Trojan.Ransom - Bezahlen und Herunterladen

L4m3ness · 08.02.2012, 20:21

Hallöchen,

hab gehört es ist "In" ist, sich den Rechner per "Bezahlen und Herunterladen"-Trojaner sperren zu lassen - mein Rechner konnte da gestern natürlich nicht nein sagen! Bin zwar verunsichert, wie und wo ich mir den eingefangen hab, aber hey - kann ich was draus lernen.

Rechner funktioniert in abgesichertem Modus, Scan-Logs von OTL und Malwarebytes im Anhang.

cosinus · 09.02.2012, 16:33

Zitat:

Keine Aktion durchgeführt.
-> No action taken.

Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

L4m3ness · 10.02.2012, 06:48

So, gestern Abend und über Nacht habe ich folgende Aktionen durchgeführt:

Im abgesicherten Modus:
* Per Malwarebyte quickscan die Funde entfernt:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.09.06

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
Noffy :: NOFFY-PC [Administrator]

Schutz: Deaktiviert

09.02.2012 19:28:43
mbam-log-2012-02-09 (19-28-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 164531
Laufzeit: 2 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ffdwnd (Trojan.Ransom) -> Daten: C:\Users\Noffy\AppData\Local\Mozilla\Firefox\firefox.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Noffy\AppData\Local\Mozilla\Firefox\firefox.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Noffy\AppData\Local\Temp\ms0cfg32.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

* Malwarebyte full scan aller Festplatten (keine Funde):

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.09.06

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
Noffy :: NOFFY-PC [Administrator]

Schutz: Deaktiviert

09.02.2012 20:34:29
mbam-log-2012-02-09 (20-34-29).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1108239
Laufzeit: 1 Stunde(n), 27 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Problem:
Windows konnte nach Entfernen zwar im Normalmodus hochgefahren werden, frorr jedoch nach wenigen Minuten ein. Da dies 5x passierte, selbst ohne großes Ausführen irgendwelcher Programme, entschloss ich mich, einen Wiederherstellungspunkt (4.2) vor Infektion zu wählen.

* Systemwiederherstellung auf 4.2
Im Abgesicherten Modus:
* ESET Scan nur der obigen Infektionsstellen: Keine Funde
* Malware Bytes quick scan: Keine Funde

Im Normalmodus ohne Internetverbindung (gezogenes Kabel) läuft Rechner anscheinend problemlos über 15-20 min mit Tätigkeit. Mit Kabel friert nachwievor die Explorer.exe und darauf folgend alles andere ein. Maus kann bewegt werden, Task Manager geht in einigen Fällen noch, in anderen öffnet er sich nicht einmal mehr.

Rechner wurde nach den 20min wieder an Internet verbunden und frorr nach 2-3 Min prompt ein. Nach Kabel ziehen und einigen Minuten hat sich zwar ein Teil der zum Test ausgeführten Programme wieder gefangen, allerdings nicht alle und es gingen z.B. weder Herunterfahren noch Task Manager.

* ESET scan aller Festplatten:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b0eb417b710a7540b82c366b42824c0b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-10 02:03:35
# local_time=2012-02-10 03:03:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 8278 80459461 0 0
# compatibility_mode=8192 67108863 100 0 173258 173258 0 0
# compatibility_mode=8449 16775165 50 99 6516 11594856 0 0
# scanned=953161
# found=1
# cleaned=0
# scan_time=11313
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I

Falls die Ursache für die Instabilität des Systems nicht auffindbar ist, werd ich an Samstag Nachmittag/Abend drüber nachdenken, die Format c Keule zu schwingen und das frische System dann ein wenig sicherer aufzusetzen - oder zumindest leichter wiederherstellbar. Da das meine erste ernste Vireninfektion nach unzähligen Jahren intensiver Internetnutzung ist, werd ich dann ja hoffentlich nicht so bald wieder in diese nervige und zeitraubende Situation kommen. Ich vermute als Infektionsweg eh n Werbebanner auf DeviantArt über nen (aus Faulheit und wohl fahrlässig) genutzen IE8. Jedenfalls ist das die einzige auffällige Ausnahme von meinem ansonsten anscheinend hinreichend sicherem Surfverhalten gewesen.

L4m3ness · 10.02.2012, 07:55

Mitten im Editieren läuft die 60min Frist ab.. dumdedum.

Hab vorm zur Arbeit gehen noch n OTL Quickscan mit den folgenden Parametern durchbekommen. Entspricht meiner Recherche nach einem Routinescan deiner Art. Der Scan erfolgte auf dem infizierten Nutzer im normalen Windowsmodus (ohne Internetkabel; Sophos On Access Scan deaktiviert).

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

cosinus · 10.02.2012, 13:06

Mach mal im abgesicherten Modus mit Netzwerktreibern ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

L4m3ness · 10.02.2012, 18:45

Zitat:

Zitat von cosinus

Mach mal im abgesicherten Modus mit Netzwerktreibern ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Erledigt

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.02.2012 18:28:09 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Noffy\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,91 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 61,52% Memory free
5,81 Gb Paging File | 4,72 Gb Available in Paging File | 81,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98,44 Gb Total Space | 51,35 Gb Free Space | 52,17% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 112,46 Gb Free Space | 76,77% Space Free | Partition Type: NTFS
Drive E: | 332,03 Gb Total Space | 228,88 Gb Free Space | 68,93% Space Free | Partition Type: NTFS
Drive F: | 322,26 Gb Total Space | 191,77 Gb Free Space | 59,51% Space Free | Partition Type: NTFS
Drive G: | 312,50 Gb Total Space | 28,43 Gb Free Space | 9,10% Space Free | Partition Type: NTFS
 
Computer Name: NOFFY-PC | User Name: Noffy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.10 06:57:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Noffy\Desktop\OTL.exe
PRC - [2011.09.28 19:10:20 | 000,099,864 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.28 22:19:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.02.09 22:38:08 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.05 17:22:18 | 000,167,960 | ---- | M] (Sophos Limited) [Unknown | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011.10.05 17:21:49 | 001,543,704 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011.09.28 19:10:20 | 000,099,864 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011.09.22 19:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011.09.08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2011.07.27 22:23:06 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.05.21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Programme\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007.04.02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Programme\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.01.16 14:01:58 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.05 17:22:04 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Stopped] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2011.09.28 19:10:17 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2011.09.28 19:10:17 | 000,024,312 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2011.09.28 19:10:15 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2011.09.08 17:49:36 | 000,010,752 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2011.09.08 17:49:26 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2011.09.08 17:49:24 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2011.08.03 21:27:28 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.02.10 13:52:10 | 000,141,952 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2011.02.10 13:52:10 | 000,063,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.10.14 18:27:18 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010.03.23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.11.18 00:12:00 | 000,024,664 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBfilt32.sys -- (MBfilt)
DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 CE CF D6 71 E7 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: de-CH@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.uni-marburg.de/proxy.pac"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Noffy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 19:53:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.28 20:48:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.09.28 20:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noffy\AppData\Roaming\mozilla\Extensions
[2012.02.02 19:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions
[2011.09.28 20:33:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.09 22:19:16 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.09.28 20:33:33 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.01.27 13:13:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.09.28 20:33:32 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\de-AT@dictionaries.addons.mozilla.org
[2011.09.28 20:33:32 | 000,000,000 | ---D | M] (German Dictionary (Switzerland)) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\de-CH@dictionaries.addons.mozilla.org
[2011.09.28 20:33:32 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.09.28 20:33:32 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011.11.05 12:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\sphtcxgm.test\extensions
[2011.11.05 12:47:18 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\sphtcxgm.test\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.01.07 18:37:57 | 000,002,055 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\Mozilla\Firefox\Profiles\nex806n2.default\searchplugins\daemon-search.xml
[2011.11.11 18:17:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\NOFFY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NEX806N2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\NOFFY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NEX806N2.DEFAULT\EXTENSIONS\{F86E6264-E877-5FCE-C3E4-8668A7D99DA2}.XPI
[2012.02.02 19:53:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.05 00:44:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.05 00:44:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.05 00:44:23 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.05 00:44:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.05 00:44:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.05 00:44:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [Super-Charger] C:\Programme\MSI\Super-Charger\StartSuperCharger.exe (TODO: <Company name>)
O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Noffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Miranda IM (2).lnk = C:\Programme\Miranda IM\miranda32.exe ( )
O4 - Startup: C:\Users\Noffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Noffy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{180CF972-282D-449C-84BF-69029C34EEE2}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SAVService - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SAVService - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.10 06:57:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Noffy\Desktop\OTL.exe
[2012.02.09 22:30:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.09 22:30:18 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Noffy\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.08 20:42:03 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\Combofix Kram
[2012.02.08 18:33:57 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\reinschiebe ordner
[2012.02.08 00:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.08 00:43:44 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\QuickScan
[2012.02.08 00:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.02.08 00:37:20 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\nerv
[2012.02.08 00:30:18 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\Malwarebytes
[2012.02.08 00:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.08 00:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.08 00:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.07 23:37:49 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\Development new experimental setup
[2012.01.29 20:42:02 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\OF Phys
[2012.01.28 23:34:22 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\SQUID
[2012.01.21 21:57:01 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\Neuer Ordner
[2012.01.19 20:25:49 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\Origin Export
[2012.01.17 16:01:33 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\GRETECH
[2012.01.16 14:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OriginLab
[2012.01.16 14:15:10 | 001,637,520 | ---- | C] (Codejock Software) -- C:\Windows\System32\LPUIT05N.dll
[2012.01.16 14:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\OriginLab
[2012.01.16 14:13:27 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\InstallShield
[2012.01.16 14:12:23 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2012.01.16 02:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Philips X'Pert Plus
[2012.01.16 02:15:01 | 001,554,984 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\olch2x32.ocx
[2012.01.16 02:15:01 | 001,367,080 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\olch3x32.ocx
[2012.01.16 02:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\Philips
[2012.01.15 22:45:02 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\PANalytical
[2012.01.15 22:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\ParallelGraphics
[2012.01.15 22:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParallelGraphics
[2012.01.15 22:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PANalytical X'Pert HighScore Plus
[2012.01.15 22:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PANalytical
[2012.01.15 22:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\PANalytical
[2012.01.15 22:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PANalytical
[2012.01.14 15:08:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\{26D901A1-2540-4430-81DC-0317F01BD7BE}
[2012.01.14 15:08:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\{35E78C3F-A136-46F8-8B7E-979CEDFC199F}
[2011.10.21 16:52:06 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.02.14 14:35:58 | 004,411,392 | ---- | C] (Gabest) -- C:\Program Files\mplayerc.exe
[1 C:\Users\Noffy\*.tmp files -> C:\Users\Noffy\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.10 18:25:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.10 18:25:13 | 2339,897,344 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.10 07:51:07 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.10 07:51:07 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.10 07:51:07 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.10 07:51:07 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.10 07:15:04 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.10 07:15:04 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.10 06:57:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Noffy\Desktop\OTL.exe
[2012.02.09 23:43:19 | 006,446,463 | ---- | M] () -- C:\Users\Noffy\Desktop\fallout_equestria_ereader_by_maximillianveers-d3k8aym.pdf
[2012.02.09 22:30:47 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.09 22:30:26 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Noffy\Desktop\mbam-setup-1.60.1.1000.exe
[2012.01.30 18:49:17 | 000,075,672 | ---- | M] () -- C:\Users\Noffy\Desktop\EM fc500.ogw
[2012.01.29 16:55:26 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\LyX 2.0.lnk
[2012.01.29 16:49:45 | 078,591,904 | ---- | M] () -- C:\Users\Noffy\Desktop\LyX-2.0.2-1-Installer.exe
[2012.01.29 13:18:49 | 000,001,441 | ---- | M] () -- C:\Users\Noffy\.recently-used.xbel
[2012.01.22 21:30:34 | 011,106,649 | ---- | M] () -- C:\Users\Noffy\Desktop\evil makeover 3d ref.psd
[2012.01.21 12:43:51 | 000,167,544 | ---- | M] () -- C:\Users\Noffy\Desktop\science_by_egophiliac-d4n2gxa.png
[2012.01.16 14:15:38 | 000,001,999 | ---- | M] () -- C:\Users\Noffy\Desktop\OriginPro 8.lnk
[2012.01.16 14:02:21 | 000,001,143 | ---- | M] () -- C:\Users\Noffy\Desktop\Origin - Verknüpfung.lnk
[2012.01.16 02:15:08 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\X'Pert Plus.lnk
[2012.01.16 02:14:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.01.16 02:14:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.01.15 22:41:30 | 000,000,154 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.01.15 22:41:26 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012.01.15 22:41:25 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\X'Pert HighScore Plus.lnk
[2012.01.14 15:08:15 | 000,001,307 | ---- | M] () -- C:\Users\Public\Desktop\Creative Product Registration.lnk
[2012.01.14 15:08:15 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\Creative Centrale.lnk
[2012.01.11 23:34:17 | 027,558,304 | ---- | M] () -- C:\Users\Noffy\Desktop\2012 State of the Herd Report.pdf
[1 C:\Users\Noffy\*.tmp files -> C:\Users\Noffy\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.09 23:43:15 | 006,446,463 | ---- | C] () -- C:\Users\Noffy\Desktop\fallout_equestria_ereader_by_maximillianveers-d3k8aym.pdf
[2012.02.09 22:30:47 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.30 18:49:17 | 000,075,672 | ---- | C] () -- C:\Users\Noffy\Desktop\EM fc500.ogw
[2012.01.29 16:45:28 | 078,591,904 | ---- | C] () -- C:\Users\Noffy\Desktop\LyX-2.0.2-1-Installer.exe
[2012.01.29 13:18:49 | 000,001,441 | ---- | C] () -- C:\Users\Noffy\.recently-used.xbel
[2012.01.22 21:30:33 | 011,106,649 | ---- | C] () -- C:\Users\Noffy\Desktop\evil makeover 3d ref.psd
[2012.01.21 12:43:48 | 000,167,544 | ---- | C] () -- C:\Users\Noffy\Desktop\science_by_egophiliac-d4n2gxa.png
[2012.01.16 14:16:20 | 000,001,999 | ---- | C] () -- C:\Users\Noffy\Desktop\OriginPro 8.lnk
[2012.01.16 14:15:11 | 000,065,536 | ---- | C] () -- C:\Windows\System32\ltserial.dll
[2012.01.16 14:02:21 | 000,001,143 | ---- | C] () -- C:\Users\Noffy\Desktop\Origin - Verknüpfung.lnk
[2012.01.16 02:15:08 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\X'Pert Plus.lnk
[2012.01.16 02:15:02 | 000,000,393 | ---- | C] () -- C:\Windows\System32\olchart.lic
[2012.01.16 02:14:45 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.01.16 02:14:45 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.01.15 22:41:30 | 000,000,154 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.01.15 22:41:26 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.01.15 22:41:25 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\X'Pert HighScore Plus.lnk
[2012.01.14 15:08:15 | 000,001,307 | ---- | C] () -- C:\Users\Public\Desktop\Creative Product Registration.lnk
[2012.01.14 15:08:15 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\Creative Centrale.lnk
[2012.01.11 23:32:28 | 027,558,304 | ---- | C] () -- C:\Users\Noffy\Desktop\2012 State of the Herd Report.pdf
[2012.01.07 14:59:56 | 000,000,028 | ---- | C] () -- C:\Users\Noffy\AppData\Roaming\PhonerLitesettings.ini
[2011.12.20 16:12:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.12.20 16:05:30 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2011.10.21 17:23:10 | 000,217,536 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011.10.21 17:22:54 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2011.10.21 17:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2011.10.04 16:06:17 | 000,003,584 | ---- | C] () -- C:\Users\Noffy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.28 20:37:28 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.09.28 20:36:57 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.09.28 20:36:57 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.09.28 20:36:56 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.09.28 20:36:56 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.09.28 20:36:56 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.09.28 19:16:12 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.09.28 19:14:49 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.09.28 19:14:46 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011.09.28 19:14:46 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011.09.28 19:14:46 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.09.28 19:03:28 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011.07.28 16:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2010.03.23 12:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009.07.14 09:47:43 | 000,696,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,147,916 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,294,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,651,938 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,120,870 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.09.30 13:43:17 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Amazon
[2012.01.26 16:07:03 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Audacity
[2011.10.04 22:47:07 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\DVDVideoSoft
[2011.10.01 11:51:16 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.29 18:56:13 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Foxit Software
[2011.09.28 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\inkscape
[2011.10.18 20:08:11 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\LyX2.0
[2011.09.28 19:51:34 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Miranda
[2011.09.30 13:32:48 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\OpenOffice.org
[2012.01.15 22:45:02 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\PANalytical
[2012.01.07 15:01:47 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\PhonerLite
[2012.02.08 00:43:51 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\QuickScan
[2011.12.20 16:12:30 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Samsung
[2011.09.28 20:43:37 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Thunderbird
[2012.02.10 00:49:28 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\XnView
[2009.07.14 05:53:46 | 000,010,204 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.09.30 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Adobe
[2011.09.30 13:43:17 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Amazon
[2011.10.04 16:21:16 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Apple Computer
[2012.01.26 16:07:03 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Audacity
[2011.10.04 16:04:12 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Creative
[2011.10.04 22:47:07 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\DVDVideoSoft
[2011.10.01 11:51:16 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.29 18:56:13 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Foxit Software
[2012.01.17 16:01:33 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\GRETECH
[2011.09.28 19:01:13 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Identities
[2011.09.28 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\inkscape
[2012.01.16 14:13:27 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\InstallShield
[2011.10.18 20:08:11 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\LyX2.0
[2011.09.28 20:35:34 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Macromedia
[2012.02.08 00:30:18 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Media Center Programs
[2011.09.28 19:43:49 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Media Player Classic
[2012.01.05 01:06:29 | 000,000,000 | --SD | M] -- C:\Users\Noffy\AppData\Roaming\Microsoft
[2011.10.15 12:16:08 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\MiKTeX
[2011.09.28 19:51:34 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Miranda
[2011.12.08 12:51:32 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\mIRC
[2011.09.28 20:32:26 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Mozilla
[2011.09.30 13:32:48 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\OpenOffice.org
[2012.01.15 22:45:02 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\PANalytical
[2012.01.07 15:01:47 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\PhonerLite
[2012.02.08 00:43:51 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\QuickScan
[2011.12.20 16:12:30 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Samsung
[2012.02.10 07:08:25 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Skype
[2011.09.28 20:43:37 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Thunderbird
[2012.02.09 22:19:28 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\vlc
[2011.09.29 00:46:59 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\WinRAR
[2011.11.01 17:23:44 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\WTablet
[2012.02.10 00:49:28 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\XnView
 
< %APPDATA%\*.exe /s >
[2010.03.29 07:53:22 | 000,029,984 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Noffy\AppData\Roaming\Mozilla\Firefox\Profiles\nex806n2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
[2012.01.15 22:45:11 | 000,784,600 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\DICVOL04.exe
[2012.01.15 22:45:11 | 000,293,376 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\DicvolWIN.exe
[2012.01.15 22:45:11 | 000,159,744 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\drawxtl.exe
[2012.01.15 22:45:11 | 000,319,488 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\Fourier.exe
[2012.01.15 22:45:11 | 000,253,440 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\ItoWin.exe
[2012.01.15 22:45:11 | 000,757,760 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\McMaille.exe
[2012.01.15 22:45:12 | 000,247,405 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\Stid.exe
[2012.01.15 22:45:12 | 000,318,464 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\TIDY.EXE
[2012.01.15 22:45:11 | 000,261,120 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\TreorWin.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2012.01.16 14:01:58 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:60466E88

< End of report >

--- --- ---

cosinus · 10.02.2012, 19:32

Zitat:

Scan Mode: Current user

Du hast den Haken bei Scanne alle Benutzer vergessen

L4m3ness · 10.02.2012, 19:55

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.02.2012 19:48:11 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Noffy\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,91 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 75,77% Memory free
5,81 Gb Paging File | 5,24 Gb Available in Paging File | 90,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98,44 Gb Total Space | 51,22 Gb Free Space | 52,03% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 112,46 Gb Free Space | 76,77% Space Free | Partition Type: NTFS
Drive E: | 332,03 Gb Total Space | 228,88 Gb Free Space | 68,93% Space Free | Partition Type: NTFS
Drive F: | 322,26 Gb Total Space | 191,77 Gb Free Space | 59,51% Space Free | Partition Type: NTFS
Drive G: | 312,50 Gb Total Space | 28,43 Gb Free Space | 9,10% Space Free | Partition Type: NTFS
 
Computer Name: NOFFY-PC | User Name: Noffy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.10 06:57:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Noffy\Desktop\OTL.exe
PRC - [2011.09.28 19:10:20 | 000,099,864 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.28 22:19:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.02.09 22:38:08 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.05 17:22:18 | 000,167,960 | ---- | M] (Sophos Limited) [Unknown | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011.10.05 17:21:49 | 001,543,704 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011.09.28 19:10:20 | 000,099,864 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011.09.22 19:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011.09.08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2011.07.27 22:23:06 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.05.21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Programme\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007.04.02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Programme\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.01.16 14:01:58 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.05 17:22:04 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Stopped] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2011.09.28 19:10:17 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2011.09.28 19:10:17 | 000,024,312 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2011.09.28 19:10:15 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2011.09.08 17:49:36 | 000,010,752 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2011.09.08 17:49:26 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2011.09.08 17:49:24 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2011.08.03 21:27:28 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.02.10 13:52:10 | 000,141,952 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2011.02.10 13:52:10 | 000,063,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.10.14 18:27:18 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010.03.23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.11.18 00:12:00 | 000,024,664 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBfilt32.sys -- (MBfilt)
DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
 
 
 
 
IE - HKU\S-1-5-21-3965050881-2691603338-3298671605-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3965050881-2691603338-3298671605-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3965050881-2691603338-3298671605-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 CE CF D6 71 E7 CC 01  [binary data]
IE - HKU\S-1-5-21-3965050881-2691603338-3298671605-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: de-CH@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.uni-marburg.de/proxy.pac"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Noffy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 19:53:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.28 20:48:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.09.28 20:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noffy\AppData\Roaming\mozilla\Extensions
[2012.02.02 19:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions
[2011.09.28 20:33:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.09 22:19:16 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.09.28 20:33:33 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.01.27 13:13:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.09.28 20:33:32 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\de-AT@dictionaries.addons.mozilla.org
[2011.09.28 20:33:32 | 000,000,000 | ---D | M] (German Dictionary (Switzerland)) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\de-CH@dictionaries.addons.mozilla.org
[2011.09.28 20:33:32 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.09.28 20:33:32 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011.11.05 12:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\sphtcxgm.test\extensions
[2011.11.05 12:47:18 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\sphtcxgm.test\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.01.07 18:37:57 | 000,002,055 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\Mozilla\Firefox\Profiles\nex806n2.default\searchplugins\daemon-search.xml
[2011.11.11 18:17:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\NOFFY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NEX806N2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\NOFFY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NEX806N2.DEFAULT\EXTENSIONS\{F86E6264-E877-5FCE-C3E4-8668A7D99DA2}.XPI
[2012.02.02 19:53:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.05 00:44:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.05 00:44:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.05 00:44:23 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.05 00:44:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.05 00:44:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.05 00:44:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [Super-Charger] C:\Programme\MSI\Super-Charger\StartSuperCharger.exe (TODO: <Company name>)
O4 - HKU\S-1-5-21-3965050881-2691603338-3298671605-1000..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-3965050881-2691603338-3298671605-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Noffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Miranda IM (2).lnk = C:\Programme\Miranda IM\miranda32.exe ( )
O4 - Startup: C:\Users\Noffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Noffy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{180CF972-282D-449C-84BF-69029C34EEE2}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SAVService - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SAVService - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.10 06:57:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Noffy\Desktop\OTL.exe
[2012.02.09 22:30:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.09 22:30:18 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Noffy\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.08 20:42:03 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\Combofix Kram
[2012.02.08 18:33:57 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\reinschiebe ordner
[2012.02.08 00:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.08 00:43:44 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\QuickScan
[2012.02.08 00:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.02.08 00:37:20 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\nerv
[2012.02.08 00:30:18 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\Malwarebytes
[2012.02.08 00:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.08 00:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.08 00:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.07 23:37:49 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\Development new experimental setup
[2012.01.29 20:42:02 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\OF Phys
[2012.01.28 23:34:22 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\SQUID
[2012.01.21 21:57:01 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\Neuer Ordner
[2012.01.19 20:25:49 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\Origin Export
[2012.01.17 16:01:33 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\GRETECH
[2012.01.16 14:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OriginLab
[2012.01.16 14:15:10 | 001,637,520 | ---- | C] (Codejock Software) -- C:\Windows\System32\LPUIT05N.dll
[2012.01.16 14:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\OriginLab
[2012.01.16 14:13:27 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\InstallShield
[2012.01.16 14:12:23 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2012.01.16 02:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Philips X'Pert Plus
[2012.01.16 02:15:01 | 001,554,984 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\olch2x32.ocx
[2012.01.16 02:15:01 | 001,367,080 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\olch3x32.ocx
[2012.01.16 02:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\Philips
[2012.01.15 22:45:02 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\PANalytical
[2012.01.15 22:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\ParallelGraphics
[2012.01.15 22:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParallelGraphics
[2012.01.15 22:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PANalytical X'Pert HighScore Plus
[2012.01.15 22:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PANalytical
[2012.01.15 22:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\PANalytical
[2012.01.15 22:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PANalytical
[2012.01.14 15:08:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\{26D901A1-2540-4430-81DC-0317F01BD7BE}
[2012.01.14 15:08:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\{35E78C3F-A136-46F8-8B7E-979CEDFC199F}
[2011.10.21 16:52:06 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.02.14 14:35:58 | 004,411,392 | ---- | C] (Gabest) -- C:\Program Files\mplayerc.exe
[1 C:\Users\Noffy\*.tmp files -> C:\Users\Noffy\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.10 18:31:07 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.10 18:31:07 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.10 18:31:07 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.10 18:31:07 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.10 18:25:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.10 18:25:13 | 2339,897,344 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.10 07:15:04 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.10 07:15:04 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.10 06:57:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Noffy\Desktop\OTL.exe
[2012.02.09 23:43:19 | 006,446,463 | ---- | M] () -- C:\Users\Noffy\Desktop\fallout_equestria_ereader_by_maximillianveers-d3k8aym.pdf
[2012.02.09 22:30:47 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.09 22:30:26 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Noffy\Desktop\mbam-setup-1.60.1.1000.exe
[2012.01.30 18:49:17 | 000,075,672 | ---- | M] () -- C:\Users\Noffy\Desktop\EM fc500.ogw
[2012.01.29 16:55:26 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\LyX 2.0.lnk
[2012.01.29 16:49:45 | 078,591,904 | ---- | M] () -- C:\Users\Noffy\Desktop\LyX-2.0.2-1-Installer.exe
[2012.01.29 13:18:49 | 000,001,441 | ---- | M] () -- C:\Users\Noffy\.recently-used.xbel
[2012.01.22 21:30:34 | 011,106,649 | ---- | M] () -- C:\Users\Noffy\Desktop\evil makeover 3d ref.psd
[2012.01.21 12:43:51 | 000,167,544 | ---- | M] () -- C:\Users\Noffy\Desktop\science_by_egophiliac-d4n2gxa.png
[2012.01.16 14:15:38 | 000,001,999 | ---- | M] () -- C:\Users\Noffy\Desktop\OriginPro 8.lnk
[2012.01.16 14:02:21 | 000,001,143 | ---- | M] () -- C:\Users\Noffy\Desktop\Origin - Verknüpfung.lnk
[2012.01.16 02:15:08 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\X'Pert Plus.lnk
[2012.01.16 02:14:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.01.16 02:14:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.01.15 22:41:30 | 000,000,154 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.01.15 22:41:26 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012.01.15 22:41:25 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\X'Pert HighScore Plus.lnk
[2012.01.14 15:08:15 | 000,001,307 | ---- | M] () -- C:\Users\Public\Desktop\Creative Product Registration.lnk
[2012.01.14 15:08:15 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\Creative Centrale.lnk
[2012.01.11 23:34:17 | 027,558,304 | ---- | M] () -- C:\Users\Noffy\Desktop\2012 State of the Herd Report.pdf
[1 C:\Users\Noffy\*.tmp files -> C:\Users\Noffy\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.09 23:43:15 | 006,446,463 | ---- | C] () -- C:\Users\Noffy\Desktop\fallout_equestria_ereader_by_maximillianveers-d3k8aym.pdf
[2012.02.09 22:30:47 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.30 18:49:17 | 000,075,672 | ---- | C] () -- C:\Users\Noffy\Desktop\EM fc500.ogw
[2012.01.29 16:45:28 | 078,591,904 | ---- | C] () -- C:\Users\Noffy\Desktop\LyX-2.0.2-1-Installer.exe
[2012.01.29 13:18:49 | 000,001,441 | ---- | C] () -- C:\Users\Noffy\.recently-used.xbel
[2012.01.22 21:30:33 | 011,106,649 | ---- | C] () -- C:\Users\Noffy\Desktop\evil makeover 3d ref.psd
[2012.01.21 12:43:48 | 000,167,544 | ---- | C] () -- C:\Users\Noffy\Desktop\science_by_egophiliac-d4n2gxa.png
[2012.01.16 14:16:20 | 000,001,999 | ---- | C] () -- C:\Users\Noffy\Desktop\OriginPro 8.lnk
[2012.01.16 14:15:11 | 000,065,536 | ---- | C] () -- C:\Windows\System32\ltserial.dll
[2012.01.16 14:02:21 | 000,001,143 | ---- | C] () -- C:\Users\Noffy\Desktop\Origin - Verknüpfung.lnk
[2012.01.16 02:15:08 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\X'Pert Plus.lnk
[2012.01.16 02:15:02 | 000,000,393 | ---- | C] () -- C:\Windows\System32\olchart.lic
[2012.01.16 02:14:45 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.01.16 02:14:45 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.01.15 22:41:30 | 000,000,154 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.01.15 22:41:26 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.01.15 22:41:25 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\X'Pert HighScore Plus.lnk
[2012.01.14 15:08:15 | 000,001,307 | ---- | C] () -- C:\Users\Public\Desktop\Creative Product Registration.lnk
[2012.01.14 15:08:15 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\Creative Centrale.lnk
[2012.01.11 23:32:28 | 027,558,304 | ---- | C] () -- C:\Users\Noffy\Desktop\2012 State of the Herd Report.pdf
[2012.01.07 14:59:56 | 000,000,028 | ---- | C] () -- C:\Users\Noffy\AppData\Roaming\PhonerLitesettings.ini
[2011.12.20 16:12:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.12.20 16:05:30 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2011.10.21 17:23:10 | 000,217,536 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011.10.21 17:22:54 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2011.10.21 17:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2011.10.04 16:06:17 | 000,003,584 | ---- | C] () -- C:\Users\Noffy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.28 20:37:28 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.09.28 20:36:57 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.09.28 20:36:57 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.09.28 20:36:56 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.09.28 20:36:56 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.09.28 20:36:56 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.09.28 19:16:12 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.09.28 19:14:49 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.09.28 19:14:46 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011.09.28 19:14:46 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011.09.28 19:14:46 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.09.28 19:03:28 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011.07.28 16:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2010.03.23 12:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009.07.14 09:47:43 | 000,696,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,147,916 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,294,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,651,938 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,120,870 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.09.30 13:43:17 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Amazon
[2012.01.26 16:07:03 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Audacity
[2011.10.04 22:47:07 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\DVDVideoSoft
[2011.10.01 11:51:16 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.29 18:56:13 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Foxit Software
[2011.09.28 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\inkscape
[2011.10.18 20:08:11 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\LyX2.0
[2011.09.28 19:51:34 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Miranda
[2011.09.30 13:32:48 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\OpenOffice.org
[2012.01.15 22:45:02 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\PANalytical
[2012.01.07 15:01:47 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\PhonerLite
[2012.02.08 00:43:51 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\QuickScan
[2011.12.20 16:12:30 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Samsung
[2011.09.28 20:43:37 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Thunderbird
[2012.02.10 00:49:28 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\XnView
[2009.07.14 05:53:46 | 000,010,204 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.09.30 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Adobe
[2011.09.30 13:43:17 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Amazon
[2011.10.04 16:21:16 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Apple Computer
[2012.01.26 16:07:03 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Audacity
[2011.10.04 16:04:12 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Creative
[2011.10.04 22:47:07 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\DVDVideoSoft
[2011.10.01 11:51:16 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.29 18:56:13 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Foxit Software
[2012.01.17 16:01:33 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\GRETECH
[2011.09.28 19:01:13 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Identities
[2011.09.28 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\inkscape
[2012.01.16 14:13:27 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\InstallShield
[2011.10.18 20:08:11 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\LyX2.0
[2011.09.28 20:35:34 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Macromedia
[2012.02.08 00:30:18 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Media Center Programs
[2011.09.28 19:43:49 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Media Player Classic
[2012.01.05 01:06:29 | 000,000,000 | --SD | M] -- C:\Users\Noffy\AppData\Roaming\Microsoft
[2011.10.15 12:16:08 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\MiKTeX
[2011.09.28 19:51:34 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Miranda
[2011.12.08 12:51:32 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\mIRC
[2011.09.28 20:32:26 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Mozilla
[2011.09.30 13:32:48 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\OpenOffice.org
[2012.01.15 22:45:02 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\PANalytical
[2012.01.07 15:01:47 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\PhonerLite
[2012.02.08 00:43:51 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\QuickScan
[2011.12.20 16:12:30 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Samsung
[2012.02.10 07:08:25 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Skype
[2011.09.28 20:43:37 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Thunderbird
[2012.02.09 22:19:28 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\vlc
[2011.09.29 00:46:59 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\WinRAR
[2011.11.01 17:23:44 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\WTablet
[2012.02.10 00:49:28 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\XnView
 
< %APPDATA%\*.exe /s >
[2010.03.29 07:53:22 | 000,029,984 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Noffy\AppData\Roaming\Mozilla\Firefox\Profiles\nex806n2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
[2012.01.15 22:45:11 | 000,784,600 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\DICVOL04.exe
[2012.01.15 22:45:11 | 000,293,376 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\DicvolWIN.exe
[2012.01.15 22:45:11 | 000,159,744 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\drawxtl.exe
[2012.01.15 22:45:11 | 000,319,488 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\Fourier.exe
[2012.01.15 22:45:11 | 000,253,440 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\ItoWin.exe
[2012.01.15 22:45:11 | 000,757,760 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\McMaille.exe
[2012.01.15 22:45:12 | 000,247,405 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\Stid.exe
[2012.01.15 22:45:12 | 000,318,464 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\TIDY.EXE
[2012.01.15 22:45:11 | 000,261,120 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\TreorWin.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2012.01.16 14:01:58 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:60466E88

< End of report >

--- --- ---

cosinus · 10.02.2012, 21:28

Ich hab den Eindruchk, das ist ein nicht gänzlich rien privat genutzer Rechner...

Sophos, Cisco, squid...aber egal

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:60466E88
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

L4m3ness · 10.02.2012, 22:02

Zitat:

Ich hab den Eindruchk, das ist ein nicht gänzlich rien privat genutzer Rechner... Sophos, Cisco, squid...aber egal

Naja, ist schlicht der Privatrechner eines Studenten. Cisco VPN Client für Zugriff auf wissenschaftliche Zeitschriften von zu Hause und Sophos via Campuslizenz, n Ordner mit SQUID-Messdaten weil Naturwissenschafter,.. Trennung 'Privat' vs 'Studium/Beruf' ist da praktisch nicht existent.

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
ADS C:\ProgramData\TEMP:60466E88 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Noffy
->Temp folder emptied: 435265015 bytes
->Temporary Internet Files folder emptied: 68335856 bytes
->Java cache emptied: 369900 bytes
->FireFox cache emptied: 159193807 bytes
->Flash cache emptied: 36465 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 72413001 bytes
RecycleBin emptied: 9574120 bytes
 
Total Files Cleaned = 711,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02102012_215211

cosinus · 10.02.2012, 22:37

Ich hab ja nichts gesagt...ich helfe Studenten immer gern, war selbst mal einer bis ich das Studium im ersten Semester abbrach weil ich genau wusste wie der Hase lief ich aus anderem Holz geschnitzt bin aber nicht aus dem für Studi-Dasein

(ich laber schon wieder

)

Gut kleiner Exkurs. Machen wir mal weiter. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

L4m3ness · 11.02.2012, 00:29

Hoppla, 2 Stunden übersehen das der Thread ne Seite 2 bekommen hat.. dumdedum..

Windows im Normalmodus ist selbst ohne Netzwerkkabel unglücklich und instabil, sodass das ganze zwei Anläufe gebraucht hat.. urgh. Beim ersten mal wie vorher eine lustige Runde einfrieren gehabt.

Code:

ATTFilter

00:22:29.0828 4044	TDSS rootkit removing tool 2.7.11.0 Feb  9 2012 10:12:57
00:22:29.0858 4044	============================================================
00:22:29.0858 4044	Current date / time: 2012/02/11 00:22:29.0858
00:22:29.0858 4044	SystemInfo:
00:22:29.0858 4044	
00:22:29.0858 4044	OS Version: 6.1.7601 ServicePack: 1.0
00:22:29.0858 4044	Product type: Workstation
00:22:29.0858 4044	ComputerName: NOFFY-PC
00:22:29.0858 4044	UserName: Noffy
00:22:29.0858 4044	Windows directory: C:\Windows
00:22:29.0858 4044	System windows directory: C:\Windows
00:22:29.0858 4044	Processor architecture: Intel x86
00:22:29.0858 4044	Number of processors: 4
00:22:29.0858 4044	Page size: 0x1000
00:22:29.0858 4044	Boot type: Normal boot
00:22:29.0858 4044	============================================================
00:22:33.0011 4044	Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:22:33.0025 4044	Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:22:33.0027 4044	\Device\Harddisk0\DR0:
00:22:33.0038 4044	MBR used
00:22:33.0038 4044	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC4DF800
00:22:33.0038 4044	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC4E0000, BlocksNum 0x28486800
00:22:33.0038 4044	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x34966800, BlocksNum 0x27100000
00:22:33.0057 4044	\Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x5BA67000, BlocksNum 0x29810000
00:22:33.0057 4044	\Device\Harddisk1\DR1:
00:22:33.0059 4044	MBR used
00:22:33.0059 4044	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F8021
00:22:33.0435 4044	Initialize success
00:22:33.0435 4044	============================================================
00:22:39.0241 4432	============================================================
00:22:39.0241 4432	Scan started
00:22:39.0241 4432	Mode: Manual; SigCheck; TDLFS; 
00:22:39.0241 4432	============================================================
00:22:42.0705 4432	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
00:22:42.0798 4432	1394ohci - ok
00:22:42.0845 4432	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
00:22:42.0861 4432	ACPI - ok
00:22:42.0876 4432	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
00:22:42.0939 4432	AcpiPmi - ok
00:22:43.0079 4432	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
00:22:43.0126 4432	adp94xx - ok
00:22:43.0141 4432	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
00:22:43.0173 4432	adpahci - ok
00:22:43.0188 4432	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
00:22:43.0204 4432	adpu320 - ok
00:22:43.0251 4432	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
00:22:43.0297 4432	AFD - ok
00:22:43.0329 4432	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
00:22:43.0344 4432	agp440 - ok
00:22:43.0360 4432	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
00:22:43.0375 4432	aic78xx - ok
00:22:43.0391 4432	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
00:22:43.0407 4432	aliide - ok
00:22:43.0438 4432	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
00:22:43.0438 4432	amdagp - ok
00:22:43.0453 4432	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
00:22:43.0469 4432	amdide - ok
00:22:43.0485 4432	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
00:22:43.0531 4432	AmdK8 - ok
00:22:43.0531 4432	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
00:22:43.0563 4432	AmdPPM - ok
00:22:43.0594 4432	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
00:22:43.0609 4432	amdsata - ok
00:22:43.0609 4432	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
00:22:43.0625 4432	amdsbs - ok
00:22:43.0656 4432	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
00:22:43.0672 4432	amdxata - ok
00:22:43.0703 4432	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
00:22:43.0781 4432	AppID - ok
00:22:43.0812 4432	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
00:22:43.0828 4432	arc - ok
00:22:43.0828 4432	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
00:22:43.0843 4432	arcsas - ok
00:22:43.0906 4432	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
00:22:43.0999 4432	AsyncMac - ok
00:22:44.0031 4432	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
00:22:44.0046 4432	atapi - ok
00:22:44.0093 4432	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
00:22:44.0124 4432	b06bdrv - ok
00:22:44.0171 4432	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
00:22:44.0202 4432	b57nd60x - ok
00:22:44.0218 4432	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
00:22:44.0265 4432	Beep - ok
00:22:44.0296 4432	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
00:22:44.0327 4432	blbdrive - ok
00:22:44.0358 4432	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
00:22:44.0389 4432	bowser - ok
00:22:44.0405 4432	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:22:44.0452 4432	BrFiltLo - ok
00:22:44.0452 4432	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:22:44.0499 4432	BrFiltUp - ok
00:22:44.0514 4432	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
00:22:44.0561 4432	Brserid - ok
00:22:44.0577 4432	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
00:22:44.0608 4432	BrSerWdm - ok
00:22:44.0623 4432	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:22:44.0655 4432	BrUsbMdm - ok
00:22:44.0670 4432	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
00:22:44.0686 4432	BrUsbSer - ok
00:22:44.0701 4432	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
00:22:44.0717 4432	BTHMODEM - ok
00:22:44.0748 4432	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
00:22:44.0779 4432	cdfs - ok
00:22:44.0811 4432	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
00:22:44.0842 4432	cdrom - ok
00:22:44.0857 4432	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
00:22:44.0889 4432	circlass - ok
00:22:44.0904 4432	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
00:22:44.0920 4432	CLFS - ok
00:22:44.0967 4432	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
00:22:44.0982 4432	CmBatt - ok
00:22:44.0998 4432	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
00:22:45.0013 4432	cmdide - ok
00:22:45.0029 4432	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
00:22:45.0060 4432	CNG - ok
00:22:45.0076 4432	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
00:22:45.0091 4432	Compbatt - ok
00:22:45.0123 4432	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
00:22:45.0154 4432	CompositeBus - ok
00:22:45.0169 4432	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
00:22:45.0185 4432	crcdisk - ok
00:22:45.0247 4432	CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
00:22:45.0279 4432	CVirtA - ok
00:22:45.0294 4432	CVPNDRVA        (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys
00:22:45.0310 4432	CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
00:22:45.0310 4432	CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
00:22:45.0341 4432	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
00:22:45.0372 4432	DfsC - ok
00:22:45.0403 4432	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
00:22:45.0435 4432	discache - ok
00:22:45.0435 4432	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
00:22:45.0450 4432	Disk - ok
00:22:45.0481 4432	DNE             (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
00:22:45.0497 4432	DNE - ok
00:22:45.0559 4432	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
00:22:45.0575 4432	drmkaud - ok
00:22:45.0606 4432	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
00:22:45.0622 4432	DXGKrnl - ok
00:22:45.0934 4432	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
00:22:46.0027 4432	ebdrv - ok
00:22:46.0277 4432	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
00:22:46.0308 4432	elxstor - ok
00:22:46.0324 4432	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
00:22:46.0355 4432	ErrDev - ok
00:22:46.0386 4432	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
00:22:46.0417 4432	exfat - ok
00:22:46.0449 4432	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
00:22:46.0480 4432	fastfat - ok
00:22:46.0495 4432	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
00:22:46.0527 4432	fdc - ok
00:22:46.0558 4432	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
00:22:46.0558 4432	FileInfo - ok
00:22:46.0573 4432	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
00:22:46.0620 4432	Filetrace - ok
00:22:46.0620 4432	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
00:22:46.0636 4432	flpydisk - ok
00:22:46.0667 4432	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
00:22:46.0683 4432	FltMgr - ok
00:22:46.0698 4432	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
00:22:46.0714 4432	FsDepends - ok
00:22:46.0729 4432	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
00:22:46.0745 4432	Fs_Rec - ok
00:22:46.0807 4432	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
00:22:46.0854 4432	fvevol - ok
00:22:46.0854 4432	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:22:46.0870 4432	gagp30kx - ok
00:22:46.0885 4432	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
00:22:46.0917 4432	hcw85cir - ok
00:22:46.0963 4432	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
00:22:46.0995 4432	HdAudAddService - ok
00:22:47.0010 4432	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
00:22:47.0041 4432	HDAudBus - ok
00:22:47.0057 4432	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
00:22:47.0088 4432	HidBatt - ok
00:22:47.0088 4432	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
00:22:47.0119 4432	HidBth - ok
00:22:47.0119 4432	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
00:22:47.0151 4432	HidIr - ok
00:22:47.0182 4432	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
00:22:47.0182 4432	HidUsb - ok
00:22:47.0213 4432	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
00:22:47.0229 4432	HpSAMD - ok
00:22:47.0260 4432	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
00:22:47.0307 4432	HTTP - ok
00:22:47.0338 4432	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
00:22:47.0353 4432	hwpolicy - ok
00:22:47.0385 4432	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
00:22:47.0416 4432	i8042prt - ok
00:22:47.0447 4432	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
00:22:47.0463 4432	iaStorV - ok
00:22:48.0196 4432	igfx            (3de3493935396b81cc57fdac32398001) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:22:48.0383 4432	igfx - ok
00:22:48.0492 4432	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
00:22:48.0508 4432	iirsp - ok
00:22:48.0617 4432	IntcAzAudAddService (cfc95d0a7ee68aefd24f8ab7cc726101) C:\Windows\system32\drivers\RTKVHDA.sys
00:22:48.0695 4432	IntcAzAudAddService - ok
00:22:48.0742 4432	IntcDAud        (5576ad2f0039d2bccca3567fc0bf981c) C:\Windows\system32\DRIVERS\IntcDAud.sys
00:22:48.0773 4432	IntcDAud - ok
00:22:48.0804 4432	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
00:22:48.0820 4432	intelide - ok
00:22:48.0835 4432	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
00:22:48.0867 4432	intelppm - ok
00:22:48.0898 4432	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:22:48.0929 4432	IpFilterDriver - ok
00:22:48.0945 4432	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
00:22:48.0976 4432	IPMIDRV - ok
00:22:48.0991 4432	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
00:22:49.0023 4432	IPNAT - ok
00:22:49.0069 4432	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
00:22:49.0101 4432	IRENUM - ok
00:22:49.0147 4432	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
00:22:49.0163 4432	isapnp - ok
00:22:49.0194 4432	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
00:22:49.0210 4432	iScsiPrt - ok
00:22:49.0257 4432	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:22:49.0257 4432	kbdclass - ok
00:22:49.0272 4432	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
00:22:49.0288 4432	kbdhid - ok
00:22:49.0335 4432	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
00:22:49.0350 4432	KSecDD - ok
00:22:49.0366 4432	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
00:22:49.0381 4432	KSecPkg - ok
00:22:49.0444 4432	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
00:22:49.0475 4432	lltdio - ok
00:22:49.0506 4432	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:22:49.0522 4432	LSI_FC - ok
00:22:49.0522 4432	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:22:49.0537 4432	LSI_SAS - ok
00:22:49.0553 4432	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:22:49.0569 4432	LSI_SAS2 - ok
00:22:49.0584 4432	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:22:49.0600 4432	LSI_SCSI - ok
00:22:49.0615 4432	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
00:22:49.0662 4432	luafv - ok
00:22:49.0693 4432	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
00:22:49.0725 4432	MBAMProtector - ok
00:22:49.0771 4432	MBfilt          (29cb85a1fe091c9d3aa3c72d66df3e69) C:\Windows\system32\drivers\MBfilt32.sys
00:22:49.0787 4432	MBfilt - ok
00:22:49.0803 4432	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
00:22:49.0818 4432	megasas - ok
00:22:49.0818 4432	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
00:22:49.0834 4432	MegaSR - ok
00:22:49.0849 4432	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
00:22:49.0881 4432	Modem - ok
00:22:49.0912 4432	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
00:22:49.0927 4432	monitor - ok
00:22:49.0974 4432	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
00:22:49.0990 4432	mouclass - ok
00:22:50.0005 4432	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
00:22:50.0037 4432	mouhid - ok
00:22:50.0068 4432	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
00:22:50.0083 4432	mountmgr - ok
00:22:50.0115 4432	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
00:22:50.0130 4432	mpio - ok
00:22:50.0146 4432	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
00:22:50.0161 4432	mpsdrv - ok
00:22:50.0193 4432	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
00:22:50.0239 4432	MRxDAV - ok
00:22:50.0286 4432	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:22:50.0317 4432	mrxsmb - ok
00:22:50.0333 4432	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:22:50.0349 4432	mrxsmb10 - ok
00:22:50.0364 4432	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:22:50.0380 4432	mrxsmb20 - ok
00:22:50.0411 4432	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
00:22:50.0427 4432	msahci - ok
00:22:50.0458 4432	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
00:22:50.0458 4432	msdsm - ok
00:22:50.0520 4432	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
00:22:50.0536 4432	Msfs - ok
00:22:50.0551 4432	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
00:22:50.0583 4432	mshidkmdf - ok
00:22:50.0614 4432	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
00:22:50.0629 4432	msisadrv - ok
00:22:50.0645 4432	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
00:22:50.0676 4432	MSKSSRV - ok
00:22:50.0692 4432	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
00:22:50.0723 4432	MSPCLOCK - ok
00:22:50.0739 4432	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
00:22:50.0754 4432	MSPQM - ok
00:22:50.0785 4432	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
00:22:50.0801 4432	MsRPC - ok
00:22:50.0801 4432	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
00:22:50.0817 4432	mssmbios - ok
00:22:50.0848 4432	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
00:22:50.0879 4432	MSTEE - ok
00:22:50.0895 4432	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
00:22:50.0910 4432	MTConfig - ok
00:22:50.0910 4432	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
00:22:50.0926 4432	Mup - ok
00:22:50.0957 4432	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
00:22:50.0973 4432	NativeWifiP - ok
00:22:51.0035 4432	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
00:22:51.0051 4432	NDIS - ok
00:22:51.0097 4432	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
00:22:51.0144 4432	NdisCap - ok
00:22:51.0175 4432	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
00:22:51.0207 4432	NdisTapi - ok
00:22:51.0222 4432	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
00:22:51.0269 4432	Ndisuio - ok
00:22:51.0300 4432	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
00:22:51.0331 4432	NdisWan - ok
00:22:51.0363 4432	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
00:22:51.0378 4432	NDProxy - ok
00:22:51.0409 4432	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
00:22:51.0425 4432	NetBIOS - ok
00:22:51.0472 4432	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
00:22:51.0487 4432	NetBT - ok
00:22:51.0550 4432	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
00:22:51.0565 4432	nfrd960 - ok
00:22:51.0612 4432	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
00:22:51.0628 4432	Npfs - ok
00:22:51.0643 4432	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
00:22:51.0675 4432	nsiproxy - ok
00:22:51.0721 4432	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
00:22:51.0753 4432	Ntfs - ok
00:22:51.0768 4432	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
00:22:51.0815 4432	Null - ok
00:22:51.0846 4432	nusb3hub        (bad636ee7ff5bf539854bba33868efc2) C:\Windows\system32\DRIVERS\nusb3hub.sys
00:22:51.0893 4432	nusb3hub - ok
00:22:51.0955 4432	nusb3xhc        (dfafdc3051e04ffafddc4872394c1fc8) C:\Windows\system32\DRIVERS\nusb3xhc.sys
00:22:51.0971 4432	nusb3xhc - ok
00:22:52.0018 4432	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
00:22:52.0033 4432	nvraid - ok
00:22:52.0065 4432	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
00:22:52.0080 4432	nvstor - ok
00:22:52.0111 4432	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
00:22:52.0127 4432	nv_agp - ok
00:22:52.0143 4432	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
00:22:52.0174 4432	ohci1394 - ok
00:22:52.0205 4432	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
00:22:52.0221 4432	Parport - ok
00:22:52.0236 4432	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
00:22:52.0252 4432	partmgr - ok
00:22:52.0267 4432	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
00:22:52.0299 4432	Parvdm - ok
00:22:52.0330 4432	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
00:22:52.0345 4432	pci - ok
00:22:52.0345 4432	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
00:22:52.0361 4432	pciide - ok
00:22:52.0377 4432	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
00:22:52.0392 4432	pcmcia - ok
00:22:52.0408 4432	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
00:22:52.0423 4432	pcw - ok
00:22:52.0455 4432	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
00:22:52.0470 4432	PEAUTH - ok
00:22:52.0533 4432	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
00:22:52.0564 4432	PptpMiniport - ok
00:22:52.0579 4432	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
00:22:52.0611 4432	Processor - ok
00:22:52.0626 4432	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
00:22:52.0657 4432	Psched - ok
00:22:52.0704 4432	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
00:22:52.0735 4432	ql2300 - ok
00:22:52.0751 4432	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
00:22:52.0767 4432	ql40xx - ok
00:22:52.0782 4432	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
00:22:52.0798 4432	QWAVEdrv - ok
00:22:52.0813 4432	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
00:22:52.0829 4432	RasAcd - ok
00:22:52.0860 4432	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:22:52.0891 4432	RasAgileVpn - ok
00:22:52.0907 4432	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:22:52.0938 4432	Rasl2tp - ok
00:22:52.0954 4432	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
00:22:52.0969 4432	RasPppoe - ok
00:22:52.0985 4432	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
00:22:53.0016 4432	RasSstp - ok
00:22:53.0032 4432	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
00:22:53.0079 4432	rdbss - ok
00:22:53.0094 4432	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
00:22:53.0125 4432	rdpbus - ok
00:22:53.0219 4432	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:22:53.0313 4432	RDPCDD - ok
00:22:53.0344 4432	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
00:22:53.0375 4432	RDPENCDD - ok
00:22:53.0375 4432	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
00:22:53.0453 4432	RDPREFMP - ok
00:22:53.0500 4432	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
00:22:53.0531 4432	RDPWD - ok
00:22:53.0562 4432	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
00:22:53.0578 4432	rdyboost - ok
00:22:53.0609 4432	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
00:22:53.0625 4432	rspndr - ok
00:22:53.0671 4432	RTL8167         (effd24b219c44f9044b8dbb95a54b7ab) C:\Windows\system32\DRIVERS\Rt86win7.sys
00:22:53.0687 4432	RTL8167 - ok
00:22:53.0749 4432	SAVOnAccess     (529b904346872e9e9285cc2131542dc0) C:\Windows\system32\DRIVERS\savonaccess.sys
00:22:53.0781 4432	SAVOnAccess - ok
00:22:53.0812 4432	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
00:22:53.0827 4432	sbp2port - ok
00:22:53.0859 4432	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
00:22:53.0890 4432	scfilter - ok
00:22:53.0905 4432	sdcfilter       (30bde6ba44a5afeb63f78eda06c64866) C:\Windows\system32\DRIVERS\sdcfilter.sys
00:22:53.0937 4432	sdcfilter - ok
00:22:53.0983 4432	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:22:53.0999 4432	secdrv - ok
00:22:54.0030 4432	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
00:22:54.0046 4432	Serenum - ok
00:22:54.0077 4432	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
00:22:54.0093 4432	Serial - ok
00:22:54.0124 4432	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
00:22:54.0155 4432	sermouse - ok
00:22:54.0186 4432	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
00:22:54.0217 4432	sffdisk - ok
00:22:54.0217 4432	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
00:22:54.0249 4432	sffp_mmc - ok
00:22:54.0264 4432	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
00:22:54.0295 4432	sffp_sd - ok
00:22:54.0311 4432	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
00:22:54.0327 4432	sfloppy - ok
00:22:54.0373 4432	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
00:22:54.0389 4432	sisagp - ok
00:22:54.0405 4432	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:22:54.0420 4432	SiSRaid2 - ok
00:22:54.0436 4432	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
00:22:54.0451 4432	SiSRaid4 - ok
00:22:54.0483 4432	SKMScan         (e407a8eea2fd4bf560c05c0ebf1793b3) C:\Windows\system32\DRIVERS\skmscan.sys
00:22:54.0514 4432	SKMScan - ok
00:22:54.0514 4432	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
00:22:54.0545 4432	Smb - ok
00:22:54.0576 4432	SophosBootDriver (f2b7bd04146b3e6a895a1919e1f5da89) C:\Windows\system32\DRIVERS\SophosBootDriver.sys
00:22:54.0607 4432	SophosBootDriver - ok
00:22:54.0623 4432	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
00:22:54.0639 4432	spldr - ok
00:22:54.0701 4432	sptd            (a80cd850d69d996c832bea37e3a6aa1e) C:\Windows\system32\Drivers\sptd.sys
00:22:54.0701 4432	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
00:22:54.0701 4432	sptd ( LockedFile.Multi.Generic ) - warning
00:22:54.0701 4432	sptd - detected LockedFile.Multi.Generic (1)
00:22:54.0732 4432	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
00:22:54.0763 4432	srv - ok
00:22:54.0779 4432	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
00:22:54.0795 4432	srv2 - ok
00:22:54.0826 4432	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
00:22:54.0857 4432	srvnet - ok
00:22:54.0903 4432	StarOpen        (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
00:22:54.0923 4432	StarOpen ( UnsignedFile.Multi.Generic ) - warning
00:22:54.0923 4432	StarOpen - detected UnsignedFile.Multi.Generic (1)
00:22:54.0958 4432	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
00:22:54.0974 4432	stexstor - ok
00:22:55.0021 4432	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
00:22:55.0036 4432	swenum - ok
00:22:55.0114 4432	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
00:22:55.0145 4432	Tcpip - ok
00:22:55.0223 4432	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
00:22:55.0239 4432	TCPIP6 - ok
00:22:55.0317 4432	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
00:22:55.0333 4432	tcpipreg - ok
00:22:55.0442 4432	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
00:22:55.0473 4432	TDPIPE - ok
00:22:55.0551 4432	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
00:22:55.0613 4432	TDTCP - ok
00:22:55.0676 4432	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
00:22:55.0691 4432	tdx - ok
00:22:55.0738 4432	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
00:22:55.0754 4432	TermDD - ok
00:22:55.0847 4432	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:22:55.0879 4432	tssecsrv - ok
00:22:55.0941 4432	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
00:22:55.0972 4432	TsUsbFlt - ok
00:22:56.0019 4432	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
00:22:56.0066 4432	tunnel - ok
00:22:56.0097 4432	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
00:22:56.0113 4432	uagp35 - ok
00:22:56.0159 4432	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
00:22:56.0191 4432	udfs - ok
00:22:56.0253 4432	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
00:22:56.0269 4432	uliagpkx - ok
00:22:56.0300 4432	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
00:22:56.0331 4432	umbus - ok
00:22:56.0393 4432	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
00:22:56.0425 4432	UmPass - ok
00:22:56.0503 4432	usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
00:22:56.0549 4432	usbaudio - ok
00:22:56.0565 4432	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
00:22:56.0612 4432	usbccgp - ok
00:22:56.0659 4432	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
00:22:56.0705 4432	usbcir - ok
00:22:56.0737 4432	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
00:22:56.0768 4432	usbehci - ok
00:22:56.0799 4432	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
00:22:56.0846 4432	usbhub - ok
00:22:56.0893 4432	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
00:22:56.0908 4432	usbohci - ok
00:22:56.0955 4432	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
00:22:56.0986 4432	usbprint - ok
00:22:57.0033 4432	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:22:57.0080 4432	USBSTOR - ok
00:22:57.0095 4432	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
00:22:57.0127 4432	usbuhci - ok
00:22:57.0173 4432	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
00:22:57.0189 4432	vdrvroot - ok
00:22:57.0220 4432	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
00:22:57.0251 4432	vga - ok
00:22:57.0283 4432	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
00:22:57.0298 4432	VgaSave - ok
00:22:57.0329 4432	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
00:22:57.0345 4432	vhdmp - ok
00:22:57.0376 4432	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
00:22:57.0392 4432	viaagp - ok
00:22:57.0392 4432	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
00:22:57.0439 4432	ViaC7 - ok
00:22:57.0454 4432	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
00:22:57.0470 4432	viaide - ok
00:22:57.0501 4432	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
00:22:57.0517 4432	volmgr - ok
00:22:57.0579 4432	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
00:22:57.0626 4432	volmgrx - ok
00:22:57.0657 4432	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
00:22:57.0704 4432	volsnap - ok
00:22:57.0782 4432	vpnva           (fc94804932cfc35f01b3ae510e3b4d5c) C:\Windows\system32\DRIVERS\vpnva.sys
00:22:57.0813 4432	vpnva - ok
00:22:57.0860 4432	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
00:22:57.0891 4432	vsmraid - ok
00:22:57.0938 4432	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
00:22:57.0969 4432	vwifibus - ok
00:22:58.0047 4432	wacmoumonitor   (c3b03ed7b06657a3355f620bc02acfb6) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
00:22:58.0094 4432	wacmoumonitor - ok
00:22:58.0156 4432	wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
00:22:58.0156 4432	wacommousefilter - ok
00:22:58.0187 4432	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
00:22:58.0219 4432	WacomPen - ok
00:22:58.0281 4432	wacomvhid       (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
00:22:58.0297 4432	wacomvhid - ok
00:22:58.0328 4432	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:22:58.0359 4432	WANARP - ok
00:22:58.0359 4432	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:22:58.0375 4432	Wanarpv6 - ok
00:22:58.0453 4432	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
00:22:58.0499 4432	Wd - ok
00:22:58.0593 4432	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
00:22:58.0609 4432	Wdf01000 - ok
00:22:58.0624 4432	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
00:22:58.0655 4432	WfpLwf - ok
00:22:58.0671 4432	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
00:22:58.0687 4432	WIMMount - ok
00:22:58.0843 4432	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
00:22:58.0874 4432	WinUsb - ok
00:22:58.0936 4432	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
00:22:58.0952 4432	WmiAcpi - ok
00:22:58.0999 4432	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
00:22:59.0030 4432	ws2ifsl - ok
00:22:59.0077 4432	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
00:22:59.0108 4432	WudfPf - ok
00:22:59.0139 4432	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:22:59.0170 4432	WUDFRd - ok
00:22:59.0248 4432	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:23:00.0325 4432	\Device\Harddisk0\DR0 - ok
00:23:00.0340 4432	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
00:23:01.0744 4432	\Device\Harddisk1\DR1 - ok
00:23:01.0760 4432	Boot (0x1200)   (c997f51035b28671e4cce0e1ce281368) \Device\Harddisk0\DR0\Partition0
00:23:01.0775 4432	\Device\Harddisk0\DR0\Partition0 - ok
00:23:01.0791 4432	Boot (0x1200)   (3c6329bf13a79957c0e7e47bec45d0ec) \Device\Harddisk0\DR0\Partition1
00:23:01.0822 4432	\Device\Harddisk0\DR0\Partition1 - ok
00:23:01.0838 4432	Boot (0x1200)   (fb6b9982794830c78813d712c0a554c5) \Device\Harddisk0\DR0\Partition2
00:23:01.0838 4432	\Device\Harddisk0\DR0\Partition2 - ok
00:23:01.0869 4432	Boot (0x1200)   (d1a8553ade86cf76e72a858ad9a6e3f0) \Device\Harddisk0\DR0\Partition3
00:23:01.0885 4432	\Device\Harddisk0\DR0\Partition3 - ok
00:23:01.0885 4432	Boot (0x1200)   (7acd7141b19f45f18f680aa53166626a) \Device\Harddisk1\DR1\Partition0
00:23:01.0885 4432	\Device\Harddisk1\DR1\Partition0 - ok
00:23:01.0885 4432	============================================================
00:23:01.0885 4432	Scan finished
00:23:01.0885 4432	============================================================
00:23:01.0900 4424	Detected object count: 3
00:23:01.0900 4424	Actual detected object count: 3
00:23:10.0808 4424	CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
00:23:10.0808 4424	CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:23:10.0808 4424	sptd ( LockedFile.Multi.Generic ) - skipped by user
00:23:10.0808 4424	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
00:23:10.0808 4424	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
00:23:10.0808 4424	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:23:44.0459 2636	Deinitialize success

[Edit]:
Mh, Anmerkung zu den drei Funden:
* StarOpen gehört anscheinend zum nutzlosen Samsung PC Studio 3 mobile,
* CVPNDRVA zum Bereits erwähnten Cisco VPN client.
* Die sptd könnte von ner Alcohol 120% Installation vor einiger Zeit übrig geblieben sein. Unis und der reale Umgang mit (teurer!) professioneller Software sind anscheinend auch so ein Ding.. Aber man muss ja sparen sparen sparen... Ginge zum Teil zwar auch besser, aber da müsste sich jemand wirklich drum kümmern und das tut natürlich wieder keiner, weil sich die entsprechenden Entscheider nicht zuständig fühlen.. Wie ich in den letzten Wochen lernte ist der Zustand von Uni-Rechnern (inkl. der von festangestellten Mitarbeitern!) auch ein wenig gruselig. Idealismus trifft Realität, wohoo. :\

Die drei haben also schätzungsweise einen normaln Weg auf den Rechner gefunden.

L4m3ness · 11.02.2012, 16:35

Hab mich dazu entschlossen, Windows neu aufzusetzen, da ich (z.b. wegen online banking) ein wenig paranoid bin und ein System, dass nach ner Infektion instabil ist nun nicht gerade vertrauenserweckend ist. Ich glaub das geht schneller, als nun noch paar Stunden herumzudoktern und zu hoffen, dass dann wieder stabil wird.

In der Zeit, wo ich an dem Rechner nicht das machen konnte, was ich wollte, konnte ich ja die lokalen Tutorials zum Thema PC Sichern lesen und werd mal anfangen, die abzuarbeiten und mal schauen, was ich zum Thema Backups und System-images besser machen kann (vermutlich viel!). Dann kann ich auch mal die (möglicherweise vorhanden) Backup-Altlasten von 8 oder so Jahren "Neuinstallation? Naja, zieh ich die Partition einfach auf die ne andere" langsam abarbeiten.

Da das Einfallstor für meinen lieben Gast ja vermutlich der IE 8-Besuch auf einer von mir als (weitestgehend) vertrauenswürdig eingestuften Seite war, kommt in Zukunft halt Opera als Zweitbrowser neben Firefox zum Einsatz. Immerhin kann ich dann mal sehen, ob Opera auch so absturzfreudig ist wie Firefox ist, welches ja nach 20-30 parallel offenen Tabs in die Knie geht - und das schonmal 5-6 mal am Tag.

L4m3ness · 11.02.2012, 21:44

So, frisches Windows 7. Spuk sollte vorbei seien, nicht? Naja... nicht ganz. Stattdessen tut sich eine neue Frage (Netzwerksicherheit) auf.

Es trat folgendes Problem auf: Die Windows 7 SP1 Homepage bietet ne halbe Million (ok, n dutzend) Files an und ich habs geschafft das falsche zu erwischen. Macht ja nix, ich hab ja einen Mitbewohner (praktisch ne Zweck-WG). Beim Herunterladen der ISO (ohne Rohling natürlich super zu nutzen, danke Microsoft!) hab ich dann im Gespräch herausgefunden, dass der Gute sich auf ner Videostreaming Seite ein Exemplar des BKA Trojaners eingefangen hat (anscheinend aber ein anderes als ich, zumindest die Nachricht war anders) - und das ganze drei Stunden bevor ich ihn an der Backe hatte. Zufall? Womöglich, hab schließlich zu dem Zeitpunkt selbst ne Sicherheitssünde begangen. (mit IE 8 auf DeviantArt gewesen)

Wirklich sauber ist sein Rechner somit nicht, womit ich mir theoretisch via USB Stick natürlich direkt wieder was lustiges hab einfangen können. Adblocker und Noscript verwendet er nicht - aus mir unklaren Gründen - und anscheinend ist sein Umgang mit Virenbefall sehr locker und er hat seinen Gast halbherzig aus der Registry geschmissen und so, vermutlich ohne den Rechner danach auf Herz und Nieren zu prüfen. Dachte mir während des Downloads kann man ja mal ESET drüberlaufen lassen und das hat auf seiner Festplatte auch zwei Exemplare von Erpressertrojanern gefunden.. super..

Es stellt sich für mich nun also die Frage: Netzwerksicherheit - wie geht man da vor? WG-Üblich gehen wir über nen gemeinsamen Router ins Netz. Nur, wie verhindert man, dass zwischen den zwei Rechnern solche Gäste ausgetauscht werden? Ich weiß und glaub ja nun nicht, ob ich ihm die Besuche auf den Seiten ausreden kann, weswegen ich das Bedürfnis hab, meinen Rechner gegenüber seinem abzusichern. Da wir keinen Netzwerkdrucker o.ä. haben würde darunter nichts leiden.

Außerdem scheints mir, als sollte ich mir wieder n Linux als Backupsystem für solche Fälle installieren.

cosinus · 12.02.2012, 14:34

Zitat:

Nur, wie verhindert man, dass zwischen den zwei Rechnern solche Gäste ausgetauscht werden?

Indem man sich mal überlegt wie die Dinger denn zwischen euren Rechnern ausgetauscht wurden. Wenn das über ein USB-Stick passiert ist, sollte man mal überlegen, ob man sein Stick da an einen infizierten Rechner von deinem Kumpel überhaupt noch anschließen will

Ich deaktivier grundsätzlich die automatische Wiedergabe von allen Laufwerken, es ist eine selten dämliche Einstellung, dass Windows automatisch alles mögliche an Programmen ausführt nur weil man einen USB-Stick oder eine ext. Platte angeschlossen hat