Trojan.Ransom - Bezahlen und Herunterladen

cosinus · 10.02.2012, 13:06

Mach mal im abgesicherten Modus mit Netzwerktreibern ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

L4m3ness · 10.02.2012, 18:45

Zitat:

Zitat von cosinus

Mach mal im abgesicherten Modus mit Netzwerktreibern ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Erledigt

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.02.2012 18:28:09 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Noffy\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,91 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 61,52% Memory free
5,81 Gb Paging File | 4,72 Gb Available in Paging File | 81,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98,44 Gb Total Space | 51,35 Gb Free Space | 52,17% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 112,46 Gb Free Space | 76,77% Space Free | Partition Type: NTFS
Drive E: | 332,03 Gb Total Space | 228,88 Gb Free Space | 68,93% Space Free | Partition Type: NTFS
Drive F: | 322,26 Gb Total Space | 191,77 Gb Free Space | 59,51% Space Free | Partition Type: NTFS
Drive G: | 312,50 Gb Total Space | 28,43 Gb Free Space | 9,10% Space Free | Partition Type: NTFS
 
Computer Name: NOFFY-PC | User Name: Noffy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.10 06:57:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Noffy\Desktop\OTL.exe
PRC - [2011.09.28 19:10:20 | 000,099,864 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.28 22:19:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.02.09 22:38:08 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.05 17:22:18 | 000,167,960 | ---- | M] (Sophos Limited) [Unknown | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011.10.05 17:21:49 | 001,543,704 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011.09.28 19:10:20 | 000,099,864 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011.09.22 19:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011.09.08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2011.07.27 22:23:06 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.05.21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Programme\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007.04.02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Programme\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.01.16 14:01:58 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.05 17:22:04 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Stopped] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2011.09.28 19:10:17 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2011.09.28 19:10:17 | 000,024,312 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2011.09.28 19:10:15 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2011.09.08 17:49:36 | 000,010,752 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2011.09.08 17:49:26 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2011.09.08 17:49:24 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2011.08.03 21:27:28 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.02.10 13:52:10 | 000,141,952 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2011.02.10 13:52:10 | 000,063,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.10.14 18:27:18 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010.03.23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.11.18 00:12:00 | 000,024,664 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBfilt32.sys -- (MBfilt)
DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 CE CF D6 71 E7 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: de-CH@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.uni-marburg.de/proxy.pac"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Noffy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 19:53:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.28 20:48:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.09.28 20:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noffy\AppData\Roaming\mozilla\Extensions
[2012.02.02 19:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions
[2011.09.28 20:33:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.09 22:19:16 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.09.28 20:33:33 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.01.27 13:13:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.09.28 20:33:32 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\de-AT@dictionaries.addons.mozilla.org
[2011.09.28 20:33:32 | 000,000,000 | ---D | M] (German Dictionary (Switzerland)) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\de-CH@dictionaries.addons.mozilla.org
[2011.09.28 20:33:32 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.09.28 20:33:32 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\nex806n2.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011.11.05 12:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\sphtcxgm.test\extensions
[2011.11.05 12:47:18 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Noffy\AppData\Roaming\mozilla\Firefox\Profiles\sphtcxgm.test\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.01.07 18:37:57 | 000,002,055 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\Mozilla\Firefox\Profiles\nex806n2.default\searchplugins\daemon-search.xml
[2011.11.11 18:17:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\NOFFY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NEX806N2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\NOFFY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NEX806N2.DEFAULT\EXTENSIONS\{F86E6264-E877-5FCE-C3E4-8668A7D99DA2}.XPI
[2012.02.02 19:53:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.05 00:44:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.05 00:44:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.05 00:44:23 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.05 00:44:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.05 00:44:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.05 00:44:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [Super-Charger] C:\Programme\MSI\Super-Charger\StartSuperCharger.exe (TODO: <Company name>)
O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Noffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Miranda IM (2).lnk = C:\Programme\Miranda IM\miranda32.exe ( )
O4 - Startup: C:\Users\Noffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Noffy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{180CF972-282D-449C-84BF-69029C34EEE2}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SAVService - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SAVService - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.10 06:57:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Noffy\Desktop\OTL.exe
[2012.02.09 22:30:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.09 22:30:18 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Noffy\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.08 20:42:03 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\Combofix Kram
[2012.02.08 18:33:57 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\reinschiebe ordner
[2012.02.08 00:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.08 00:43:44 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\QuickScan
[2012.02.08 00:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.02.08 00:37:20 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\nerv
[2012.02.08 00:30:18 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\Malwarebytes
[2012.02.08 00:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.08 00:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.08 00:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.07 23:37:49 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\Development new experimental setup
[2012.01.29 20:42:02 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\OF Phys
[2012.01.28 23:34:22 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\SQUID
[2012.01.21 21:57:01 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\Neuer Ordner
[2012.01.19 20:25:49 | 000,000,000 | ---D | C] -- C:\Users\Noffy\Desktop\Origin Export
[2012.01.17 16:01:33 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\GRETECH
[2012.01.16 14:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OriginLab
[2012.01.16 14:15:10 | 001,637,520 | ---- | C] (Codejock Software) -- C:\Windows\System32\LPUIT05N.dll
[2012.01.16 14:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\OriginLab
[2012.01.16 14:13:27 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\InstallShield
[2012.01.16 14:12:23 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2012.01.16 02:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Philips X'Pert Plus
[2012.01.16 02:15:01 | 001,554,984 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\olch2x32.ocx
[2012.01.16 02:15:01 | 001,367,080 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\olch3x32.ocx
[2012.01.16 02:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\Philips
[2012.01.15 22:45:02 | 000,000,000 | ---D | C] -- C:\Users\Noffy\AppData\Roaming\PANalytical
[2012.01.15 22:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\ParallelGraphics
[2012.01.15 22:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParallelGraphics
[2012.01.15 22:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PANalytical X'Pert HighScore Plus
[2012.01.15 22:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PANalytical
[2012.01.15 22:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\PANalytical
[2012.01.15 22:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PANalytical
[2012.01.14 15:08:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\{26D901A1-2540-4430-81DC-0317F01BD7BE}
[2012.01.14 15:08:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\{35E78C3F-A136-46F8-8B7E-979CEDFC199F}
[2011.10.21 16:52:06 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.02.14 14:35:58 | 004,411,392 | ---- | C] (Gabest) -- C:\Program Files\mplayerc.exe
[1 C:\Users\Noffy\*.tmp files -> C:\Users\Noffy\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.10 18:25:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.10 18:25:13 | 2339,897,344 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.10 07:51:07 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.10 07:51:07 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.10 07:51:07 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.10 07:51:07 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.10 07:15:04 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.10 07:15:04 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.10 06:57:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Noffy\Desktop\OTL.exe
[2012.02.09 23:43:19 | 006,446,463 | ---- | M] () -- C:\Users\Noffy\Desktop\fallout_equestria_ereader_by_maximillianveers-d3k8aym.pdf
[2012.02.09 22:30:47 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.09 22:30:26 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Noffy\Desktop\mbam-setup-1.60.1.1000.exe
[2012.01.30 18:49:17 | 000,075,672 | ---- | M] () -- C:\Users\Noffy\Desktop\EM fc500.ogw
[2012.01.29 16:55:26 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\LyX 2.0.lnk
[2012.01.29 16:49:45 | 078,591,904 | ---- | M] () -- C:\Users\Noffy\Desktop\LyX-2.0.2-1-Installer.exe
[2012.01.29 13:18:49 | 000,001,441 | ---- | M] () -- C:\Users\Noffy\.recently-used.xbel
[2012.01.22 21:30:34 | 011,106,649 | ---- | M] () -- C:\Users\Noffy\Desktop\evil makeover 3d ref.psd
[2012.01.21 12:43:51 | 000,167,544 | ---- | M] () -- C:\Users\Noffy\Desktop\science_by_egophiliac-d4n2gxa.png
[2012.01.16 14:15:38 | 000,001,999 | ---- | M] () -- C:\Users\Noffy\Desktop\OriginPro 8.lnk
[2012.01.16 14:02:21 | 000,001,143 | ---- | M] () -- C:\Users\Noffy\Desktop\Origin - Verknüpfung.lnk
[2012.01.16 02:15:08 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\X'Pert Plus.lnk
[2012.01.16 02:14:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.01.16 02:14:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.01.15 22:41:30 | 000,000,154 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.01.15 22:41:26 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012.01.15 22:41:25 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\X'Pert HighScore Plus.lnk
[2012.01.14 15:08:15 | 000,001,307 | ---- | M] () -- C:\Users\Public\Desktop\Creative Product Registration.lnk
[2012.01.14 15:08:15 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\Creative Centrale.lnk
[2012.01.11 23:34:17 | 027,558,304 | ---- | M] () -- C:\Users\Noffy\Desktop\2012 State of the Herd Report.pdf
[1 C:\Users\Noffy\*.tmp files -> C:\Users\Noffy\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.09 23:43:15 | 006,446,463 | ---- | C] () -- C:\Users\Noffy\Desktop\fallout_equestria_ereader_by_maximillianveers-d3k8aym.pdf
[2012.02.09 22:30:47 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.30 18:49:17 | 000,075,672 | ---- | C] () -- C:\Users\Noffy\Desktop\EM fc500.ogw
[2012.01.29 16:45:28 | 078,591,904 | ---- | C] () -- C:\Users\Noffy\Desktop\LyX-2.0.2-1-Installer.exe
[2012.01.29 13:18:49 | 000,001,441 | ---- | C] () -- C:\Users\Noffy\.recently-used.xbel
[2012.01.22 21:30:33 | 011,106,649 | ---- | C] () -- C:\Users\Noffy\Desktop\evil makeover 3d ref.psd
[2012.01.21 12:43:48 | 000,167,544 | ---- | C] () -- C:\Users\Noffy\Desktop\science_by_egophiliac-d4n2gxa.png
[2012.01.16 14:16:20 | 000,001,999 | ---- | C] () -- C:\Users\Noffy\Desktop\OriginPro 8.lnk
[2012.01.16 14:15:11 | 000,065,536 | ---- | C] () -- C:\Windows\System32\ltserial.dll
[2012.01.16 14:02:21 | 000,001,143 | ---- | C] () -- C:\Users\Noffy\Desktop\Origin - Verknüpfung.lnk
[2012.01.16 02:15:08 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\X'Pert Plus.lnk
[2012.01.16 02:15:02 | 000,000,393 | ---- | C] () -- C:\Windows\System32\olchart.lic
[2012.01.16 02:14:45 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.01.16 02:14:45 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.01.15 22:41:30 | 000,000,154 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.01.15 22:41:26 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.01.15 22:41:25 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\X'Pert HighScore Plus.lnk
[2012.01.14 15:08:15 | 000,001,307 | ---- | C] () -- C:\Users\Public\Desktop\Creative Product Registration.lnk
[2012.01.14 15:08:15 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\Creative Centrale.lnk
[2012.01.11 23:32:28 | 027,558,304 | ---- | C] () -- C:\Users\Noffy\Desktop\2012 State of the Herd Report.pdf
[2012.01.07 14:59:56 | 000,000,028 | ---- | C] () -- C:\Users\Noffy\AppData\Roaming\PhonerLitesettings.ini
[2011.12.20 16:12:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.12.20 16:05:30 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2011.10.21 17:23:10 | 000,217,536 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011.10.21 17:22:54 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2011.10.21 17:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2011.10.04 16:06:17 | 000,003,584 | ---- | C] () -- C:\Users\Noffy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.28 20:37:28 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.09.28 20:36:57 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.09.28 20:36:57 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.09.28 20:36:56 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.09.28 20:36:56 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.09.28 20:36:56 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.09.28 19:16:12 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.09.28 19:14:49 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.09.28 19:14:46 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011.09.28 19:14:46 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011.09.28 19:14:46 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.09.28 19:03:28 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011.07.28 16:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2010.03.23 12:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009.07.14 09:47:43 | 000,696,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,147,916 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,294,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,651,938 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,120,870 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.09.30 13:43:17 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Amazon
[2012.01.26 16:07:03 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Audacity
[2011.10.04 22:47:07 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\DVDVideoSoft
[2011.10.01 11:51:16 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.29 18:56:13 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Foxit Software
[2011.09.28 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\inkscape
[2011.10.18 20:08:11 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\LyX2.0
[2011.09.28 19:51:34 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Miranda
[2011.09.30 13:32:48 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\OpenOffice.org
[2012.01.15 22:45:02 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\PANalytical
[2012.01.07 15:01:47 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\PhonerLite
[2012.02.08 00:43:51 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\QuickScan
[2011.12.20 16:12:30 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Samsung
[2011.09.28 20:43:37 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Thunderbird
[2012.02.10 00:49:28 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\XnView
[2009.07.14 05:53:46 | 000,010,204 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.09.30 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Adobe
[2011.09.30 13:43:17 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Amazon
[2011.10.04 16:21:16 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Apple Computer
[2012.01.26 16:07:03 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Audacity
[2011.10.04 16:04:12 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Creative
[2011.10.04 22:47:07 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\DVDVideoSoft
[2011.10.01 11:51:16 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.29 18:56:13 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Foxit Software
[2012.01.17 16:01:33 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\GRETECH
[2011.09.28 19:01:13 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Identities
[2011.09.28 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\inkscape
[2012.01.16 14:13:27 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\InstallShield
[2011.10.18 20:08:11 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\LyX2.0
[2011.09.28 20:35:34 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Macromedia
[2012.02.08 00:30:18 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Media Center Programs
[2011.09.28 19:43:49 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Media Player Classic
[2012.01.05 01:06:29 | 000,000,000 | --SD | M] -- C:\Users\Noffy\AppData\Roaming\Microsoft
[2011.10.15 12:16:08 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\MiKTeX
[2011.09.28 19:51:34 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Miranda
[2011.12.08 12:51:32 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\mIRC
[2011.09.28 20:32:26 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Mozilla
[2011.09.30 13:32:48 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\OpenOffice.org
[2012.01.15 22:45:02 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\PANalytical
[2012.01.07 15:01:47 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\PhonerLite
[2012.02.08 00:43:51 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\QuickScan
[2011.12.20 16:12:30 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Samsung
[2012.02.10 07:08:25 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Skype
[2011.09.28 20:43:37 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\Thunderbird
[2012.02.09 22:19:28 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\vlc
[2011.09.29 00:46:59 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\WinRAR
[2011.11.01 17:23:44 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\WTablet
[2012.02.10 00:49:28 | 000,000,000 | ---D | M] -- C:\Users\Noffy\AppData\Roaming\XnView
 
< %APPDATA%\*.exe /s >
[2010.03.29 07:53:22 | 000,029,984 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Noffy\AppData\Roaming\Mozilla\Firefox\Profiles\nex806n2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
[2012.01.15 22:45:11 | 000,784,600 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\DICVOL04.exe
[2012.01.15 22:45:11 | 000,293,376 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\DicvolWIN.exe
[2012.01.15 22:45:11 | 000,159,744 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\drawxtl.exe
[2012.01.15 22:45:11 | 000,319,488 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\Fourier.exe
[2012.01.15 22:45:11 | 000,253,440 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\ItoWin.exe
[2012.01.15 22:45:11 | 000,757,760 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\McMaille.exe
[2012.01.15 22:45:12 | 000,247,405 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\Stid.exe
[2012.01.15 22:45:12 | 000,318,464 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\TIDY.EXE
[2012.01.15 22:45:11 | 000,261,120 | ---- | M] () -- C:\Users\Noffy\AppData\Roaming\PANalytical\X'Pert HighScore Plus\TreorWin.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2012.01.16 14:01:58 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:60466E88

< End of report >

--- --- ---

Trojan.Ransom - Bezahlen und Herunterladen

Plagegeister aller Art und deren Bekämpfung: Trojan.Ransom - Bezahlen und Herunterladen

Trojan.Ransom - Bezahlen und Herunterladen

Trojan.Ransom - Bezahlen und Herunterladen

Ähnliche Themen: Trojan.Ransom - Bezahlen und Herunterladen