe (Splashtop Inc.) SRV - (SCBackService) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Smart TimeLock) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider) DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl (CyberLink Corp.) DRV - (ntk_PowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys (Cyberlink Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_Prot IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 84 CC 0B 9B 99 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.) IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.msn.com/?ocid=iehp" FF - prefs.js..extensions.enabledItems: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351}:3.7 FF - prefs.js..extensions.stconnect.backup.keyword.URL: "splashtop:search?" FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2011.11.02 21:41:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2011.11.02 21:41:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d9284e50-81fc-11da-a72b-0800200c9a66}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2011.11.02 21:41:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.05 00:04:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.05 00:04:03 | 000,000,000 | ---D | M] [2011.11.02 21:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shadow\AppData\Roaming\mozilla\Extensions [2012.01.05 00:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shadow\AppData\Roaming\mozilla\Firefox\Profiles\zccwybjr.default\extensions [2012.01.04 23:46:45 | 000,000,000 | ---D | M] (Personas Rotator) -- C:\Users\Shadow\AppData\Roaming\mozilla\Firefox\Profiles\zccwybjr.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351} [2011.11.05 11:32:08 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Shadow\AppData\Roaming\mozilla\Firefox\Profiles\zccwybjr.default\extensions\DefaultManager@Microsoft [2012.01.05 00:02:37 | 000,001,832 | ---- | M] () -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\zccwybjr.default\searchplugins\bing-1.xml [2011.11.02 21:43:27 | 000,001,747 | ---- | M] () -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\zccwybjr.default\searchplugins\bing.xml [2011.11.02 21:43:27 | 000,002,187 | ---- | M] () -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\zccwybjr.default\searchplugins\google.xml [2011.11.02 21:43:27 | 000,001,020 | ---- | M] () -- C:\Users\Shadow\AppData\Roaming\Mozilla\Firefox\Profiles\zccwybjr.default\searchplugins\yahoo.xml [2012.01.05 00:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.04 23:46:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.06.16 05:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.) O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Shadow\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [MediaGet2] C:\Users\Shadow\AppData\Local\MediaGet2\mediaget.exe --minimized File not found O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Programme\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Shadow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8097F8EF-5ABB-4564-BE8F-B75721261B08}: DhcpNameServer = 212.186.211.21 195.34.133.21 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{babff960-1c31-11e1-b305-50e54931a315}\Shell - "" = AutoRun O33 - MountPoints2\{babff960-1c31-11e1-b305-50e54931a315}\Shell\AutoRun\command - "" = E:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler) Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\Windows\SysWow64\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.05 00:38:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Shadow\Documents\OTL.exe [2012.01.05 00:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.01.05 00:36:09 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Shadow\Documents\esetsmartinstaller_enu.exe [2012.01.05 00:32:54 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Shadow\Documents\tdsskiller.exe [2012.01.05 00:30:08 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Roaming\Malwarebytes [2012.01.05 00:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.05 00:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.05 00:30:00 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.01.05 00:30:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.01.05 00:29:24 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Shadow\Documents\mbam-setup-1.60.0.1800.exe [2012.01.05 00:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox [2012.01.05 00:01:51 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{1552EE5F-9ABF-4D4B-BCD8-FC0EB3B833F0} [2012.01.05 00:01:40 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{F8B921D6-652C-4593-B313-689373466B11} [2012.01.04 23:49:32 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{05A0FB20-79B2-4064-BC75-20D95737C4F3} [2012.01.04 22:19:24 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2012.01.04 21:48:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security [2012.01.04 21:48:29 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Roaming\PC Tools [2012.01.04 21:48:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2012.01.04 21:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012.01.04 12:56:19 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{E959A525-935D-4A52-A948-CB2F2D834CA5} [2012.01.04 12:55:57 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{3E088277-9664-480B-95EF-B9F985F80391} [2012.01.04 01:47:27 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2012.01.04 01:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.01.04 01:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012.01.04 00:55:32 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{CC3DD2ED-6392-4634-872B-157A1AF3A9A1} [2012.01.04 00:55:11 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{95B0D545-C7EB-4BDD-BC79-54123206F4B0} [2012.01.03 19:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks [2012.01.03 18:23:31 | 000,000,000 | ---D | C] -- C:\Users\Shadow\Documents\My Games [2012.01.03 12:54:47 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{2262EE8E-EB2F-4631-BC15-47916027E0DA} [2012.01.03 00:54:25 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{C3BDBA2E-77A6-402E-8775-9214C09F706A} [2012.01.03 00:54:04 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{994B9451-2CC1-47C1-BA2E-A62EAFB439BA} [2012.01.02 16:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Intenium [2012.01.02 14:49:10 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Roaming\Alawar Entertainment [2012.01.02 12:53:17 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{3DF93B57-6492-4214-9083-E89A0E376F17} [2012.01.02 12:53:07 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{AFFCB2BE-4D29-429A-AA1D-6B2E8F2F4726} [2011.12.29 10:42:30 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{1307F123-6F86-4977-90DA-140B904D224C} [2011.12.29 10:42:19 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{F617E36F-774C-4DF8-8C0A-9B76ED5A7991} [2011.12.26 19:12:32 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{D25FC9B7-8424-45C4-B7DF-B935202D3EBC} [2011.12.26 19:12:10 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{5060D417-6263-4169-AF03-874D67E6B425} [2011.12.25 14:25:29 | 000,000,000 | ---D | C] -- C:\Users\Shadow\Desktop\ULES01213 [2011.12.25 13:39:19 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{0CCAC6C6-630B-4A5A-8E16-E339D3BF1B2B} [2011.12.25 13:39:08 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{7BB45D96-0B07-4428-A188-F5C8F02017E1} [2011.12.24 18:36:32 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{49D18AB4-A84D-413A-BF11-C4C14D968C45} [2011.12.24 18:36:11 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{6B3C682A-3A27-4576-9207-11C3C409BAE2} [2011.12.24 06:35:46 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{216B875B-B934-4A06-B270-3EE48337DE48} [2011.12.23 19:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pinball [2011.12.23 18:35:12 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{117C5B62-258B-4794-8023-CC91EE9ECDD9} [2011.12.23 18:35:00 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{2C1D6043-3B72-4308-B906-F017D26A062E} [2011.12.18 12:47:16 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{F71B12C7-9874-47E3-BDEE-F17DFF9CEBE1} [2011.12.18 12:47:03 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{84B15BE3-240B-4B21-9937-CFD7056629B9} [2011.12.17 13:04:43 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{019945CE-A302-4030-AA5F-30AAEFDE6CE0} [2011.12.17 13:04:33 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{7B2D6771-A448-48CA-B13E-1E55D92AAE0F} [2011.12.17 00:38:20 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{DF59E8B4-E564-4A3B-9291-406C0077170D} [2011.12.17 00:38:09 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{3C6787AD-002C-4786-8552-5AFF1B2CA1E3} [2011.12.15 20:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2011.12.15 20:29:40 | 000,839,680 | ---- | C] (hxxp://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm [2011.12.15 20:29:40 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm [2011.12.15 20:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2011.12.15 19:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.12.15 19:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2011.12.15 19:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.12.15 19:42:50 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{BB96657F-B987-4ECA-AFD0-53AD5A2850A8} [2011.12.15 19:42:40 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{F36FA131-A6BA-4E4C-AB7E-034FB5FB08D8} [2011.12.12 10:42:38 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{80CAD702-7637-422E-B4E2-9A87DFC79DAA} [2011.12.12 10:42:27 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{7AEE0E03-66E3-4FDD-907A-C62981D966F5} [2011.12.09 15:12:51 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{A8CC8245-D549-4775-96A4-A5C6A62FEC26} [2011.12.09 15:12:40 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{48569153-9F6B-4E44-97D0-7DBA0E09A2F0} [2011.12.07 15:45:14 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{A91C774C-156E-4EAF-9252-C3D280D84D3B} [2011.12.07 15:45:04 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{68B4B2E2-CFAE-42AD-A1C8-588934674E6A} [2011.12.06 14:17:50 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Roaming\dvdcss [2011.12.06 12:03:33 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{49BA861A-EBB5-423B-9FD2-ED02561C8E56} [2011.12.06 12:03:22 | 000,000,000 | ---D | C] -- C:\Users\Shadow\AppData\Local\{DAA5929D-9776-4B1F-AD7E-0B6F3E7ECEC2} ========== Files - Modified Within 30 Days ========== [2012.01.05 00:38:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Shadow\Documents\OTL.exe [2012.01.05 00:36:10 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Shadow\Documents\esetsmartinstaller_enu.exe [2012.01.05 00:32:58 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Shadow\Documents\tdsskiller.exe [2012.01.05 00:30:01 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.05 00:29:29 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Shadow\Documents\mbam-setup-1.60.0.1800.exe [2012.01.05 00:22:19 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.05 00:22:19 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.05 00:15:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.05 00:15:08 | 2134,401,023 | -HS- | M] () -- C:\hiberfil.sys [2012.01.05 00:04:04 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.01.04 23:57:56 | 001,518,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.04 23:57:56 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.04 23:57:56 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.04 23:57:56 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.04 23:57:56 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.04 20:34:14 | 000,073,404 | ---- | M] () -- C:\Users\Shadow\Documents\407250_10150507244519320_5780044319_8627153_2055915179_n.jpg [2012.01.04 20:20:33 | 000,007,598 | ---- | M] () -- C:\Users\Shadow\AppData\Local\Resmon.ResmonCfg [2012.01.04 20:11:50 | 000,024,450 | ---- | M] () -- C:\Users\Shadow\Documents\VISA_2012_01_REF_NR_26440114002.pdf [2012.01.04 02:15:43 | 000,141,720 | ---- | M] () -- C:\Users\Shadow\Documents\335389_10150505807814320_5780044319_8621138_1754773448_o.jpg [2012.01.03 15:56:28 | 000,177,782 | ---- | M] () -- C:\Users\Shadow\Documents\412676_10150503244589320_5780044319_8609019_1469018082_o.jpg [2012.01.03 15:55:54 | 000,254,158 | ---- | M] () -- C:\Users\Shadow\Documents\340169_10150503491209320_5780044319_8610731_1800783599_o.jpg [2012.01.03 15:55:22 | 000,164,175 | ---- | M] () -- C:\Users\Shadow\Documents\327346_10150503596569320_5780044319_8611382_1150341992_o.jpg [2012.01.03 15:55:06 | 000,355,598 | ---- | M] () -- C:\Users\Shadow\Documents\337399_10150503641859320_5780044319_8611682_1308915590_o.jpg [2012.01.03 15:54:42 | 000,290,759 | ---- | M] () -- C:\Users\Shadow\Documents\327038_10150503931384320_5780044319_8613388_1866960812_o.jpg [2012.01.03 15:53:41 | 000,352,636 | ---- | M] () -- C:\Users\Shadow\Documents\414609_10150504090649320_5780044319_8614195_1554694238_o.jpg [2012.01.03 15:51:24 | 000,266,660 | ---- | M] () -- C:\Users\Shadow\Documents\323808_10150504798689320_5780044319_8617082_1536897009_o.jpg [2011.12.19 19:59:15 | 000,022,696 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys [2011.12.19 19:58:57 | 000,041,200 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll [2011.12.19 19:58:55 | 000,301,224 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll [2011.12.19 19:58:54 | 000,389,840 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll [2011.12.17 03:19:49 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.01.05 00:30:01 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.05 00:02:18 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.01.04 20:34:13 | 000,073,404 | ---- | C] () -- C:\Users\Shadow\Documents\407250_10150507244519320_5780044319_8627153_2055915179_n.jpg [2012.01.04 20:11:49 | 000,024,450 | ---- | C] () -- C:\Users\Shadow\Documents\VISA_2012_01_REF_NR_26440114002.pdf [2012.01.04 02:15:43 | 000,141,720 | ---- | C] () -- C:\Users\Shadow\Documents\335389_10150505807814320_5780044319_8621138_1754773448_o.jpg [2012.01.04 01:29:37 | 000,007,598 | ---- | C] () -- C:\Users\Shadow\AppData\Local\Resmon.ResmonCfg [2012.01.03 15:56:28 | 000,177,782 | ---- | C] () -- C:\Users\Shadow\Documents\412676_10150503244589320_5780044319_8609019_1469018082_o.jpg [2012.01.03 15:55:53 | 000,254,158 | ---- | C] () -- C:\Users\Shadow\Documents\340169_10150503491209320_5780044319_8610731_1800783599_o.jpg [2012.01.03 15:55:21 | 000,164,175 | ---- | C] () -- C:\Users\Shadow\Documents\327346_10150503596569320_5780044319_8611382_1150341992_o.jpg [2012.01.03 15:55:06 | 000,355,598 | ---- | C] () -- C:\Users\Shadow\Documents\337399_10150503641859320_5780044319_8611682_1308915590_o.jpg [2012.01.03 15:54:41 | 000,290,759 | ---- | C] () -- C:\Users\Shadow\Documents\327038_10150503931384320_5780044319_8613388_1866960812_o.jpg [2012.01.03 15:53:40 | 000,352,636 | ---- | C] () -- C:\Users\Shadow\Documents\414609_10150504090649320_5780044319_8614195_1554694238_o.jpg [2012.01.03 15:51:23 | 000,266,660 | ---- | C] () -- C:\Users\Shadow\Documents\323808_10150504798689320_5780044319_8617082_1536897009_o.jpg [2011.12.15 20:29:41 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.12.15 20:29:40 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.12.15 20:29:40 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.12.15 20:29:40 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.12.15 20:29:40 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml [2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.11.03 15:13:22 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011.11.03 10:41:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.11.02 22:35:40 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2011.11.02 22:17:07 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2011.11.02 21:11:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.11.02 21:05:40 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011.11.02 20:56:23 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.08.27 08:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2012.01.02 14:49:10 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Alawar Entertainment [2012.01.04 23:46:45 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Azureus [2011.11.03 15:13:13 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Babylon [2011.11.07 09:10:12 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\BabylonToolbar [2011.11.04 16:33:11 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Ebner [2011.11.02 21:20:17 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\InterTrust [2011.11.05 16:27:24 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Leadertech [2011.11.05 16:17:37 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\OpenCandy [2011.11.28 15:22:55 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\OpenOffice.org [2011.11.04 21:23:03 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Sony [2011.11.02 20:57:44 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Splashtop [2011.11.21 09:48:47 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Windows Live Writer [2009.07.14 06:08:49 | 000,024,318 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.11.16 21:56:03 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Adobe [2012.01.02 14:49:10 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Alawar Entertainment [2011.11.03 10:41:56 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\ATI [2012.01.04 23:46:45 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Azureus [2011.11.03 15:13:13 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Babylon [2011.11.07 09:10:12 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\BabylonToolbar [2011.11.25 12:31:36 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\CyberLink [2011.12.06 14:17:50 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\dvdcss [2011.11.04 16:33:11 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Ebner [2011.11.03 09:26:03 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Gretech [2011.11.02 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Identities [2011.11.02 21:05:19 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\InstallShield [2011.11.02 21:20:17 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\InterTrust [2011.11.05 16:27:24 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Leadertech [2011.11.05 16:25:50 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Logishrd [2011.11.05 16:27:33 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Logitech [2011.11.02 23:04:47 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Macromedia [2012.01.05 00:30:08 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Malwarebytes [2011.04.12 08:54:56 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Media Center Programs [2011.11.08 18:32:57 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Media Player Classic [2011.11.10 11:42:59 | 000,000,000 | --SD | M] -- C:\Users\Shadow\AppData\Roaming\Microsoft [2011.11.02 21:11:48 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Mozilla [2011.11.05 16:17:37 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\OpenCandy [2011.11.28 15:22:55 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\OpenOffice.org [2012.01.04 21:48:29 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\PC Tools [2011.11.04 21:23:03 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Sony [2011.11.02 20:57:44 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Splashtop [2011.11.02 22:17:37 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\vlc [2011.11.06 10:51:48 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Winamp [2011.11.21 09:48:47 | 000,000,000 | ---D | M] -- C:\Users\Shadow\AppData\Roaming\Windows Live Writer < %APPDATA%\*.exe /s > [2011.11.02 22:54:48 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Shadow\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe [2011.11.05 16:27:24 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Shadow\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2011.08.01 17:32:56 | 005,845,544 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\Shadow\AppData\Roaming\OpenCandy\FE94D596C1DE4EEC822A7A08B19F7AE8\ds_DeDnCD_driverscanner.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:DFC5A2B2 < End of report > Geändert von ArcKitten (05.01.2012 um 02:25 Uhr) |
|
05.01.2012, 13:14
| #3 |
| /// Malware-holic   | 95p.com Plage hi,
__________________1. ist das neu aufsetzen bei dieser malware sowieso das beste. 2. hättest du das thema über keygens und cracks lesen sollen, da heißt es deutlich, das wir bei solchen funden: C:\Users\Shadow\Desktop\keygen,sonyvegas,usb ordner,lolita komplex\Keygen.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. nur beim formatieren, neu aufsetzen und absichern des pcs helfen, da solche software bzw deren verwendung strafbar ist.
__________________ |
|
05.01.2012, 15:48
| #4 |
| | 95p.com Plage Tut mir leid bezüglich dessen, ich hatte gestern noch keine zeit mir die logs überhaupt durchzulesen. wie gesagt is der PC eines freundes ich hab keine ahnung was er tut. aber das problem scheint jetz behoben zu sein und werde mich jetz um die absicherung seines PCs kümmern. nochmals verzeihung für die störung |
|
05.01.2012, 15:49
| #5 |
| /// Malware-holic | 95p.com Plage ich bezweifle sehr das das system sauber ist, aber das müsst ihr wissen mit welchem risiko ihr leben wollt. es ist außerdem nicht sonderlich sinnvoll ein einmal infiziertes system zu sichern, das macht nur sinn bei einem garantiert sauberen pc. im übrigen fühle ich mich nicht gestört :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu 95p.com Plage |
| 95p.com, aufsetzen, belästigung, erschein, erscheint, freude, freund, gen, infiziert, meinungen, nerviger, neu, neu aufsetzen, nötig, plage, thema, unnötig, verschiedene, virus, weiterer, zeile |
Linear-Darstellung
