|
Plagegeister aller Art und deren Bekämpfung: Trojan.Ransom - Bezahlen und HerunterladenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.02.2012, 20:21 | #1 |
| Trojan.Ransom - Bezahlen und Herunterladen Hallöchen, hab gehört es ist "In" ist, sich den Rechner per "Bezahlen und Herunterladen"-Trojaner sperren zu lassen - mein Rechner konnte da gestern natürlich nicht nein sagen! Bin zwar verunsichert, wie und wo ich mir den eingefangen hab, aber hey - kann ich was draus lernen. Rechner funktioniert in abgesichertem Modus, Scan-Logs von OTL und Malwarebytes im Anhang. |
09.02.2012, 16:33 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Ransom - Bezahlen und HerunterladenZitat:
Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ |
10.02.2012, 06:48 | #3 |
| Trojan.Ransom - Bezahlen und Herunterladen So, gestern Abend und über Nacht habe ich folgende Aktionen durchgeführt:
__________________Im abgesicherten Modus: * Per Malwarebyte quickscan die Funde entfernt: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.09.06 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 Noffy :: NOFFY-PC [Administrator] Schutz: Deaktiviert 09.02.2012 19:28:43 mbam-log-2012-02-09 (19-28-43).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 164531 Laufzeit: 2 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ffdwnd (Trojan.Ransom) -> Daten: C:\Users\Noffy\AppData\Local\Mozilla\Firefox\firefox.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Noffy\AppData\Local\Mozilla\Firefox\firefox.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Noffy\AppData\Local\Temp\ms0cfg32.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.09.06 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 Noffy :: NOFFY-PC [Administrator] Schutz: Deaktiviert 09.02.2012 20:34:29 mbam-log-2012-02-09 (20-34-29).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1108239 Laufzeit: 1 Stunde(n), 27 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Windows konnte nach Entfernen zwar im Normalmodus hochgefahren werden, frorr jedoch nach wenigen Minuten ein. Da dies 5x passierte, selbst ohne großes Ausführen irgendwelcher Programme, entschloss ich mich, einen Wiederherstellungspunkt (4.2) vor Infektion zu wählen. * Systemwiederherstellung auf 4.2 Im Abgesicherten Modus: * ESET Scan nur der obigen Infektionsstellen: Keine Funde * Malware Bytes quick scan: Keine Funde Im Normalmodus ohne Internetverbindung (gezogenes Kabel) läuft Rechner anscheinend problemlos über 15-20 min mit Tätigkeit. Mit Kabel friert nachwievor die Explorer.exe und darauf folgend alles andere ein. Maus kann bewegt werden, Task Manager geht in einigen Fällen noch, in anderen öffnet er sich nicht einmal mehr. Rechner wurde nach den 20min wieder an Internet verbunden und frorr nach 2-3 Min prompt ein. Nach Kabel ziehen und einigen Minuten hat sich zwar ein Teil der zum Test ausgeführten Programme wieder gefangen, allerdings nicht alle und es gingen z.B. weder Herunterfahren noch Task Manager. * ESET scan aller Festplatten: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=b0eb417b710a7540b82c366b42824c0b # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-02-10 02:03:35 # local_time=2012-02-10 03:03:35 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 8278 80459461 0 0 # compatibility_mode=8192 67108863 100 0 173258 173258 0 0 # compatibility_mode=8449 16775165 50 99 6516 11594856 0 0 # scanned=953161 # found=1 # cleaned=0 # scan_time=11313 C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I |
10.02.2012, 07:55 | #4 |
| Trojan.Ransom - Bezahlen und Herunterladen Mitten im Editieren läuft die 60min Frist ab.. dumdedum. Hab vorm zur Arbeit gehen noch n OTL Quickscan mit den folgenden Parametern durchbekommen. Entspricht meiner Recherche nach einem Routinescan deiner Art. Der Scan erfolgte auf dem infizierten Nutzer im normalen Windowsmodus (ohne Internetkabel; Sophos On Access Scan deaktiviert). Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT |
10.02.2012, 13:06 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Ransom - Bezahlen und Herunterladen Mach mal im abgesicherten Modus mit Netzwerktreibern ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
10.02.2012, 18:45 | #6 | |
| Trojan.Ransom - Bezahlen und HerunterladenZitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.02.2012 18:28:09 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Noffy\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,91 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 61,52% Memory free 5,81 Gb Paging File | 4,72 Gb Available in Paging File | 81,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 98,44 Gb Total Space | 51,35 Gb Free Space | 52,17% Space Free | Partition Type: NTFS Drive D: | 146,48 Gb Total Space | 112,46 Gb Free Space | 76,77% Space Free | Partition Type: NTFS Drive E: | 332,03 Gb Total Space | 228,88 Gb Free Space | 68,93% Space Free | Partition Type: NTFS Drive F: | 322,26 Gb Total Space | 191,77 Gb Free Space | 59,51% Space Free | Partition Type: NTFS Drive G: | 312,50 Gb Total Space | 28,43 Gb Free Space | 9,10% Space Free | Partition Type: NTFS Computer Name: NOFFY-PC | User Name: Noffy | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.10 06:57:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Noffy\Desktop\OTL.exe PRC - [2011.09.28 19:10:20 | 000,099,864 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe ========== Modules (No Company Name) ========== MOD - [2011.08.28 22:19:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2012.02.09 22:38:08 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.05 17:22:18 | 000,167,960 | ---- | M] (Sophos Limited) [Unknown | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2011.10.05 17:21:49 | 001,543,704 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2011.09.28 19:10:20 | 000,099,864 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2011.09.22 19:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2011.09.08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2011.09.08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2011.07.27 22:23:06 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.05.21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Programme\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv) SRV - [2007.04.02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Programme\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv) ========== Driver Services (SafeList) ========== DRV - [2012.01.16 14:01:58 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.10.05 17:22:04 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Stopped] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess) DRV - [2011.09.28 19:10:17 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan) DRV - [2011.09.28 19:10:17 | 000,024,312 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter) DRV - [2011.09.28 19:10:15 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV - [2011.09.08 17:49:36 | 000,010,752 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2011.09.08 17:49:26 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2011.09.08 17:49:24 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2011.08.03 21:27:28 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2011.02.10 13:52:10 | 000,141,952 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2011.02.10 13:52:10 | 000,063,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.10.14 18:27:18 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2010.03.23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.11.18 00:12:00 | 000,024,664 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBfilt32.sys -- (MBfilt) DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 CE CF D6 71 E7 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: de-CH@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.uni-marburg.de/proxy.pac" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Noffy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 19:53:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.28 20:48:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.09.28 20:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noffy\AppData\Roaming\mozilla\Extensions [2012.02.02 19:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions [2011.09.28 20:33:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.02.09 22:19:16 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011.09.28 20:33:33 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2012.01.27 13:13:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.09.28 20:33:32 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\de-AT@dictionaries.addons.mozilla.org [2011.09.28 20:33:32 | 000,000,000 | ---D | M] (German Dictionary (Switzerland)) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\de-CH@dictionaries.addons.mozilla.org [2011.09.28 20:33:32 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.09.28 20:33:32 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\en-US@dictionaries.addons.mozilla.org [2011.11.05 12:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\sphtcxgm.test\extensions [2011.11.05 12:47:18 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\sphtcxgm.test\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.01.07 18:37:57 | 000,002,055 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\Mozilla\Firefox\Profiles\nex806n2.default\searchplugins\daemon-search.xml [2011.11.11 18:17:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\USERS\NOFFY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NEX806N2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\NOFFY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NEX806N2.DEFAULT\EXTENSIONS\{F86E6264-E877-5FCE-C3E4-8668A7D99DA2}.XPI [2012.02.02 19:53:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.01.05 00:44:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.05 00:44:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.05 00:44:23 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.05 00:44:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.05 00:44:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.05 00:44:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Limited) O4 - HKLM..\Run: [Super-Charger] C:\Programme\MSI\Super-Charger\StartSuperCharger.exe (TODO: <Company name>) O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Noffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Miranda IM (2).lnk = C:\Programme\Miranda IM\miranda32.exe ( ) O4 - Startup: C:\Users\Noffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Noffy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{180CF972-282D-449C-84BF-69029C34EEE2}: DhcpNameServer = 192.168.2.1 O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SAVService - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SAVService - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler) Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\Windows\System32\xvidvfw.dll () CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.02.10 06:57:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Noffy\Desktop\OTL.exe [2012.02.09 22:30:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.09 22:30:18 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Noffy\Desktop\mbam-setup-1.60.1.1000.exe [2012.02.08 20:42:03 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\Combofix Kram [2012.02.08 18:33:57 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\reinschiebe ordner [2012.02.08 00:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.02.08 00:43:44 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\QuickScan [2012.02.08 00:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.02.08 00:37:20 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\nerv [2012.02.08 00:30:18 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\Malwarebytes [2012.02.08 00:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.08 00:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.08 00:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.07 23:37:49 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\Development new experimental setup [2012.01.29 20:42:02 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\OF Phys [2012.01.28 23:34:22 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\SQUID [2012.01.21 21:57:01 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\Neuer Ordner [2012.01.19 20:25:49 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\Origin Export [2012.01.17 16:01:33 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\GRETECH [2012.01.16 14:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OriginLab [2012.01.16 14:15:10 | 001,637,520 | ---- | C] (Codejock Software) -- C:\Windows\System32\LPUIT05N.dll [2012.01.16 14:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\OriginLab [2012.01.16 14:13:27 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\InstallShield [2012.01.16 14:12:23 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft [2012.01.16 02:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Philips X'Pert Plus [2012.01.16 02:15:01 | 001,554,984 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\olch2x32.ocx [2012.01.16 02:15:01 | 001,367,080 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\olch3x32.ocx [2012.01.16 02:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\Philips [2012.01.15 22:45:02 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\PANalytical [2012.01.15 22:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\ParallelGraphics [2012.01.15 22:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParallelGraphics [2012.01.15 22:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PANalytical X'Pert HighScore Plus [2012.01.15 22:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PANalytical [2012.01.15 22:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\PANalytical [2012.01.15 22:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PANalytical [2012.01.14 15:08:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\{26D901A1-2540-4430-81DC-0317F01BD7BE} [2012.01.14 15:08:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\{35E78C3F-A136-46F8-8B7E-979CEDFC199F} [2011.10.21 16:52:06 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.02.14 14:35:58 | 004,411,392 | ---- | C] (Gabest) -- C:\Program Files\mplayerc.exe [1 C:\Users\Noffy\*.tmp files -> C:\Users\Noffy\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.10 18:25:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.10 18:25:13 | 2339,897,344 | -HS- | M] () -- C:\hiberfil.sys [2012.02.10 07:51:07 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.10 07:51:07 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.10 07:51:07 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.10 07:51:07 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.10 07:15:04 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.10 07:15:04 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.10 06:57:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Noffy\Desktop\OTL.exe [2012.02.09 23:43:19 | 006,446,463 | ---- | M] () -- C:\Users\Noffy\Desktop\fallout_equestria_ereader_by_maximillianveers-d3k8aym.pdf [2012.02.09 22:30:47 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.09 22:30:26 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Noffy\Desktop\mbam-setup-1.60.1.1000.exe [2012.01.30 18:49:17 | 000,075,672 | ---- | M] () -- C:\Users\Noffy\Desktop\EM fc500.ogw [2012.01.29 16:55:26 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\LyX 2.0.lnk [2012.01.29 16:49:45 | 078,591,904 | ---- | M] () -- C:\Users\Noffy\Desktop\LyX-2.0.2-1-Installer.exe [2012.01.29 13:18:49 | 000,001,441 | ---- | M] () -- C:\Users\Noffy\.recently-used.xbel [2012.01.22 21:30:34 | 011,106,649 | ---- | M] () -- C:\Users\Noffy\Desktop\evil makeover 3d ref.psd [2012.01.21 12:43:51 | 000,167,544 | ---- | M] () -- C:\Users\Noffy\Desktop\science_by_egophiliac-d4n2gxa.png [2012.01.16 14:15:38 | 000,001,999 | ---- | M] () -- C:\Users\Noffy\Desktop\OriginPro 8.lnk [2012.01.16 14:02:21 | 000,001,143 | ---- | M] () -- C:\Users\Noffy\Desktop\Origin - Verknüpfung.lnk [2012.01.16 02:15:08 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\X'Pert Plus.lnk [2012.01.16 02:14:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012.01.16 02:14:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012.01.15 22:41:30 | 000,000,154 | ---- | M] () -- C:\Windows\ODBC.INI [2012.01.15 22:41:26 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI [2012.01.15 22:41:25 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\X'Pert HighScore Plus.lnk [2012.01.14 15:08:15 | 000,001,307 | ---- | M] () -- C:\Users\Public\Desktop\Creative Product Registration.lnk [2012.01.14 15:08:15 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\Creative Centrale.lnk [2012.01.11 23:34:17 | 027,558,304 | ---- | M] () -- C:\Users\Noffy\Desktop\2012 State of the Herd Report.pdf [1 C:\Users\Noffy\*.tmp files -> C:\Users\Noffy\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.09 23:43:15 | 006,446,463 | ---- | C] () -- C:\Users\Noffy\Desktop\fallout_equestria_ereader_by_maximillianveers-d3k8aym.pdf [2012.02.09 22:30:47 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.30 18:49:17 | 000,075,672 | ---- | C] () -- C:\Users\Noffy\Desktop\EM fc500.ogw [2012.01.29 16:45:28 | 078,591,904 | ---- | C] () -- C:\Users\Noffy\Desktop\LyX-2.0.2-1-Installer.exe [2012.01.29 13:18:49 | 000,001,441 | ---- | C] () -- C:\Users\Noffy\.recently-used.xbel [2012.01.22 21:30:33 | 011,106,649 | ---- | C] () -- C:\Users\Noffy\Desktop\evil makeover 3d ref.psd [2012.01.21 12:43:48 | 000,167,544 | ---- | C] () -- C:\Users\Noffy\Desktop\science_by_egophiliac-d4n2gxa.png [2012.01.16 14:16:20 | 000,001,999 | ---- | C] () -- C:\Users\Noffy\Desktop\OriginPro 8.lnk [2012.01.16 14:15:11 | 000,065,536 | ---- | C] () -- C:\Windows\System32\ltserial.dll [2012.01.16 14:02:21 | 000,001,143 | ---- | C] () -- C:\Users\Noffy\Desktop\Origin - Verknüpfung.lnk [2012.01.16 02:15:08 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\X'Pert Plus.lnk [2012.01.16 02:15:02 | 000,000,393 | ---- | C] () -- C:\Windows\System32\olchart.lic [2012.01.16 02:14:45 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2012.01.16 02:14:45 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2012.01.15 22:41:30 | 000,000,154 | ---- | C] () -- C:\Windows\ODBC.INI [2012.01.15 22:41:26 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.01.15 22:41:25 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\X'Pert HighScore Plus.lnk [2012.01.14 15:08:15 | 000,001,307 | ---- | C] () -- C:\Users\Public\Desktop\Creative Product Registration.lnk [2012.01.14 15:08:15 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\Creative Centrale.lnk [2012.01.11 23:32:28 | 027,558,304 | ---- | C] () -- C:\Users\Noffy\Desktop\2012 State of the Herd Report.pdf [2012.01.07 14:59:56 | 000,000,028 | ---- | C] () -- C:\Users\Noffy\AppData\Roaming\PhonerLitesettings.ini [2011.12.20 16:12:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.12.20 16:05:30 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2011.10.21 17:23:10 | 000,217,536 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin [2011.10.21 17:22:54 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll [2011.10.21 17:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll [2011.10.04 16:06:17 | 000,003,584 | ---- | C] () -- C:\Users\Noffy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.28 20:37:28 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.09.28 20:36:57 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.09.28 20:36:57 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.09.28 20:36:56 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.09.28 20:36:56 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.09.28 20:36:56 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.09.28 19:16:12 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.09.28 19:14:49 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll [2011.09.28 19:14:46 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin [2011.09.28 19:14:46 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin [2011.09.28 19:14:46 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2011.09.28 19:03:28 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2011.07.28 16:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2010.03.23 12:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2009.07.14 09:47:43 | 000,696,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,147,916 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,294,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,651,938 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,120,870 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2011.09.30 13:43:17 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Amazon [2012.01.26 16:07:03 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Audacity [2011.10.04 22:47:07 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\DVDVideoSoft [2011.10.01 11:51:16 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.29 18:56:13 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Foxit Software [2011.09.28 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\inkscape [2011.10.18 20:08:11 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\LyX2.0 [2011.09.28 19:51:34 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Miranda [2011.09.30 13:32:48 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\OpenOffice.org [2012.01.15 22:45:02 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\PANalytical [2012.01.07 15:01:47 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\PhonerLite [2012.02.08 00:43:51 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\QuickScan [2011.12.20 16:12:30 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Samsung [2011.09.28 20:43:37 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Thunderbird [2012.02.10 00:49:28 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\XnView [2009.07.14 05:53:46 | 000,010,204 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.09.30 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Adobe [2011.09.30 13:43:17 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Amazon [2011.10.04 16:21:16 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Apple Computer [2012.01.26 16:07:03 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Audacity [2011.10.04 16:04:12 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Creative [2011.10.04 22:47:07 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\DVDVideoSoft [2011.10.01 11:51:16 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.29 18:56:13 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Foxit Software [2012.01.17 16:01:33 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\GRETECH [2011.09.28 19:01:13 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Identities [2011.09.28 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\inkscape [2012.01.16 14:13:27 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\InstallShield [2011.10.18 20:08:11 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\LyX2.0 [2011.09.28 20:35:34 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Macromedia [2012.02.08 00:30:18 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Malwarebytes [2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Media Center Programs [2011.09.28 19:43:49 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Media Player Classic [2012.01.05 01:06:29 | 000,000,000 | --SD | M] -- C:\Users\Noffy\AppData\Roaming\Microsoft [2011.10.15 12:16:08 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\MiKTeX [2011.09.28 19:51:34 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Miranda [2011.12.08 12:51:32 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\mIRC [2011.09.28 20:32:26 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Mozilla [2011.09.30 13:32:48 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\OpenOffice.org [2012.01.15 22:45:02 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\PANalytical [2012.01.07 15:01:47 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\PhonerLite [2012.02.08 00:43:51 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\QuickScan [2011.12.20 16:12:30 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Samsung [2012.02.10 07:08:25 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Skype [2011.09.28 20:43:37 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Thunderbird [2012.02.09 22:19:28 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\vlc [2011.09.29 00:46:59 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\WinRAR [2011.11.01 17:23:44 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\WTablet [2012.02.10 00:49:28 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\XnView < %APPDATA%\*.exe /s > [2010.03.29 07:53:22 | 000,029,984 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Noffy\AppData\Roaming\Mozilla\Firefox\Profiles\nex806n2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe [2012.01.15 22:45:11 | 000,784,600 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\DICVOL04.exe [2012.01.15 22:45:11 | 000,293,376 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\DicvolWIN.exe [2012.01.15 22:45:11 | 000,159,744 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\drawxtl.exe [2012.01.15 22:45:11 | 000,319,488 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\Fourier.exe [2012.01.15 22:45:11 | 000,253,440 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\ItoWin.exe [2012.01.15 22:45:11 | 000,757,760 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\McMaille.exe [2012.01.15 22:45:12 | 000,247,405 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\Stid.exe [2012.01.15 22:45:12 | 000,318,464 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\TIDY.EXE [2012.01.15 22:45:11 | 000,261,120 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\TreorWin.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2012.01.16 14:01:58 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:60466E88 < End of report > |
10.02.2012, 19:32 | #7 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Ransom - Bezahlen und HerunterladenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
10.02.2012, 19:55 | #8 |
| Trojan.Ransom - Bezahlen und Herunterladen OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.02.2012 19:48:11 - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Noffy\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,91 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 75,77% Memory free 5,81 Gb Paging File | 5,24 Gb Available in Paging File | 90,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 98,44 Gb Total Space | 51,22 Gb Free Space | 52,03% Space Free | Partition Type: NTFS Drive D: | 146,48 Gb Total Space | 112,46 Gb Free Space | 76,77% Space Free | Partition Type: NTFS Drive E: | 332,03 Gb Total Space | 228,88 Gb Free Space | 68,93% Space Free | Partition Type: NTFS Drive F: | 322,26 Gb Total Space | 191,77 Gb Free Space | 59,51% Space Free | Partition Type: NTFS Drive G: | 312,50 Gb Total Space | 28,43 Gb Free Space | 9,10% Space Free | Partition Type: NTFS Computer Name: NOFFY-PC | User Name: Noffy | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.10 06:57:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Noffy\Desktop\OTL.exe PRC - [2011.09.28 19:10:20 | 000,099,864 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe ========== Modules (No Company Name) ========== MOD - [2011.08.28 22:19:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2012.02.09 22:38:08 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.05 17:22:18 | 000,167,960 | ---- | M] (Sophos Limited) [Unknown | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2011.10.05 17:21:49 | 001,543,704 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2011.09.28 19:10:20 | 000,099,864 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2011.09.22 19:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2011.09.08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2011.09.08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2011.07.27 22:23:06 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.05.21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Programme\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv) SRV - [2007.04.02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Programme\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv) ========== Driver Services (SafeList) ========== DRV - [2012.01.16 14:01:58 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.10.05 17:22:04 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Stopped] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess) DRV - [2011.09.28 19:10:17 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan) DRV - [2011.09.28 19:10:17 | 000,024,312 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter) DRV - [2011.09.28 19:10:15 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV - [2011.09.08 17:49:36 | 000,010,752 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2011.09.08 17:49:26 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2011.09.08 17:49:24 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2011.08.03 21:27:28 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2011.02.10 13:52:10 | 000,141,952 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2011.02.10 13:52:10 | 000,063,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.10.14 18:27:18 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2010.03.23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.11.18 00:12:00 | 000,024,664 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBfilt32.sys -- (MBfilt) DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\S-1-5-21-3965050881-2691603338-3298671605-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3965050881-2691603338-3298671605-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3965050881-2691603338-3298671605-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 CE CF D6 71 E7 CC 01 [binary data] IE - HKU\S-1-5-21-3965050881-2691603338-3298671605-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: de-CH@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.uni-marburg.de/proxy.pac" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Noffy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 19:53:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.28 20:48:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.09.28 20:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noffy\AppData\Roaming\mozilla\Extensions [2012.02.02 19:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions [2011.09.28 20:33:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.02.09 22:19:16 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011.09.28 20:33:33 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2012.01.27 13:13:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.09.28 20:33:32 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\de-AT@dictionaries.addons.mozilla.org [2011.09.28 20:33:32 | 000,000,000 | ---D | M] (German Dictionary (Switzerland)) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\de-CH@dictionaries.addons.mozilla.org [2011.09.28 20:33:32 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.09.28 20:33:32 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\en-US@dictionaries.addons.mozilla.org [2011.11.05 12:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\sphtcxgm.test\extensions [2011.11.05 12:47:18 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\sphtcxgm.test\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.01.07 18:37:57 | 000,002,055 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\Mozilla\Firefox\Profiles\nex806n2.default\searchplugins\daemon-search.xml [2011.11.11 18:17:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\USERS\NOFFY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NEX806N2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\NOFFY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NEX806N2.DEFAULT\EXTENSIONS\{F86E6264-E877-5FCE-C3E4-8668A7D99DA2}.XPI [2012.02.02 19:53:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.01.05 00:44:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.05 00:44:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.05 00:44:23 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.05 00:44:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.05 00:44:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.05 00:44:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Limited) O4 - HKLM..\Run: [Super-Charger] C:\Programme\MSI\Super-Charger\StartSuperCharger.exe (TODO: <Company name>) O4 - HKU\S-1-5-21-3965050881-2691603338-3298671605-1000..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-3965050881-2691603338-3298671605-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Noffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Miranda IM (2).lnk = C:\Programme\Miranda IM\miranda32.exe ( ) O4 - Startup: C:\Users\Noffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Noffy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{180CF972-282D-449C-84BF-69029C34EEE2}: DhcpNameServer = 192.168.2.1 O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SAVService - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SAVService - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler) Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\Windows\System32\xvidvfw.dll () CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.02.10 06:57:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Noffy\Desktop\OTL.exe [2012.02.09 22:30:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.09 22:30:18 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Noffy\Desktop\mbam-setup-1.60.1.1000.exe [2012.02.08 20:42:03 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\Combofix Kram [2012.02.08 18:33:57 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\reinschiebe ordner [2012.02.08 00:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.02.08 00:43:44 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\QuickScan [2012.02.08 00:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.02.08 00:37:20 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\nerv [2012.02.08 00:30:18 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\Malwarebytes [2012.02.08 00:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.08 00:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.08 00:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.07 23:37:49 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\Development new experimental setup [2012.01.29 20:42:02 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\OF Phys [2012.01.28 23:34:22 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\SQUID [2012.01.21 21:57:01 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\Neuer Ordner [2012.01.19 20:25:49 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\Origin Export [2012.01.17 16:01:33 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\GRETECH [2012.01.16 14:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OriginLab [2012.01.16 14:15:10 | 001,637,520 | ---- | C] (Codejock Software) -- C:\Windows\System32\LPUIT05N.dll [2012.01.16 14:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\OriginLab [2012.01.16 14:13:27 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\InstallShield [2012.01.16 14:12:23 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft [2012.01.16 02:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Philips X'Pert Plus [2012.01.16 02:15:01 | 001,554,984 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\olch2x32.ocx [2012.01.16 02:15:01 | 001,367,080 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\olch3x32.ocx [2012.01.16 02:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\Philips [2012.01.15 22:45:02 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\PANalytical [2012.01.15 22:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\ParallelGraphics [2012.01.15 22:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParallelGraphics [2012.01.15 22:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PANalytical X'Pert HighScore Plus [2012.01.15 22:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PANalytical [2012.01.15 22:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\PANalytical [2012.01.15 22:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PANalytical [2012.01.14 15:08:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\{26D901A1-2540-4430-81DC-0317F01BD7BE} [2012.01.14 15:08:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\{35E78C3F-A136-46F8-8B7E-979CEDFC199F} [2011.10.21 16:52:06 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.02.14 14:35:58 | 004,411,392 | ---- | C] (Gabest) -- C:\Program Files\mplayerc.exe [1 C:\Users\Noffy\*.tmp files -> C:\Users\Noffy\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.10 18:31:07 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.10 18:31:07 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.10 18:31:07 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.10 18:31:07 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.10 18:25:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.10 18:25:13 | 2339,897,344 | -HS- | M] () -- C:\hiberfil.sys [2012.02.10 07:15:04 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.10 07:15:04 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.10 06:57:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Noffy\Desktop\OTL.exe [2012.02.09 23:43:19 | 006,446,463 | ---- | M] () -- C:\Users\Noffy\Desktop\fallout_equestria_ereader_by_maximillianveers-d3k8aym.pdf [2012.02.09 22:30:47 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.09 22:30:26 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Noffy\Desktop\mbam-setup-1.60.1.1000.exe [2012.01.30 18:49:17 | 000,075,672 | ---- | M] () -- C:\Users\Noffy\Desktop\EM fc500.ogw [2012.01.29 16:55:26 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\LyX 2.0.lnk [2012.01.29 16:49:45 | 078,591,904 | ---- | M] () -- C:\Users\Noffy\Desktop\LyX-2.0.2-1-Installer.exe [2012.01.29 13:18:49 | 000,001,441 | ---- | M] () -- C:\Users\Noffy\.recently-used.xbel [2012.01.22 21:30:34 | 011,106,649 | ---- | M] () -- C:\Users\Noffy\Desktop\evil makeover 3d ref.psd [2012.01.21 12:43:51 | 000,167,544 | ---- | M] () -- C:\Users\Noffy\Desktop\science_by_egophiliac-d4n2gxa.png [2012.01.16 14:15:38 | 000,001,999 | ---- | M] () -- C:\Users\Noffy\Desktop\OriginPro 8.lnk [2012.01.16 14:02:21 | 000,001,143 | ---- | M] () -- C:\Users\Noffy\Desktop\Origin - Verknüpfung.lnk [2012.01.16 02:15:08 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\X'Pert Plus.lnk [2012.01.16 02:14:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012.01.16 02:14:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012.01.15 22:41:30 | 000,000,154 | ---- | M] () -- C:\Windows\ODBC.INI [2012.01.15 22:41:26 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI [2012.01.15 22:41:25 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\X'Pert HighScore Plus.lnk [2012.01.14 15:08:15 | 000,001,307 | ---- | M] () -- C:\Users\Public\Desktop\Creative Product Registration.lnk [2012.01.14 15:08:15 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\Creative Centrale.lnk [2012.01.11 23:34:17 | 027,558,304 | ---- | M] () -- C:\Users\Noffy\Desktop\2012 State of the Herd Report.pdf [1 C:\Users\Noffy\*.tmp files -> C:\Users\Noffy\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.09 23:43:15 | 006,446,463 | ---- | C] () -- C:\Users\Noffy\Desktop\fallout_equestria_ereader_by_maximillianveers-d3k8aym.pdf [2012.02.09 22:30:47 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.30 18:49:17 | 000,075,672 | ---- | C] () -- C:\Users\Noffy\Desktop\EM fc500.ogw [2012.01.29 16:45:28 | 078,591,904 | ---- | C] () -- C:\Users\Noffy\Desktop\LyX-2.0.2-1-Installer.exe [2012.01.29 13:18:49 | 000,001,441 | ---- | C] () -- C:\Users\Noffy\.recently-used.xbel [2012.01.22 21:30:33 | 011,106,649 | ---- | C] () -- C:\Users\Noffy\Desktop\evil makeover 3d ref.psd [2012.01.21 12:43:48 | 000,167,544 | ---- | C] () -- C:\Users\Noffy\Desktop\science_by_egophiliac-d4n2gxa.png [2012.01.16 14:16:20 | 000,001,999 | ---- | C] () -- C:\Users\Noffy\Desktop\OriginPro 8.lnk [2012.01.16 14:15:11 | 000,065,536 | ---- | C] () -- C:\Windows\System32\ltserial.dll [2012.01.16 14:02:21 | 000,001,143 | ---- | C] () -- C:\Users\Noffy\Desktop\Origin - Verknüpfung.lnk [2012.01.16 02:15:08 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\X'Pert Plus.lnk [2012.01.16 02:15:02 | 000,000,393 | ---- | C] () -- C:\Windows\System32\olchart.lic [2012.01.16 02:14:45 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2012.01.16 02:14:45 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2012.01.15 22:41:30 | 000,000,154 | ---- | C] () -- C:\Windows\ODBC.INI [2012.01.15 22:41:26 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.01.15 22:41:25 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\X'Pert HighScore Plus.lnk [2012.01.14 15:08:15 | 000,001,307 | ---- | C] () -- C:\Users\Public\Desktop\Creative Product Registration.lnk [2012.01.14 15:08:15 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\Creative Centrale.lnk [2012.01.11 23:32:28 | 027,558,304 | ---- | C] () -- C:\Users\Noffy\Desktop\2012 State of the Herd Report.pdf [2012.01.07 14:59:56 | 000,000,028 | ---- | C] () -- C:\Users\Noffy\AppData\Roaming\PhonerLitesettings.ini [2011.12.20 16:12:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.12.20 16:05:30 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2011.10.21 17:23:10 | 000,217,536 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin [2011.10.21 17:22:54 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll [2011.10.21 17:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll [2011.10.04 16:06:17 | 000,003,584 | ---- | C] () -- C:\Users\Noffy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.28 20:37:28 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.09.28 20:36:57 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.09.28 20:36:57 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.09.28 20:36:56 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.09.28 20:36:56 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.09.28 20:36:56 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.09.28 19:16:12 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.09.28 19:14:49 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll [2011.09.28 19:14:46 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin [2011.09.28 19:14:46 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin [2011.09.28 19:14:46 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2011.09.28 19:03:28 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2011.07.28 16:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2010.03.23 12:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2009.07.14 09:47:43 | 000,696,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,147,916 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,294,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,651,938 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,120,870 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2011.09.30 13:43:17 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Amazon [2012.01.26 16:07:03 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Audacity [2011.10.04 22:47:07 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\DVDVideoSoft [2011.10.01 11:51:16 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.29 18:56:13 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Foxit Software [2011.09.28 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\inkscape [2011.10.18 20:08:11 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\LyX2.0 [2011.09.28 19:51:34 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Miranda [2011.09.30 13:32:48 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\OpenOffice.org [2012.01.15 22:45:02 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\PANalytical [2012.01.07 15:01:47 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\PhonerLite [2012.02.08 00:43:51 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\QuickScan [2011.12.20 16:12:30 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Samsung [2011.09.28 20:43:37 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Thunderbird [2012.02.10 00:49:28 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\XnView [2009.07.14 05:53:46 | 000,010,204 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.09.30 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Adobe [2011.09.30 13:43:17 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Amazon [2011.10.04 16:21:16 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Apple Computer [2012.01.26 16:07:03 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Audacity [2011.10.04 16:04:12 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Creative [2011.10.04 22:47:07 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\DVDVideoSoft [2011.10.01 11:51:16 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.29 18:56:13 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Foxit Software [2012.01.17 16:01:33 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\GRETECH [2011.09.28 19:01:13 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Identities [2011.09.28 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\inkscape [2012.01.16 14:13:27 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\InstallShield [2011.10.18 20:08:11 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\LyX2.0 [2011.09.28 20:35:34 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Macromedia [2012.02.08 00:30:18 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Malwarebytes [2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Media Center Programs [2011.09.28 19:43:49 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Media Player Classic [2012.01.05 01:06:29 | 000,000,000 | --SD | M] -- C:\Users\Noffy\AppData\Roaming\Microsoft [2011.10.15 12:16:08 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\MiKTeX [2011.09.28 19:51:34 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Miranda [2011.12.08 12:51:32 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\mIRC [2011.09.28 20:32:26 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Mozilla [2011.09.30 13:32:48 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\OpenOffice.org [2012.01.15 22:45:02 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\PANalytical [2012.01.07 15:01:47 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\PhonerLite [2012.02.08 00:43:51 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\QuickScan [2011.12.20 16:12:30 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Samsung [2012.02.10 07:08:25 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Skype [2011.09.28 20:43:37 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Thunderbird [2012.02.09 22:19:28 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\vlc [2011.09.29 00:46:59 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\WinRAR [2011.11.01 17:23:44 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\WTablet [2012.02.10 00:49:28 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\XnView < %APPDATA%\*.exe /s > [2010.03.29 07:53:22 | 000,029,984 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Noffy\AppData\Roaming\Mozilla\Firefox\Profiles\nex806n2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe [2012.01.15 22:45:11 | 000,784,600 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\DICVOL04.exe [2012.01.15 22:45:11 | 000,293,376 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\DicvolWIN.exe [2012.01.15 22:45:11 | 000,159,744 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\drawxtl.exe [2012.01.15 22:45:11 | 000,319,488 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\Fourier.exe [2012.01.15 22:45:11 | 000,253,440 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\ItoWin.exe [2012.01.15 22:45:11 | 000,757,760 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\McMaille.exe [2012.01.15 22:45:12 | 000,247,405 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\Stid.exe [2012.01.15 22:45:12 | 000,318,464 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\TIDY.EXE [2012.01.15 22:45:11 | 000,261,120 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\TreorWin.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2012.01.16 14:01:58 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:60466E88 < End of report > |
10.02.2012, 21:28 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Ransom - Bezahlen und Herunterladen Ich hab den Eindruchk, das ist ein nicht gänzlich rien privat genutzer Rechner... Sophos, Cisco, squid...aber egal Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:60466E88 :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
10.02.2012, 22:02 | #10 | |
| Trojan.Ransom - Bezahlen und HerunterladenZitat:
Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. ADS C:\ProgramData\TEMP:60466E88 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Noffy ->Temp folder emptied: 435265015 bytes ->Temporary Internet Files folder emptied: 68335856 bytes ->Java cache emptied: 369900 bytes ->FireFox cache emptied: 159193807 bytes ->Flash cache emptied: 36465 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 72413001 bytes RecycleBin emptied: 9574120 bytes Total Files Cleaned = 711,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 02102012_215211 |
10.02.2012, 22:37 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Ransom - Bezahlen und Herunterladen Ich hab ja nichts gesagt...ich helfe Studenten immer gern, war selbst mal einer bis ich das Studium im ersten Semester abbrach weil ich genau wusste wie der Hase lief ich aus anderem Holz geschnitzt bin aber nicht aus dem für Studi-Dasein (ich laber schon wieder ) Gut kleiner Exkurs. Machen wir mal weiter. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
11.02.2012, 00:29 | #12 |
| Trojan.Ransom - Bezahlen und Herunterladen Hoppla, 2 Stunden übersehen das der Thread ne Seite 2 bekommen hat.. dumdedum.. Windows im Normalmodus ist selbst ohne Netzwerkkabel unglücklich und instabil, sodass das ganze zwei Anläufe gebraucht hat.. urgh. Beim ersten mal wie vorher eine lustige Runde einfrieren gehabt. Code:
ATTFilter 00:22:29.0828 4044 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57 00:22:29.0858 4044 ============================================================ 00:22:29.0858 4044 Current date / time: 2012/02/11 00:22:29.0858 00:22:29.0858 4044 SystemInfo: 00:22:29.0858 4044 00:22:29.0858 4044 OS Version: 6.1.7601 ServicePack: 1.0 00:22:29.0858 4044 Product type: Workstation 00:22:29.0858 4044 ComputerName: NOFFY-PC 00:22:29.0858 4044 UserName: Noffy 00:22:29.0858 4044 Windows directory: C:\Windows 00:22:29.0858 4044 System windows directory: C:\Windows 00:22:29.0858 4044 Processor architecture: Intel x86 00:22:29.0858 4044 Number of processors: 4 00:22:29.0858 4044 Page size: 0x1000 00:22:29.0858 4044 Boot type: Normal boot 00:22:29.0858 4044 ============================================================ 00:22:33.0011 4044 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 00:22:33.0025 4044 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 00:22:33.0027 4044 \Device\Harddisk0\DR0: 00:22:33.0038 4044 MBR used 00:22:33.0038 4044 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC4DF800 00:22:33.0038 4044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC4E0000, BlocksNum 0x28486800 00:22:33.0038 4044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x34966800, BlocksNum 0x27100000 00:22:33.0057 4044 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x5BA67000, BlocksNum 0x29810000 00:22:33.0057 4044 \Device\Harddisk1\DR1: 00:22:33.0059 4044 MBR used 00:22:33.0059 4044 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F8021 00:22:33.0435 4044 Initialize success 00:22:33.0435 4044 ============================================================ 00:22:39.0241 4432 ============================================================ 00:22:39.0241 4432 Scan started 00:22:39.0241 4432 Mode: Manual; SigCheck; TDLFS; 00:22:39.0241 4432 ============================================================ 00:22:42.0705 4432 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 00:22:42.0798 4432 1394ohci - ok 00:22:42.0845 4432 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 00:22:42.0861 4432 ACPI - ok 00:22:42.0876 4432 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 00:22:42.0939 4432 AcpiPmi - ok 00:22:43.0079 4432 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 00:22:43.0126 4432 adp94xx - ok 00:22:43.0141 4432 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 00:22:43.0173 4432 adpahci - ok 00:22:43.0188 4432 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 00:22:43.0204 4432 adpu320 - ok 00:22:43.0251 4432 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 00:22:43.0297 4432 AFD - ok 00:22:43.0329 4432 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 00:22:43.0344 4432 agp440 - ok 00:22:43.0360 4432 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 00:22:43.0375 4432 aic78xx - ok 00:22:43.0391 4432 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 00:22:43.0407 4432 aliide - ok 00:22:43.0438 4432 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 00:22:43.0438 4432 amdagp - ok 00:22:43.0453 4432 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 00:22:43.0469 4432 amdide - ok 00:22:43.0485 4432 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 00:22:43.0531 4432 AmdK8 - ok 00:22:43.0531 4432 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 00:22:43.0563 4432 AmdPPM - ok 00:22:43.0594 4432 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 00:22:43.0609 4432 amdsata - ok 00:22:43.0609 4432 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 00:22:43.0625 4432 amdsbs - ok 00:22:43.0656 4432 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 00:22:43.0672 4432 amdxata - ok 00:22:43.0703 4432 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 00:22:43.0781 4432 AppID - ok 00:22:43.0812 4432 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 00:22:43.0828 4432 arc - ok 00:22:43.0828 4432 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 00:22:43.0843 4432 arcsas - ok 00:22:43.0906 4432 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 00:22:43.0999 4432 AsyncMac - ok 00:22:44.0031 4432 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 00:22:44.0046 4432 atapi - ok 00:22:44.0093 4432 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 00:22:44.0124 4432 b06bdrv - ok 00:22:44.0171 4432 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 00:22:44.0202 4432 b57nd60x - ok 00:22:44.0218 4432 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 00:22:44.0265 4432 Beep - ok 00:22:44.0296 4432 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 00:22:44.0327 4432 blbdrive - ok 00:22:44.0358 4432 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 00:22:44.0389 4432 bowser - ok 00:22:44.0405 4432 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 00:22:44.0452 4432 BrFiltLo - ok 00:22:44.0452 4432 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 00:22:44.0499 4432 BrFiltUp - ok 00:22:44.0514 4432 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 00:22:44.0561 4432 Brserid - ok 00:22:44.0577 4432 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 00:22:44.0608 4432 BrSerWdm - ok 00:22:44.0623 4432 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 00:22:44.0655 4432 BrUsbMdm - ok 00:22:44.0670 4432 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 00:22:44.0686 4432 BrUsbSer - ok 00:22:44.0701 4432 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 00:22:44.0717 4432 BTHMODEM - ok 00:22:44.0748 4432 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 00:22:44.0779 4432 cdfs - ok 00:22:44.0811 4432 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys 00:22:44.0842 4432 cdrom - ok 00:22:44.0857 4432 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 00:22:44.0889 4432 circlass - ok 00:22:44.0904 4432 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 00:22:44.0920 4432 CLFS - ok 00:22:44.0967 4432 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 00:22:44.0982 4432 CmBatt - ok 00:22:44.0998 4432 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 00:22:45.0013 4432 cmdide - ok 00:22:45.0029 4432 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 00:22:45.0060 4432 CNG - ok 00:22:45.0076 4432 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 00:22:45.0091 4432 Compbatt - ok 00:22:45.0123 4432 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 00:22:45.0154 4432 CompositeBus - ok 00:22:45.0169 4432 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 00:22:45.0185 4432 crcdisk - ok 00:22:45.0247 4432 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys 00:22:45.0279 4432 CVirtA - ok 00:22:45.0294 4432 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys 00:22:45.0310 4432 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning 00:22:45.0310 4432 CVPNDRVA - detected UnsignedFile.Multi.Generic (1) 00:22:45.0341 4432 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 00:22:45.0372 4432 DfsC - ok 00:22:45.0403 4432 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 00:22:45.0435 4432 discache - ok 00:22:45.0435 4432 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 00:22:45.0450 4432 Disk - ok 00:22:45.0481 4432 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys 00:22:45.0497 4432 DNE - ok 00:22:45.0559 4432 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 00:22:45.0575 4432 drmkaud - ok 00:22:45.0606 4432 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 00:22:45.0622 4432 DXGKrnl - ok 00:22:45.0934 4432 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 00:22:46.0027 4432 ebdrv - ok 00:22:46.0277 4432 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 00:22:46.0308 4432 elxstor - ok 00:22:46.0324 4432 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 00:22:46.0355 4432 ErrDev - ok 00:22:46.0386 4432 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 00:22:46.0417 4432 exfat - ok 00:22:46.0449 4432 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 00:22:46.0480 4432 fastfat - ok 00:22:46.0495 4432 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 00:22:46.0527 4432 fdc - ok 00:22:46.0558 4432 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 00:22:46.0558 4432 FileInfo - ok 00:22:46.0573 4432 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 00:22:46.0620 4432 Filetrace - ok 00:22:46.0620 4432 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 00:22:46.0636 4432 flpydisk - ok 00:22:46.0667 4432 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 00:22:46.0683 4432 FltMgr - ok 00:22:46.0698 4432 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 00:22:46.0714 4432 FsDepends - ok 00:22:46.0729 4432 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 00:22:46.0745 4432 Fs_Rec - ok 00:22:46.0807 4432 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 00:22:46.0854 4432 fvevol - ok 00:22:46.0854 4432 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 00:22:46.0870 4432 gagp30kx - ok 00:22:46.0885 4432 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 00:22:46.0917 4432 hcw85cir - ok 00:22:46.0963 4432 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 00:22:46.0995 4432 HdAudAddService - ok 00:22:47.0010 4432 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 00:22:47.0041 4432 HDAudBus - ok 00:22:47.0057 4432 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 00:22:47.0088 4432 HidBatt - ok 00:22:47.0088 4432 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 00:22:47.0119 4432 HidBth - ok 00:22:47.0119 4432 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 00:22:47.0151 4432 HidIr - ok 00:22:47.0182 4432 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys 00:22:47.0182 4432 HidUsb - ok 00:22:47.0213 4432 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 00:22:47.0229 4432 HpSAMD - ok 00:22:47.0260 4432 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 00:22:47.0307 4432 HTTP - ok 00:22:47.0338 4432 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 00:22:47.0353 4432 hwpolicy - ok 00:22:47.0385 4432 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 00:22:47.0416 4432 i8042prt - ok 00:22:47.0447 4432 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 00:22:47.0463 4432 iaStorV - ok 00:22:48.0196 4432 igfx (3de3493935396b81cc57fdac32398001) C:\Windows\system32\DRIVERS\igdkmd32.sys 00:22:48.0383 4432 igfx - ok 00:22:48.0492 4432 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 00:22:48.0508 4432 iirsp - ok 00:22:48.0617 4432 IntcAzAudAddService (cfc95d0a7ee68aefd24f8ab7cc726101) C:\Windows\system32\drivers\RTKVHDA.sys 00:22:48.0695 4432 IntcAzAudAddService - ok 00:22:48.0742 4432 IntcDAud (5576ad2f0039d2bccca3567fc0bf981c) C:\Windows\system32\DRIVERS\IntcDAud.sys 00:22:48.0773 4432 IntcDAud - ok 00:22:48.0804 4432 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 00:22:48.0820 4432 intelide - ok 00:22:48.0835 4432 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 00:22:48.0867 4432 intelppm - ok 00:22:48.0898 4432 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 00:22:48.0929 4432 IpFilterDriver - ok 00:22:48.0945 4432 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 00:22:48.0976 4432 IPMIDRV - ok 00:22:48.0991 4432 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 00:22:49.0023 4432 IPNAT - ok 00:22:49.0069 4432 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 00:22:49.0101 4432 IRENUM - ok 00:22:49.0147 4432 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 00:22:49.0163 4432 isapnp - ok 00:22:49.0194 4432 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 00:22:49.0210 4432 iScsiPrt - ok 00:22:49.0257 4432 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 00:22:49.0257 4432 kbdclass - ok 00:22:49.0272 4432 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys 00:22:49.0288 4432 kbdhid - ok 00:22:49.0335 4432 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 00:22:49.0350 4432 KSecDD - ok 00:22:49.0366 4432 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 00:22:49.0381 4432 KSecPkg - ok 00:22:49.0444 4432 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 00:22:49.0475 4432 lltdio - ok 00:22:49.0506 4432 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 00:22:49.0522 4432 LSI_FC - ok 00:22:49.0522 4432 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 00:22:49.0537 4432 LSI_SAS - ok 00:22:49.0553 4432 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 00:22:49.0569 4432 LSI_SAS2 - ok 00:22:49.0584 4432 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 00:22:49.0600 4432 LSI_SCSI - ok 00:22:49.0615 4432 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 00:22:49.0662 4432 luafv - ok 00:22:49.0693 4432 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys 00:22:49.0725 4432 MBAMProtector - ok 00:22:49.0771 4432 MBfilt (29cb85a1fe091c9d3aa3c72d66df3e69) C:\Windows\system32\drivers\MBfilt32.sys 00:22:49.0787 4432 MBfilt - ok 00:22:49.0803 4432 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 00:22:49.0818 4432 megasas - ok 00:22:49.0818 4432 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 00:22:49.0834 4432 MegaSR - ok 00:22:49.0849 4432 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 00:22:49.0881 4432 Modem - ok 00:22:49.0912 4432 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 00:22:49.0927 4432 monitor - ok 00:22:49.0974 4432 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 00:22:49.0990 4432 mouclass - ok 00:22:50.0005 4432 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 00:22:50.0037 4432 mouhid - ok 00:22:50.0068 4432 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 00:22:50.0083 4432 mountmgr - ok 00:22:50.0115 4432 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 00:22:50.0130 4432 mpio - ok 00:22:50.0146 4432 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 00:22:50.0161 4432 mpsdrv - ok 00:22:50.0193 4432 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 00:22:50.0239 4432 MRxDAV - ok 00:22:50.0286 4432 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 00:22:50.0317 4432 mrxsmb - ok 00:22:50.0333 4432 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 00:22:50.0349 4432 mrxsmb10 - ok 00:22:50.0364 4432 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 00:22:50.0380 4432 mrxsmb20 - ok 00:22:50.0411 4432 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 00:22:50.0427 4432 msahci - ok 00:22:50.0458 4432 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 00:22:50.0458 4432 msdsm - ok 00:22:50.0520 4432 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 00:22:50.0536 4432 Msfs - ok 00:22:50.0551 4432 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 00:22:50.0583 4432 mshidkmdf - ok 00:22:50.0614 4432 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 00:22:50.0629 4432 msisadrv - ok 00:22:50.0645 4432 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 00:22:50.0676 4432 MSKSSRV - ok 00:22:50.0692 4432 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 00:22:50.0723 4432 MSPCLOCK - ok 00:22:50.0739 4432 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 00:22:50.0754 4432 MSPQM - ok 00:22:50.0785 4432 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 00:22:50.0801 4432 MsRPC - ok 00:22:50.0801 4432 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 00:22:50.0817 4432 mssmbios - ok 00:22:50.0848 4432 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 00:22:50.0879 4432 MSTEE - ok 00:22:50.0895 4432 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 00:22:50.0910 4432 MTConfig - ok 00:22:50.0910 4432 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 00:22:50.0926 4432 Mup - ok 00:22:50.0957 4432 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 00:22:50.0973 4432 NativeWifiP - ok 00:22:51.0035 4432 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 00:22:51.0051 4432 NDIS - ok 00:22:51.0097 4432 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 00:22:51.0144 4432 NdisCap - ok 00:22:51.0175 4432 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 00:22:51.0207 4432 NdisTapi - ok 00:22:51.0222 4432 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 00:22:51.0269 4432 Ndisuio - ok 00:22:51.0300 4432 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 00:22:51.0331 4432 NdisWan - ok 00:22:51.0363 4432 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 00:22:51.0378 4432 NDProxy - ok 00:22:51.0409 4432 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 00:22:51.0425 4432 NetBIOS - ok 00:22:51.0472 4432 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 00:22:51.0487 4432 NetBT - ok 00:22:51.0550 4432 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 00:22:51.0565 4432 nfrd960 - ok 00:22:51.0612 4432 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 00:22:51.0628 4432 Npfs - ok 00:22:51.0643 4432 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 00:22:51.0675 4432 nsiproxy - ok 00:22:51.0721 4432 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 00:22:51.0753 4432 Ntfs - ok 00:22:51.0768 4432 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 00:22:51.0815 4432 Null - ok 00:22:51.0846 4432 nusb3hub (bad636ee7ff5bf539854bba33868efc2) C:\Windows\system32\DRIVERS\nusb3hub.sys 00:22:51.0893 4432 nusb3hub - ok 00:22:51.0955 4432 nusb3xhc (dfafdc3051e04ffafddc4872394c1fc8) C:\Windows\system32\DRIVERS\nusb3xhc.sys 00:22:51.0971 4432 nusb3xhc - ok 00:22:52.0018 4432 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 00:22:52.0033 4432 nvraid - ok 00:22:52.0065 4432 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 00:22:52.0080 4432 nvstor - ok 00:22:52.0111 4432 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 00:22:52.0127 4432 nv_agp - ok 00:22:52.0143 4432 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 00:22:52.0174 4432 ohci1394 - ok 00:22:52.0205 4432 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 00:22:52.0221 4432 Parport - ok 00:22:52.0236 4432 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 00:22:52.0252 4432 partmgr - ok 00:22:52.0267 4432 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 00:22:52.0299 4432 Parvdm - ok 00:22:52.0330 4432 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 00:22:52.0345 4432 pci - ok 00:22:52.0345 4432 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 00:22:52.0361 4432 pciide - ok 00:22:52.0377 4432 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 00:22:52.0392 4432 pcmcia - ok 00:22:52.0408 4432 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 00:22:52.0423 4432 pcw - ok 00:22:52.0455 4432 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 00:22:52.0470 4432 PEAUTH - ok 00:22:52.0533 4432 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 00:22:52.0564 4432 PptpMiniport - ok 00:22:52.0579 4432 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 00:22:52.0611 4432 Processor - ok 00:22:52.0626 4432 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 00:22:52.0657 4432 Psched - ok 00:22:52.0704 4432 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 00:22:52.0735 4432 ql2300 - ok 00:22:52.0751 4432 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 00:22:52.0767 4432 ql40xx - ok 00:22:52.0782 4432 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 00:22:52.0798 4432 QWAVEdrv - ok 00:22:52.0813 4432 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 00:22:52.0829 4432 RasAcd - ok 00:22:52.0860 4432 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 00:22:52.0891 4432 RasAgileVpn - ok 00:22:52.0907 4432 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 00:22:52.0938 4432 Rasl2tp - ok 00:22:52.0954 4432 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 00:22:52.0969 4432 RasPppoe - ok 00:22:52.0985 4432 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 00:22:53.0016 4432 RasSstp - ok 00:22:53.0032 4432 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 00:22:53.0079 4432 rdbss - ok 00:22:53.0094 4432 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 00:22:53.0125 4432 rdpbus - ok 00:22:53.0219 4432 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 00:22:53.0313 4432 RDPCDD - ok 00:22:53.0344 4432 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 00:22:53.0375 4432 RDPENCDD - ok 00:22:53.0375 4432 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 00:22:53.0453 4432 RDPREFMP - ok 00:22:53.0500 4432 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys 00:22:53.0531 4432 RDPWD - ok 00:22:53.0562 4432 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 00:22:53.0578 4432 rdyboost - ok 00:22:53.0609 4432 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 00:22:53.0625 4432 rspndr - ok 00:22:53.0671 4432 RTL8167 (effd24b219c44f9044b8dbb95a54b7ab) C:\Windows\system32\DRIVERS\Rt86win7.sys 00:22:53.0687 4432 RTL8167 - ok 00:22:53.0749 4432 SAVOnAccess (529b904346872e9e9285cc2131542dc0) C:\Windows\system32\DRIVERS\savonaccess.sys 00:22:53.0781 4432 SAVOnAccess - ok 00:22:53.0812 4432 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 00:22:53.0827 4432 sbp2port - ok 00:22:53.0859 4432 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 00:22:53.0890 4432 scfilter - ok 00:22:53.0905 4432 sdcfilter (30bde6ba44a5afeb63f78eda06c64866) C:\Windows\system32\DRIVERS\sdcfilter.sys 00:22:53.0937 4432 sdcfilter - ok 00:22:53.0983 4432 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 00:22:53.0999 4432 secdrv - ok 00:22:54.0030 4432 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 00:22:54.0046 4432 Serenum - ok 00:22:54.0077 4432 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 00:22:54.0093 4432 Serial - ok 00:22:54.0124 4432 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 00:22:54.0155 4432 sermouse - ok 00:22:54.0186 4432 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 00:22:54.0217 4432 sffdisk - ok 00:22:54.0217 4432 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 00:22:54.0249 4432 sffp_mmc - ok 00:22:54.0264 4432 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 00:22:54.0295 4432 sffp_sd - ok 00:22:54.0311 4432 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 00:22:54.0327 4432 sfloppy - ok 00:22:54.0373 4432 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 00:22:54.0389 4432 sisagp - ok 00:22:54.0405 4432 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 00:22:54.0420 4432 SiSRaid2 - ok 00:22:54.0436 4432 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 00:22:54.0451 4432 SiSRaid4 - ok 00:22:54.0483 4432 SKMScan (e407a8eea2fd4bf560c05c0ebf1793b3) C:\Windows\system32\DRIVERS\skmscan.sys 00:22:54.0514 4432 SKMScan - ok 00:22:54.0514 4432 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 00:22:54.0545 4432 Smb - ok 00:22:54.0576 4432 SophosBootDriver (f2b7bd04146b3e6a895a1919e1f5da89) C:\Windows\system32\DRIVERS\SophosBootDriver.sys 00:22:54.0607 4432 SophosBootDriver - ok 00:22:54.0623 4432 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 00:22:54.0639 4432 spldr - ok 00:22:54.0701 4432 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\Windows\system32\Drivers\sptd.sys 00:22:54.0701 4432 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e 00:22:54.0701 4432 sptd ( LockedFile.Multi.Generic ) - warning 00:22:54.0701 4432 sptd - detected LockedFile.Multi.Generic (1) 00:22:54.0732 4432 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 00:22:54.0763 4432 srv - ok 00:22:54.0779 4432 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 00:22:54.0795 4432 srv2 - ok 00:22:54.0826 4432 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 00:22:54.0857 4432 srvnet - ok 00:22:54.0903 4432 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys 00:22:54.0923 4432 StarOpen ( UnsignedFile.Multi.Generic ) - warning 00:22:54.0923 4432 StarOpen - detected UnsignedFile.Multi.Generic (1) 00:22:54.0958 4432 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 00:22:54.0974 4432 stexstor - ok 00:22:55.0021 4432 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 00:22:55.0036 4432 swenum - ok 00:22:55.0114 4432 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys 00:22:55.0145 4432 Tcpip - ok 00:22:55.0223 4432 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys 00:22:55.0239 4432 TCPIP6 - ok 00:22:55.0317 4432 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 00:22:55.0333 4432 tcpipreg - ok 00:22:55.0442 4432 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 00:22:55.0473 4432 TDPIPE - ok 00:22:55.0551 4432 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys 00:22:55.0613 4432 TDTCP - ok 00:22:55.0676 4432 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 00:22:55.0691 4432 tdx - ok 00:22:55.0738 4432 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 00:22:55.0754 4432 TermDD - ok 00:22:55.0847 4432 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 00:22:55.0879 4432 tssecsrv - ok 00:22:55.0941 4432 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 00:22:55.0972 4432 TsUsbFlt - ok 00:22:56.0019 4432 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 00:22:56.0066 4432 tunnel - ok 00:22:56.0097 4432 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 00:22:56.0113 4432 uagp35 - ok 00:22:56.0159 4432 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 00:22:56.0191 4432 udfs - ok 00:22:56.0253 4432 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 00:22:56.0269 4432 uliagpkx - ok 00:22:56.0300 4432 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 00:22:56.0331 4432 umbus - ok 00:22:56.0393 4432 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 00:22:56.0425 4432 UmPass - ok 00:22:56.0503 4432 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys 00:22:56.0549 4432 usbaudio - ok 00:22:56.0565 4432 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 00:22:56.0612 4432 usbccgp - ok 00:22:56.0659 4432 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 00:22:56.0705 4432 usbcir - ok 00:22:56.0737 4432 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys 00:22:56.0768 4432 usbehci - ok 00:22:56.0799 4432 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 00:22:56.0846 4432 usbhub - ok 00:22:56.0893 4432 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys 00:22:56.0908 4432 usbohci - ok 00:22:56.0955 4432 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 00:22:56.0986 4432 usbprint - ok 00:22:57.0033 4432 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 00:22:57.0080 4432 USBSTOR - ok 00:22:57.0095 4432 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys 00:22:57.0127 4432 usbuhci - ok 00:22:57.0173 4432 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 00:22:57.0189 4432 vdrvroot - ok 00:22:57.0220 4432 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 00:22:57.0251 4432 vga - ok 00:22:57.0283 4432 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 00:22:57.0298 4432 VgaSave - ok 00:22:57.0329 4432 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 00:22:57.0345 4432 vhdmp - ok 00:22:57.0376 4432 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 00:22:57.0392 4432 viaagp - ok 00:22:57.0392 4432 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 00:22:57.0439 4432 ViaC7 - ok 00:22:57.0454 4432 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 00:22:57.0470 4432 viaide - ok 00:22:57.0501 4432 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 00:22:57.0517 4432 volmgr - ok 00:22:57.0579 4432 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 00:22:57.0626 4432 volmgrx - ok 00:22:57.0657 4432 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 00:22:57.0704 4432 volsnap - ok 00:22:57.0782 4432 vpnva (fc94804932cfc35f01b3ae510e3b4d5c) C:\Windows\system32\DRIVERS\vpnva.sys 00:22:57.0813 4432 vpnva - ok 00:22:57.0860 4432 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 00:22:57.0891 4432 vsmraid - ok 00:22:57.0938 4432 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 00:22:57.0969 4432 vwifibus - ok 00:22:58.0047 4432 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) C:\Windows\system32\DRIVERS\wacmoumonitor.sys 00:22:58.0094 4432 wacmoumonitor - ok 00:22:58.0156 4432 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys 00:22:58.0156 4432 wacommousefilter - ok 00:22:58.0187 4432 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 00:22:58.0219 4432 WacomPen - ok 00:22:58.0281 4432 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys 00:22:58.0297 4432 wacomvhid - ok 00:22:58.0328 4432 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 00:22:58.0359 4432 WANARP - ok 00:22:58.0359 4432 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 00:22:58.0375 4432 Wanarpv6 - ok 00:22:58.0453 4432 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 00:22:58.0499 4432 Wd - ok 00:22:58.0593 4432 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 00:22:58.0609 4432 Wdf01000 - ok 00:22:58.0624 4432 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 00:22:58.0655 4432 WfpLwf - ok 00:22:58.0671 4432 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 00:22:58.0687 4432 WIMMount - ok 00:22:58.0843 4432 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 00:22:58.0874 4432 WinUsb - ok 00:22:58.0936 4432 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 00:22:58.0952 4432 WmiAcpi - ok 00:22:58.0999 4432 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 00:22:59.0030 4432 ws2ifsl - ok 00:22:59.0077 4432 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 00:22:59.0108 4432 WudfPf - ok 00:22:59.0139 4432 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 00:22:59.0170 4432 WUDFRd - ok 00:22:59.0248 4432 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 00:23:00.0325 4432 \Device\Harddisk0\DR0 - ok 00:23:00.0340 4432 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 00:23:01.0744 4432 \Device\Harddisk1\DR1 - ok 00:23:01.0760 4432 Boot (0x1200) (c997f51035b28671e4cce0e1ce281368) \Device\Harddisk0\DR0\Partition0 00:23:01.0775 4432 \Device\Harddisk0\DR0\Partition0 - ok 00:23:01.0791 4432 Boot (0x1200) (3c6329bf13a79957c0e7e47bec45d0ec) \Device\Harddisk0\DR0\Partition1 00:23:01.0822 4432 \Device\Harddisk0\DR0\Partition1 - ok 00:23:01.0838 4432 Boot (0x1200) (fb6b9982794830c78813d712c0a554c5) \Device\Harddisk0\DR0\Partition2 00:23:01.0838 4432 \Device\Harddisk0\DR0\Partition2 - ok 00:23:01.0869 4432 Boot (0x1200) (d1a8553ade86cf76e72a858ad9a6e3f0) \Device\Harddisk0\DR0\Partition3 00:23:01.0885 4432 \Device\Harddisk0\DR0\Partition3 - ok 00:23:01.0885 4432 Boot (0x1200) (7acd7141b19f45f18f680aa53166626a) \Device\Harddisk1\DR1\Partition0 00:23:01.0885 4432 \Device\Harddisk1\DR1\Partition0 - ok 00:23:01.0885 4432 ============================================================ 00:23:01.0885 4432 Scan finished 00:23:01.0885 4432 ============================================================ 00:23:01.0900 4424 Detected object count: 3 00:23:01.0900 4424 Actual detected object count: 3 00:23:10.0808 4424 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user 00:23:10.0808 4424 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:23:10.0808 4424 sptd ( LockedFile.Multi.Generic ) - skipped by user 00:23:10.0808 4424 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 00:23:10.0808 4424 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user 00:23:10.0808 4424 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:23:44.0459 2636 Deinitialize success [Edit]: Mh, Anmerkung zu den drei Funden: * StarOpen gehört anscheinend zum nutzlosen Samsung PC Studio 3 mobile, * CVPNDRVA zum Bereits erwähnten Cisco VPN client. * Die sptd könnte von ner Alcohol 120% Installation vor einiger Zeit übrig geblieben sein. Unis und der reale Umgang mit (teurer!) professioneller Software sind anscheinend auch so ein Ding.. Aber man muss ja sparen sparen sparen... Ginge zum Teil zwar auch besser, aber da müsste sich jemand wirklich drum kümmern und das tut natürlich wieder keiner, weil sich die entsprechenden Entscheider nicht zuständig fühlen.. Wie ich in den letzten Wochen lernte ist der Zustand von Uni-Rechnern (inkl. der von festangestellten Mitarbeitern!) auch ein wenig gruselig. Idealismus trifft Realität, wohoo. :\ Die drei haben also schätzungsweise einen normaln Weg auf den Rechner gefunden. Geändert von L4m3ness (11.02.2012 um 01:07 Uhr) Grund: Ein wenig googlen |
11.02.2012, 16:35 | #13 |
| Trojan.Ransom - Bezahlen und Herunterladen Hab mich dazu entschlossen, Windows neu aufzusetzen, da ich (z.b. wegen online banking) ein wenig paranoid bin und ein System, dass nach ner Infektion instabil ist nun nicht gerade vertrauenserweckend ist. Ich glaub das geht schneller, als nun noch paar Stunden herumzudoktern und zu hoffen, dass dann wieder stabil wird. In der Zeit, wo ich an dem Rechner nicht das machen konnte, was ich wollte, konnte ich ja die lokalen Tutorials zum Thema PC Sichern lesen und werd mal anfangen, die abzuarbeiten und mal schauen, was ich zum Thema Backups und System-images besser machen kann (vermutlich viel!). Dann kann ich auch mal die (möglicherweise vorhanden) Backup-Altlasten von 8 oder so Jahren "Neuinstallation? Naja, zieh ich die Partition einfach auf die ne andere" langsam abarbeiten. Da das Einfallstor für meinen lieben Gast ja vermutlich der IE 8-Besuch auf einer von mir als (weitestgehend) vertrauenswürdig eingestuften Seite war, kommt in Zukunft halt Opera als Zweitbrowser neben Firefox zum Einsatz. Immerhin kann ich dann mal sehen, ob Opera auch so absturzfreudig ist wie Firefox ist, welches ja nach 20-30 parallel offenen Tabs in die Knie geht - und das schonmal 5-6 mal am Tag. |
11.02.2012, 21:44 | #14 |
| Trojan.Ransom - Bezahlen und Herunterladen So, frisches Windows 7. Spuk sollte vorbei seien, nicht? Naja... nicht ganz. Stattdessen tut sich eine neue Frage (Netzwerksicherheit) auf. Es trat folgendes Problem auf: Die Windows 7 SP1 Homepage bietet ne halbe Million (ok, n dutzend) Files an und ich habs geschafft das falsche zu erwischen. Macht ja nix, ich hab ja einen Mitbewohner (praktisch ne Zweck-WG). Beim Herunterladen der ISO (ohne Rohling natürlich super zu nutzen, danke Microsoft!) hab ich dann im Gespräch herausgefunden, dass der Gute sich auf ner Videostreaming Seite ein Exemplar des BKA Trojaners eingefangen hat (anscheinend aber ein anderes als ich, zumindest die Nachricht war anders) - und das ganze drei Stunden bevor ich ihn an der Backe hatte. Zufall? Womöglich, hab schließlich zu dem Zeitpunkt selbst ne Sicherheitssünde begangen. (mit IE 8 auf DeviantArt gewesen) Wirklich sauber ist sein Rechner somit nicht, womit ich mir theoretisch via USB Stick natürlich direkt wieder was lustiges hab einfangen können. Adblocker und Noscript verwendet er nicht - aus mir unklaren Gründen - und anscheinend ist sein Umgang mit Virenbefall sehr locker und er hat seinen Gast halbherzig aus der Registry geschmissen und so, vermutlich ohne den Rechner danach auf Herz und Nieren zu prüfen. Dachte mir während des Downloads kann man ja mal ESET drüberlaufen lassen und das hat auf seiner Festplatte auch zwei Exemplare von Erpressertrojanern gefunden.. super.. Es stellt sich für mich nun also die Frage: Netzwerksicherheit - wie geht man da vor? WG-Üblich gehen wir über nen gemeinsamen Router ins Netz. Nur, wie verhindert man, dass zwischen den zwei Rechnern solche Gäste ausgetauscht werden? Ich weiß und glaub ja nun nicht, ob ich ihm die Besuche auf den Seiten ausreden kann, weswegen ich das Bedürfnis hab, meinen Rechner gegenüber seinem abzusichern. Da wir keinen Netzwerkdrucker o.ä. haben würde darunter nichts leiden. Außerdem scheints mir, als sollte ich mir wieder n Linux als Backupsystem für solche Fälle installieren. |
12.02.2012, 14:34 | #15 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Ransom - Bezahlen und HerunterladenZitat:
Ich deaktivier grundsätzlich die automatische Wiedergabe von allen Laufwerken, es ist eine selten dämliche Einstellung, dass Windows automatisch alles mögliche an Programmen ausführt nur weil man einen USB-Stick oder eine ext. Platte angeschlossen hat
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Trojan.Ransom - Bezahlen und Herunterladen |
anhang, bezahlen, bezahlen und herunterladen, eingefangen, funktionier, funktioniert, gefangen, gestern, herunterladen, konnte, malwarebytes, modus, natürlich, rechner, sichert, sperre, sperren, troja, trojan ransom bezahlen herunterladen |