| |
| |||||||
Log-Analyse und Auswertung: Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.08.2010, 12:52
| #1 |
| |  Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet Hallo, und auch ich habe dieses Problem, ich habe nun wie beim Kollegen vom 16.8 alle Log Dateien erstellt, in der Hoffnung, dass mir auch weitergeholfen werden kann. Nochmal die kurzfassung, habe mir wohl nen Trojaner eingefangen, es kam immer die Meldung der PC sei infiziert, egal was ich geöffnet habe. Antimalware Doctor etc waren auf dem PC... ich hoffe dass diese nun weg sind. Naja und Wie wohl schon bekannt, sobald der Lan Stecker drin ist kommt die oben genannte Meldung und der PC startet neu. Bitte um eure Hilfe. Vielen Dank HijackThis Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:02:59, on 29.08.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: C:\Windows\system32\g3rbzl2.dll - {B1BA40A2-75F2-51BD-F413-04B13A2C8953} - C:\Windows\system32\g3rbzl2.dll (file missing) O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\AntiVirus\WebFilter\AvkWebIE.dll O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\fudgi\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKLM\..\Policies\Explorer\Run: [2nvtu0] C:\Users\fudgi\AppData\Local\Temp\ui15cr.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe O23 - Service: DirMngr - Unknown owner - C:\Program Files\GNU\GnuPG\dirmngr.exe O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 6900 bytes Code:
ATTFilter OTL logfile created on: 29.08.2010 12:07:57 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\fudgi\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 24,31 Gb Total Space | 2,61 Gb Free Space | 10,74% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 69,77 Gb Total Space | 8,47 Gb Free Space | 12,14% Space Free | Partition Type: NTFS Drive F: | 56,53 Gb Total Space | 9,03 Gb Free Space | 15,97% Space Free | Partition Type: NTFS Drive G: | 22,75 Gb Total Space | 0,70 Gb Free Space | 3,10% Space Free | Partition Type: NTFS H: Drive not present or media not loaded Drive I: | 1,86 Gb Total Space | 1,16 Gb Free Space | 62,39% Space Free | Partition Type: FAT Drive Z: | 441,34 Gb Total Space | 133,37 Gb Free Space | 30,22% Space Free | Partition Type: NTFS Computer Name: FUDGI-PC Current User Name: fudgi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\fudgi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net) PRC - C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) PRC - C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Programme\GNU\GnuPG\dirmngr.exe () PRC - C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Programme\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG) PRC - C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe (G Data Software AG) PRC - C:\Programme\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) PRC - C:\Programme\Foxit Software\Foxit Reader\Foxit Reader.exe () PRC - C:\Programme\Orbitdownloader\orbitnet.exe (Orbitdownloader.com) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Windows\System32\brss01a.exe (brother Industries Ltd) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.) PRC - C:\Users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) PRC - C:\Windows\System32\brsvc01a.exe (brother Industries Ltd) ========== Modules (SafeList) ========== MOD - C:\Users\fudgi\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (DirMngr) -- C:\Program Files\GNU\GnuPG\dirmngr.exe () SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (AVKService) -- C:\Programme\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (AVKWCtl) -- C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe (G Data Software AG) SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (Brother XP spl Service) -- C:\Windows\System32\brsvc01a.exe (brother Industries Ltd) ========== Driver Services (SafeList) ========== DRV - (ALSysIO) -- C:\Users\fudgi\AppData\Local\Temp\ALSysIO.sys File not found DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software) DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG) DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG) DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG) DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G DATA Software AG) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (giveio) -- C:\Windows\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC E9 8E 48 4E 3D CB 01 [binary data] IE - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.6 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.25 19:13:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.18 10:36:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.01 17:05:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.03.03 04:31:41 | 000,000,000 | ---D | M] [2010.04.25 19:13:09 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\mozilla\Extensions [2010.02.13 17:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fudgi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.07.06 17:21:54 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\mozilla\Firefox\Profiles\34xxeldv.default\extensions [2010.04.25 19:14:07 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Users\fudgi\AppData\Roaming\mozilla\Firefox\Profiles\34xxeldv.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe} [2010.08.29 02:25:26 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.29 02:25:26 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.28 22:05:17 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (C:\Windows\system32\g3rbzl2.dll) - {B1BA40A2-75F2-51BD-F413-04B13A2C8953} - C:\Windows\System32\g3rbzl2.dll File not found O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\Webfilter\AvkWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found O4 - HKU\S-1-5-21-344238117-2985730186-2944176282-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-344238117-2985730186-2944176282-1001..\Run: [Octoshape Streaming Services] C:\Users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 2nvtu0 = C:\Users\fudgi\AppData\Local\Temp\ui15cr.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{8fa8654d-0c76-11df-a781-001e8c1f79b5}\Shell - "" = AutoRun O33 - MountPoints2\{8fa8654d-0c76-11df-a781-001e8c1f79b5}\Shell\AutoRun\command - "" = J:\WD SmartWare.exe -- File not found O33 - MountPoints2\{ace01b18-1c25-11df-a3de-001e8c1f79b5}\Shell - "" = AutoRun O33 - MountPoints2\{ace01b18-1c25-11df-a3de-001e8c1f79b5}\Shell\AutoRun\command - "" = H:\SETUP.EXE -- File not found O33 - MountPoints2\{ace01b18-1c25-11df-a3de-001e8c1f79b5}\Shell\configure\command - "" = H:\SETUP.EXE -- File not found O33 - MountPoints2\{ace01b18-1c25-11df-a3de-001e8c1f79b5}\Shell\install\command - "" = H:\SETUP.EXE -- File not found O33 - MountPoints2\{ed96028a-0c5c-11df-aee9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ed96028a-0c5c-11df-aee9-806e6f6e6963}\Shell\AutoRun\command - "" = Y:\AUTOPLAY.EXE id=10000017000003000036 ver=1.0.0.0 -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) MsConfig - StartUpFolder: C:^Users^fudgi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Antimalware Doctor.lnk - C:\Users\fudgi\AppData\Roaming\17598169F3609228271747FA321FC526\mediafix70700en02.exe - File not found MsConfig - StartUpReg: 20W6RLKX65 - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\Kqr.exe File not found MsConfig - StartUpReg: bfrhvhdl - hkey= - key= - C:\Users\fudgi\AppData\Local\fpfxijqof\circmmishdw.exe File not found MsConfig - StartUpReg: bipro - hkey= - key= - C:\Windows\$NtUninstallMTF1011$\mmduch.DLL File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: EWABQAF7KL - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\Kqr.exe File not found MsConfig - StartUpReg: hse897ifdsjf98u3heuidhfdd - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\wnnf9zt40.exe File not found MsConfig - StartUpReg: igigkyxx - hkey= - key= - C:\Users\fudgi\AppData\Local\vcmyiqdvn\cawxhqqshdw.exe File not found MsConfig - StartUpReg: kcpvdifa - hkey= - key= - C:\Users\fudgi\AppData\Local\kpoxiaqfe\cqppwgdshdw.exe File not found MsConfig - StartUpReg: mediafix70700en02.exe - hkey= - key= - C:\Users\fudgi\AppData\Roaming\17598169F3609228271747FA321FC526\mediafix70700en02.exe File not found MsConfig - StartUpReg: morxnsacwe.exe - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\morxnsacwe.exe File not found MsConfig - StartUpReg: NetLog2 - hkey= - key= - C:\Windows\svc2.exe File not found MsConfig - StartUpReg: Speech Recognition - hkey= - key= - C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) MsConfig - StartUpReg: XBV6RD5SZF - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\Kqs.exe File not found MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () ========== Files/Folders - Created Within 30 Days ========== [2010.08.29 12:05:44 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\fudgi\Desktop\OTL.exe [2010.08.29 12:02:07 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.08.29 03:51:10 | 000,000,000 | ---D | C] -- C:\Users\fudgi\AppData\Roaming\Malwarebytes [2010.08.29 03:50:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.29 03:50:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.29 03:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.29 03:50:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.29 02:29:15 | 000,029,992 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2010.08.29 02:25:28 | 000,038,856 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys [2010.08.29 02:25:24 | 000,061,512 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2010.08.29 02:25:24 | 000,033,480 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2010.08.29 02:25:23 | 000,040,904 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2010.08.29 02:25:15 | 000,000,000 | ---D | C] -- C:\Programme\G Data [2010.08.29 02:25:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\G Data [2010.08.29 02:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA [2010.08.29 00:48:47 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.08.28 22:14:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.08.28 21:49:21 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\Windows\Kriced.exe [2010.08.28 21:47:06 | 000,000,000 | ---D | C] -- C:\Users\fudgi\AppData\Local\Octoshape [2010.08.28 21:44:47 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\Windows\Kricec.exe [2010.08.28 21:44:31 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\Windows\Kriceb.exe [2010.08.28 21:40:49 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\Windows\Kricea.exe [2010.08.28 21:40:30 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%USERPROFILE% [2010.08.28 21:40:13 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2010.08.28 21:39:57 | 000,000,000 | ---D | C] -- C:\Users\fudgi\AppData\Local\Windows Server [2010.08.22 01:35:07 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live Safety Center ========== Files - Modified Within 30 Days ========== [2010.08.29 12:12:04 | 002,359,296 | -HS- | M] () -- C:\Users\fudgi\NTUSER.DAT [2010.08.29 12:11:15 | 000,787,456 | ---- | M] () -- C:\Windows\System32\drivers\cxcca.sys [2010.08.29 12:09:31 | 001,480,602 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.29 12:09:31 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.29 12:09:31 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.29 12:09:31 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.29 12:09:31 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.29 12:06:08 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.29 12:06:08 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.29 12:02:07 | 000,002,039 | ---- | M] () -- C:\Users\fudgi\Desktop\HijackThis.lnk [2010.08.29 12:01:13 | 000,001,843 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk [2010.08.29 12:01:08 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.29 12:01:07 | 000,000,021 | ---- | M] () -- C:\Windows\S.dirmngr [2010.08.29 12:01:04 | 001,048,576 | -HS- | M] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.2.regtrans-ms [2010.08.29 12:01:04 | 001,048,576 | -HS- | M] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.1.regtrans-ms [2010.08.29 12:01:04 | 001,048,576 | -HS- | M] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.0.regtrans-ms [2010.08.29 12:01:04 | 000,065,536 | -HS- | M] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.blf [2010.08.29 12:01:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.29 12:00:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.29 12:00:42 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2010.08.29 11:45:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\fudgi\Desktop\OTL.exe [2010.08.29 05:06:50 | 001,534,761 | -H-- | M] () -- C:\Users\fudgi\AppData\Local\IconCache.db [2010.08.29 04:16:08 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-344238117-2985730186-2944176282-1001UA.job [2010.08.29 03:50:30 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.29 02:29:15 | 000,029,992 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2010.08.29 02:25:28 | 000,038,856 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys [2010.08.29 02:25:27 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\G Data AntiVirus 2011.lnk [2010.08.29 02:25:24 | 000,061,512 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2010.08.29 02:25:24 | 000,033,480 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2010.08.29 02:25:23 | 000,040,904 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2010.08.29 02:16:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-344238117-2985730186-2944176282-1001Core.job [2010.08.28 21:52:39 | 000,000,198 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.08.28 21:40:47 | 000,187,392 | ---- | M] (OpenSC Project) -- C:\Windows\Kriced.exe [2010.08.28 21:40:47 | 000,187,392 | ---- | M] (OpenSC Project) -- C:\Windows\Kricec.exe [2010.08.28 21:40:43 | 000,187,392 | ---- | M] (OpenSC Project) -- C:\Windows\Kriceb.exe [2010.08.28 21:40:40 | 000,187,392 | ---- | M] (OpenSC Project) -- C:\Windows\Kricea.exe [2010.08.28 08:01:00 | 050,000,000 | ---- | M] () -- C:\mom-wiitard.r89 [2010.08.24 01:27:25 | 001,078,429 | ---- | M] () -- C:\Users\fudgi\Desktop\Barnitos_Softmod_v0.9.pdf [2010.08.23 18:25:26 | 002,061,393 | ---- | M] () -- C:\Users\fudgi\Documents\heroes.wma [2010.08.23 18:22:07 | 000,570,713 | ---- | M] () -- C:\Users\fudgi\Desktop\Unbenannt.wma [2010.08.23 18:11:03 | 002,564,273 | ---- | M] () -- C:\Users\fudgi\Desktop\blah.wma [2010.08.23 00:54:56 | 000,101,260 | ---- | M] () -- C:\Users\fudgi\Desktop\desktop.jpg [2010.08.22 18:41:56 | 000,100,199 | ---- | M] () -- C:\Users\fudgi\Desktop\joachim.jpg [2010.08.22 18:39:11 | 000,021,076 | ---- | M] () -- C:\Users\fudgi\Desktop\7B9.jpg [2010.08.22 01:34:21 | 018,250,890 | ---- | M] () -- C:\Users\fudgi\Desktop\daniel.zip [2010.08.22 01:33:05 | 018,063,988 | ---- | M] () -- C:\Users\fudgi\Desktop\daniel.rar [2010.08.22 00:02:47 | 000,050,073 | ---- | M] () -- C:\Users\fudgi\Desktop\3806813.s44170954.1c2b73e212c9.jpg [2010.08.21 23:58:21 | 001,182,184 | ---- | M] () -- C:\Users\fudgi\Desktop\CIMG0791.jpg [2010.08.21 12:16:21 | 000,002,397 | ---- | M] () -- C:\Users\fudgi\Desktop\Google Chrome.lnk [2010.08.17 01:19:03 | 000,190,497 | ---- | M] () -- C:\Users\fudgi\Desktop\06082010458.jpeg [2010.08.16 21:08:28 | 000,069,854 | ---- | M] () -- C:\Users\fudgi\Desktop\picture00259.jpg [2010.08.16 18:12:29 | 000,069,539 | ---- | M] () -- C:\Users\fudgi\Desktop\ATT02840.jpg [2010.08.16 17:58:11 | 000,025,066 | ---- | M] () -- C:\Users\fudgi\Desktop\ATT03965.jpg [2010.08.16 17:55:10 | 004,782,208 | ---- | M] () -- C:\wiixx.dol [2010.08.16 17:52:56 | 000,049,091 | ---- | M] () -- C:\Users\fudgi\Desktop\picture142.jpg [2010.08.16 17:52:48 | 000,045,419 | ---- | M] () -- C:\Users\fudgi\Desktop\picture00315.jpg [2010.08.16 17:52:39 | 000,192,536 | ---- | M] () -- C:\Users\fudgi\Desktop\03072010299.jpeg [2010.08.16 17:51:24 | 000,036,651 | ---- | M] () -- C:\Users\fudgi\Desktop\picture133.jpg [2010.08.16 17:50:54 | 002,812,922 | ---- | M] () -- C:\Users\fudgi\Desktop\Video100.avi [2010.08.16 17:48:32 | 000,036,066 | ---- | M] () -- C:\Users\fudgi\Desktop\n1110930796_289982_2174.jpg [2010.08.12 18:46:53 | 000,053,475 | ---- | M] () -- C:\Users\fudgi\Desktop\R01.jpg [2010.08.12 18:14:22 | 000,050,706 | ---- | M] () -- C:\Users\fudgi\Desktop\programm-Aug.pdf [2010.08.12 17:37:15 | 000,066,022 | ---- | M] () -- C:\Users\fudgi\Desktop\scat6.jpg [2010.08.12 17:36:55 | 000,244,483 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0051a.jpg [2010.08.12 17:35:43 | 000,209,244 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0053a.jpg [2010.08.12 17:35:39 | 000,273,806 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0052a.jpg [2010.08.12 17:30:48 | 000,242,641 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0056a.jpg [2010.08.12 17:30:40 | 000,227,249 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0055a.jpg [2010.08.12 17:30:17 | 000,270,167 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0054a.jpg [2010.08.04 01:33:08 | 001,936,320 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0050a.avi ========== Files Created - No Company Name ========== [2010.08.29 12:02:07 | 000,002,039 | ---- | C] () -- C:\Users\fudgi\Desktop\HijackThis.lnk [2010.08.29 12:01:04 | 001,048,576 | -HS- | C] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.2.regtrans-ms [2010.08.29 12:01:04 | 001,048,576 | -HS- | C] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.1.regtrans-ms [2010.08.29 12:01:04 | 001,048,576 | -HS- | C] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.0.regtrans-ms [2010.08.29 12:01:04 | 000,065,536 | -HS- | C] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.blf [2010.08.29 05:04:29 | 000,000,021 | ---- | C] () -- C:\Windows\S.dirmngr [2010.08.29 03:50:30 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.29 02:25:27 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\G Data AntiVirus 2011.lnk [2010.08.28 21:41:18 | 000,787,456 | ---- | C] () -- C:\Windows\System32\drivers\cxcca.sys [2010.08.28 21:40:53 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.28 17:42:30 | 050,000,000 | ---- | C] () -- C:\mom-wiitard.r89 [2010.08.24 01:27:24 | 001,078,429 | ---- | C] () -- C:\Users\fudgi\Desktop\Barnitos_Softmod_v0.9.pdf [2010.08.23 18:25:26 | 002,061,393 | ---- | C] () -- C:\Users\fudgi\Documents\heroes.wma [2010.08.23 18:22:07 | 000,570,713 | ---- | C] () -- C:\Users\fudgi\Desktop\Unbenannt.wma [2010.08.23 18:11:03 | 002,564,273 | ---- | C] () -- C:\Users\fudgi\Desktop\blah.wma [2010.08.23 00:54:56 | 000,101,260 | ---- | C] () -- C:\Users\fudgi\Desktop\desktop.jpg [2010.08.22 18:41:56 | 000,100,199 | ---- | C] () -- C:\Users\fudgi\Desktop\joachim.jpg [2010.08.22 18:39:13 | 000,021,076 | ---- | C] () -- C:\Users\fudgi\Desktop\7B9.jpg [2010.08.22 01:34:18 | 018,250,890 | ---- | C] () -- C:\Users\fudgi\Desktop\daniel.zip [2010.08.22 01:32:55 | 018,063,988 | ---- | C] () -- C:\Users\fudgi\Desktop\daniel.rar [2010.08.22 01:32:37 | 017,586,176 | ---- | C] () -- C:\Users\fudgi\Desktop\daniel.avi [2010.08.22 00:02:47 | 000,050,073 | ---- | C] () -- C:\Users\fudgi\Desktop\3806813.s44170954.1c2b73e212c9.jpg [2010.08.21 23:58:23 | 001,182,184 | ---- | C] () -- C:\Users\fudgi\Desktop\CIMG0791.jpg [2010.08.17 01:19:02 | 000,190,497 | ---- | C] () -- C:\Users\fudgi\Desktop\06082010458.jpeg [2010.08.16 17:59:23 | 000,069,539 | ---- | C] () -- C:\Users\fudgi\Desktop\ATT02840.jpg [2010.08.16 17:58:11 | 000,025,066 | ---- | C] () -- C:\Users\fudgi\Desktop\ATT03965.jpg [2010.08.16 17:58:03 | 000,069,854 | ---- | C] () -- C:\Users\fudgi\Desktop\picture00259.jpg [2010.08.16 17:55:10 | 004,782,208 | ---- | C] () -- C:\wiixx.dol [2010.08.16 17:52:55 | 000,049,091 | ---- | C] () -- C:\Users\fudgi\Desktop\picture142.jpg [2010.08.16 17:52:48 | 000,045,419 | ---- | C] () -- C:\Users\fudgi\Desktop\picture00315.jpg [2010.08.16 17:52:38 | 000,192,536 | ---- | C] () -- C:\Users\fudgi\Desktop\03072010299.jpeg [2010.08.16 17:51:23 | 000,036,651 | ---- | C] () -- C:\Users\fudgi\Desktop\picture133.jpg [2010.08.16 17:50:53 | 002,812,922 | ---- | C] () -- C:\Users\fudgi\Desktop\Video100.avi [2010.08.16 17:48:31 | 000,036,066 | ---- | C] () -- C:\Users\fudgi\Desktop\n1110930796_289982_2174.jpg [2010.08.12 18:46:52 | 000,053,475 | ---- | C] () -- C:\Users\fudgi\Desktop\R01.jpg [2010.08.12 18:14:21 | 000,050,706 | ---- | C] () -- C:\Users\fudgi\Desktop\programm-Aug.pdf [2010.08.12 17:36:54 | 000,244,483 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0051a.jpg [2010.08.12 17:35:42 | 000,209,244 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0053a.jpg [2010.08.12 17:35:38 | 000,273,806 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0052a.jpg [2010.08.12 17:30:47 | 000,242,641 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0056a.jpg [2010.08.12 17:30:39 | 000,227,249 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0055a.jpg [2010.08.12 17:30:15 | 000,270,167 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0054a.jpg [2010.08.04 01:33:07 | 001,936,320 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0050a.avi [2010.07.11 15:41:18 | 000,006,504 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2010.07.11 15:40:16 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll [2010.07.11 15:40:16 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2010.07.11 15:40:14 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys [2010.07.11 15:40:14 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys [2010.07.09 13:11:58 | 000,000,095 | ---- | C] () -- C:\Windows\wininit.ini [2010.07.06 21:55:42 | 000,000,051 | ---- | C] () -- C:\Windows\wdopAutoSort.INI [2010.06.28 13:00:58 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2010.06.20 16:59:20 | 000,000,946 | ---- | C] () -- C:\Users\fudgi\AppData\Local\7F68A003.il [2010.06.20 16:59:20 | 000,000,280 | ---- | C] () -- C:\Users\fudgi\AppData\Local\IndexIE_7F68A003.il [2010.03.16 00:22:06 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.03.16 00:22:06 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.02.18 02:15:43 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.02.08 16:26:08 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini [2010.02.08 16:26:07 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.02.08 16:26:07 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.01.29 01:36:17 | 000,015,360 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2010.04.23 16:39:34 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Ashampoo [2010.02.18 02:40:15 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\DAEMON Tools Lite [2010.08.16 17:44:24 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\gnupg [2010.06.04 01:37:29 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\GrabIt [2010.07.06 17:21:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\GrabPro [2010.07.06 17:20:24 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Gutscheinmieze [2010.01.29 01:21:21 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Helios [2010.07.21 00:26:42 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\ICQ [2010.05.18 15:45:58 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\IrfanView [2010.06.23 22:40:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\NewsLeecher [2010.05.29 21:43:23 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Octoshape [2010.03.08 05:25:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Opera [2010.08.29 12:01:13 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Orbit [2010.06.10 18:21:36 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\PixelPlanet [2010.07.09 12:40:47 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\QuickScan [2010.07.01 13:09:00 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Subversion [2010.02.13 17:20:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Thunderbird [2010.06.30 02:45:37 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\UseNeXT [2010.01.29 01:38:59 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\VanDyke [2009.07.14 06:53:46 | 000,013,732 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.08.29 12:01:08 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.28 21:52:39 | 000,000,198 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.01.29 02:27:27 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Adobe [2010.04.23 16:39:34 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Ashampoo [2010.02.08 16:33:19 | 000,000,000 | R--D | M] -- C:\Users\fudgi\AppData\Roaming\Brother [2010.02.18 02:40:15 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\DAEMON Tools Lite [2010.07.02 02:05:51 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\DivX [2010.08.02 02:43:11 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\dvdcss [2010.08.16 17:44:24 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\gnupg [2010.06.04 01:37:29 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\GrabIt [2010.07.06 17:21:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\GrabPro [2010.01.29 03:25:59 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\GRETECH [2010.07.06 17:20:24 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Gutscheinmieze [2010.01.29 01:21:21 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Helios [2010.07.21 00:26:42 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\ICQ [2010.01.29 00:40:56 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Identities [2010.02.08 16:25:04 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\InstallShield [2010.05.18 15:45:58 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\IrfanView [2010.01.29 02:27:27 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Macromedia [2010.08.29 03:51:10 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Media Center Programs [2010.08.23 18:12:13 | 000,000,000 | --SD | M] -- C:\Users\fudgi\AppData\Roaming\Microsoft [2010.03.26 18:57:19 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Move Networks [2010.05.29 21:43:23 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Mozilla [2010.06.23 22:40:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\NewsLeecher [2010.05.29 21:43:23 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Octoshape [2010.03.08 05:25:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Opera [2010.08.29 12:01:13 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Orbit [2010.06.10 18:21:36 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\PixelPlanet [2010.07.09 12:40:47 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\QuickScan [2010.06.19 11:46:08 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Skype [2010.06.19 08:01:01 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\skypePM [2010.07.01 13:09:00 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Subversion [2010.02.13 17:20:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Thunderbird [2010.07.01 14:13:05 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\TortoiseSVN [2010.06.30 02:45:37 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\UseNeXT [2010.01.29 01:38:59 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\VanDyke [2010.08.02 04:30:51 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\vlc [2010.04.21 19:55:09 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Winamp [2010.07.11 16:15:57 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2007.03.22 12:46:40 | 000,126,976 | ---- | M] () -- C:\Users\fudgi\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe [2010.06.10 18:38:28 | 000,149,360 | R--- | M] (Acresso Software Inc.) -- C:\Users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\ARPPRODUCTICON.exe [2010.06.10 18:38:28 | 000,149,360 | R--- | M] (Acresso Software Inc.) -- C:\Users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\NewShortcut11_1B47E40F0FE04A059EF1DDA8922D0BA2.exe [2010.06.10 18:38:28 | 000,149,360 | R--- | M] (Acresso Software Inc.) -- C:\Users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\NewShortcut1_367DA4EF0C9243128CC33655B17DC263.exe [2010.06.10 18:38:28 | 000,067,440 | R--- | M] (Acresso Software Inc.) -- C:\Users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\NewShortcut2_DD172C74541145868246ADE181F1051F.exe [2010.06.10 18:28:23 | 000,059,368 | R--- | M] (Acresso Software Inc.) -- C:\Users\fudgi\AppData\Roaming\Microsoft\Installer\{D66DBB4B-3E39-4DE9-833E-423EB0DE247C}\ARPPRODUCTICON.exe [2010.03.26 18:57:19 | 000,144,053 | ---- | M] () -- C:\Users\fudgi\AppData\Roaming\Move Networks\uninstall.exe [2010.02.11 21:31:38 | 000,097,216 | ---- | M] () -- C:\Users\fudgi\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.08.29 12:16:21 | 000,787,456 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\cxcca.sys [2010.02.18 02:15:43 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:8779C396 < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.08.2010 12:07:57 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\fudgi\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 24,31 Gb Total Space | 2,61 Gb Free Space | 10,74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 69,77 Gb Total Space | 8,47 Gb Free Space | 12,14% Space Free | Partition Type: NTFS
Drive F: | 56,53 Gb Total Space | 9,03 Gb Free Space | 15,97% Space Free | Partition Type: NTFS
Drive G: | 22,75 Gb Total Space | 0,70 Gb Free Space | 3,10% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 1,86 Gb Total Space | 1,16 Gb Free Space | 62,39% Space Free | Partition Type: FAT
Drive Z: | 441,34 Gb Total Space | 133,37 Gb Free Space | 30,22% Space Free | Partition Type: NTFS
Computer Name: FUDGI-PC
Current User Name: fudgi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-344238117-2985730186-2944176282-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\fudgi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022F6097-A053-4B1B-BE50-3AADE4116B92}" = Opera 10.50
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6A3B5E-D26E-4690-A061-F3E2FB10F0E5}" = TortoiseSVN 1.6.9.19725 (32 bit)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7AD89AAA-31DB-44F6-9440-24F0761E4B72}" = VanDyke Software SecureCRT 6.2
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3A61264-B075-46BE-9C97-376EA4CEEEF5}" = PdfGrabber 6.0
"{A7FB84F1-FA4F-4B50-9AEC-4F83AB1DFEBE}" = G Data AntiVirus 2011
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite DCP-120C
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alt.Binz" = Alt.Binz 0.25.0
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21
"devkitProUpdater" = devkitProUpdater 1.5.0
"DivX Setup.divx.com" = DivX-Setup
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"FTPRush_is1" = FTPRush v1 Unicode
"GOM Player" = GOM Player
"GPG4Win" = Gpg4win (2.0.2)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"HijackThis" = HijackThis 2.0.2
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6)
"NewsLeecher_is1" = NewsLeecher v3.9 Final
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.WORD" = Microsoft Word 2010
"Orbit_is1" = Orbit Downloader
"QuickSFV" = QuickSFV (Remove only)
"SpeedFan" = SpeedFan (remove only)
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.0.5
"watchDirectory version 4_is1" = watchDirectory 4.6.2/2
"WBFS Manager 3.0" = WBFS Manager 3.0
"Wiiload" = Wiiload
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-344238117-2985730186-2944176282-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Octoshape Streaming Services" = Octoshape Streaming Services
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.08.2010 15:49:22 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bbf1b Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16385,
Zeitstempel: 0x4a5bda6f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000de51 ID des fehlerhaften
Prozesses: 0x1f4 Startzeit der fehlerhaften Anwendung: 0x01cb46ea0d9ec680 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\services.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\msvcrt.dll Berichtskennung: 5a4c7180-b2dd-11df-8d0e-001e8c1f79b5
Error - 28.08.2010 15:51:36 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bbf1b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00b3ff41 ID des fehlerhaften
Prozesses: 0x1fc Startzeit der fehlerhaften Anwendung: 0x01cb46ea60820380 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\services.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: aa4e2200-b2dd-11df-b5e8-001e8c1f79b5
Error - 28.08.2010 19:34:36 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bbf1b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00c3ff41 ID des fehlerhaften
Prozesses: 0x200 Startzeit der fehlerhaften Anwendung: 0x01cb47087d9ef900 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\services.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: d1686a20-b2fc-11df-9fa6-001e8c1f79b5
Error - 28.08.2010 19:39:15 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bbf1b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00d4ff41 ID des fehlerhaften
Prozesses: 0x1e0 Startzeit der fehlerhaften Anwendung: 0x01cb4709eb45d860 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\services.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 77a15500-b2fd-11df-9a0e-001e8c1f79b5
Error - 28.08.2010 20:16:07 | Computer Name = fudgi-PC | Source = Google Update | ID = 20
Description =
Error - 28.08.2010 20:34:39 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GDScan.exe, Version: 1.4.10112.839,
Zeitstempel: 0x4bd03a23 Name des fehlerhaften Moduls: xapauthenticodesip.dll, Version:
4.0.50524.0, Zeitstempel: 0x4bf9f4b3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002d66
ID
des fehlerhaften Prozesses: 0xa74 Startzeit der fehlerhaften Anwendung: 0x01cb47111d1896f0
Pfad
der fehlerhaften Anwendung: C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
Berichtskennung:
34794f50-b305-11df-a982-001e8c1f79b5
Error - 28.08.2010 20:57:41 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GDScan.exe, Version: 1.4.10112.839,
Zeitstempel: 0x4bd03a23 Name des fehlerhaften Moduls: xapauthenticodesip.dll, Version:
4.0.50524.0, Zeitstempel: 0x4bf9f4b3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002d66
ID
des fehlerhaften Prozesses: 0xec0 Startzeit der fehlerhaften Anwendung: 0x01cb47130583fd70
Pfad
der fehlerhaften Anwendung: C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
Berichtskennung:
6c50a150-b308-11df-a982-001e8c1f79b5
Error - 28.08.2010 21:01:54 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GDScan.exe, Version: 1.4.10112.839,
Zeitstempel: 0x4bd03a23 Name des fehlerhaften Moduls: xapauthenticodesip.dll, Version:
4.0.50524.0, Zeitstempel: 0x4bf9f4b3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002d66
ID
des fehlerhaften Prozesses: 0x404 Startzeit der fehlerhaften Anwendung: 0x01cb471543e54f90
Pfad
der fehlerhaften Anwendung: C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
Berichtskennung:
03687090-b309-11df-a982-001e8c1f79b5
Error - 28.08.2010 21:16:07 | Computer Name = fudgi-PC | Source = Google Update | ID = 20
Description =
Error - 28.08.2010 22:16:08 | Computer Name = fudgi-PC | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 28.08.2010 18:43:09 | Computer Name = fudgi-PC | Source = DCOM | ID = 10005
Description =
Error - 28.08.2010 18:43:09 | Computer Name = fudgi-PC | Source = DCOM | ID = 10005
Description =
Error - 28.08.2010 18:43:09 | Computer Name = fudgi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 28.08.2010 19:04:06 | Computer Name = fudgi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 28.08.2010 19:37:12 | Computer Name = fudgi-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?08.?2010 um 01:33:38 unerwartet heruntergefahren.
Error - 28.08.2010 20:06:48 | Computer Name = fudgi-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?08.?2010 um 01:38:58 unerwartet heruntergefahren.
Error - 28.08.2010 20:42:13 | Computer Name = fudgi-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "G Data Scanner" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 28.08.2010 20:57:46 | Computer Name = fudgi-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "G Data Scanner" wurde unerwartet beendet. Dies ist bereits
2 Mal passiert.
Error - 28.08.2010 20:58:16 | Computer Name = fudgi-PC | Source = DCOM | ID = 10010
Description =
Error - 28.08.2010 21:01:59 | Computer Name = fudgi-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "G Data Scanner" wurde unerwartet beendet. Dies ist bereits
3 Mal passiert.
< End of report >
|
|
29.08.2010, 12:54
| #2 |
| |  Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet Combofix Log
__________________Code:
ATTFilter ComboFix 10-08-28.01 - fudgi 29.08.2010 12:52:21.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.2046.1402 [GMT 2:00]
ausgeführt von:: c:\users\fudgi\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
* Im Speicher befindliches AV aktiv.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\fudgi\AppData\Local\Windows Server
c:\users\fudgi\AppData\Local\Windows Server\admin.txt
c:\users\fudgi\AppData\Local\Windows Server\server.dat
c:\windows\system32\%appdata%
Infizierte Kopie von c:\windows\system32\drivers\termdd.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-28 bis 2010-08-29 ))))))))))))))))))))))))))))))
.
2010-08-29 10:02 . 2010-08-29 10:02 -------- d-----w- c:\program files\Trend Micro
2010-08-29 01:51 . 2010-08-29 01:51 -------- d-----w- c:\users\fudgi\AppData\Roaming\Malwarebytes
2010-08-29 01:50 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 01:50 . 2010-08-29 01:50 -------- d-----w- c:\programdata\Malwarebytes
2010-08-29 01:50 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-29 01:50 . 2010-08-29 01:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-29 00:29 . 2010-08-29 00:29 29992 ----a-w- c:\windows\system32\drivers\GRD.sys
2010-08-29 00:25 . 2010-08-29 00:25 38856 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2010-08-29 00:25 . 2010-08-29 00:25 61512 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2010-08-29 00:25 . 2010-08-29 00:25 33480 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2010-08-29 00:25 . 2010-08-29 00:25 40904 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
2010-08-29 00:25 . 2010-08-29 03:06 -------- d-----w- c:\programdata\G DATA
2010-08-29 00:25 . 2010-08-29 00:25 -------- d-----w- c:\program files\Common Files\G Data
2010-08-29 00:25 . 2010-08-29 00:25 -------- d-----w- c:\program files\G Data
2010-08-28 19:49 . 2010-08-28 19:40 187392 ----a-w- c:\windows\Kriced.exe
2010-08-28 19:47 . 2010-08-28 19:47 -------- d-----w- c:\users\fudgi\AppData\Local\Octoshape
2010-08-28 19:44 . 2010-08-28 19:40 187392 ----a-w- c:\windows\Kricec.exe
2010-08-28 19:44 . 2010-08-04 11:43 71960 ----a-w- c:\users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1008042-0-npoctoshape.dll
2010-08-28 19:44 . 2010-08-04 11:43 438784 ----a-w- c:\users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1008042-0-libOctoshapeClient.dll
2010-08-28 19:44 . 2010-08-04 11:43 124184 ----a-w- c:\users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1008042-0-apoctoshape.dll
2010-08-28 19:44 . 2010-08-28 19:40 187392 ----a-w- c:\windows\Kriceb.exe
2010-08-28 19:40 . 2010-08-28 19:40 187392 ----a-w- c:\windows\Kricea.exe
2010-08-28 19:40 . 2010-08-28 19:40 -------- d-sh--w- c:\windows\system32\%USERPROFILE%
2010-08-21 23:35 . 2010-08-21 23:35 -------- d-----w- c:\program files\Windows Live Safety Center
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 11:03 . 2010-07-06 15:21 -------- d-----w- c:\users\fudgi\AppData\Roaming\Orbit
2010-08-29 10:57 . 2009-07-14 08:47 647138 ----a-w- c:\windows\system32\perfh007.dat
2010-08-29 10:57 . 2009-07-14 08:47 127198 ----a-w- c:\windows\system32\perfc007.dat
2010-08-26 11:07 . 2010-01-28 22:59 -------- d---a-w- c:\program files\FTPRush
2010-08-24 21:11 . 2010-02-13 15:20 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-16 15:44 . 2010-05-19 12:48 -------- d-----w- c:\users\fudgi\AppData\Roaming\gnupg
2010-08-02 02:30 . 2010-03-15 23:10 -------- d-----w- c:\users\fudgi\AppData\Roaming\vlc
2010-08-02 00:43 . 2010-05-15 21:11 -------- d-----w- c:\users\fudgi\AppData\Roaming\dvdcss
2010-07-25 21:00 . 2010-07-25 21:00 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-25 20:42 . 2010-02-18 00:41 -------- d-----w- c:\programdata\Microsoft Help
2010-07-20 22:26 . 2010-01-31 09:55 -------- d-----w- c:\users\fudgi\AppData\Roaming\ICQ
2010-07-18 09:34 . 2010-04-23 11:23 -------- d-----w- c:\program files\JDownloader
2010-07-15 00:30 . 2010-05-07 21:01 -------- d-----w- c:\program files\SpeedFan
2010-07-11 13:49 . 2010-07-11 13:40 -------- d-----w- c:\program files\ASUS
2010-07-11 13:49 . 2010-01-31 09:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-11 13:40 . 2010-07-11 13:40 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-11 13:07 . 2010-07-11 13:07 -------- d-----w- c:\program files\Core Temp
2010-07-09 11:12 . 2010-07-09 10:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-09 10:50 . 2010-07-09 10:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-09 10:40 . 2010-07-09 10:38 -------- d-----w- c:\users\fudgi\AppData\Roaming\QuickScan
2010-07-09 10:40 . 2010-07-09 10:40 720896 ----a-w- c:\windows\iun6002.exe
2010-07-06 20:06 . 2010-07-06 15:08 -------- d-----w- c:\program files\watchDirectory
2010-07-06 15:21 . 2010-07-06 15:21 -------- d-----w- c:\users\fudgi\AppData\Roaming\GrabPro
2010-07-06 15:21 . 2010-07-06 15:21 -------- d-----w- c:\program files\Orbitdownloader
2010-07-06 15:20 . 2010-07-06 15:20 -------- d-----w- c:\users\fudgi\AppData\Roaming\Gutscheinmieze
2010-07-02 00:05 . 2010-07-01 13:06 -------- d-----w- c:\users\fudgi\AppData\Roaming\DivX
2010-07-01 12:13 . 2010-07-01 12:13 -------- d-----w- c:\users\fudgi\AppData\Roaming\TortoiseSVN
2010-07-01 11:09 . 2010-07-01 11:09 -------- d-----w- c:\users\fudgi\AppData\Roaming\Subversion
2010-07-01 11:08 . 2010-07-01 11:08 -------- d-----w- c:\program files\TortoiseSVN
2010-07-01 11:08 . 2010-07-01 11:08 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2010-06-28 11:05 . 2010-06-28 11:05 13430643 ----a-w- C:\ghostpdl-8.71-win32.zip
2010-06-12 14:07 . 2010-01-28 22:49 109216 ----a-w- c:\users\fudgi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-10 16:38 . 2010-06-10 16:38 67440 ----a-r- c:\users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\NewShortcut2_DD172C74541145868246ADE181F1051F.exe
2010-06-10 16:38 . 2010-06-10 16:38 149360 ----a-r- c:\users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\NewShortcut11_1B47E40F0FE04A059EF1DDA8922D0BA2.exe
2010-06-10 16:38 . 2010-06-10 16:38 149360 ----a-r- c:\users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\NewShortcut1_367DA4EF0C9243128CC33655B17DC263.exe
2010-06-10 16:38 . 2010-06-10 16:38 149360 ----a-r- c:\users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\ARPPRODUCTICON.exe
2010-06-10 16:28 . 2010-06-10 16:28 59368 ----a-r- c:\users\fudgi\AppData\Roaming\Microsoft\Installer\{D66DBB4B-3E39-4DE9-833E-423EB0DE247C}\ARPPRODUCTICON.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\fudgi\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-28 135664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Octoshape Streaming Services"="c:\users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"G Data AntiVirus Tray Application"="c:\program files\G Data\AntiVirus\AVKTray\AVKTray.exe" [2010-03-31 963144]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2010-7-6 1809680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKLM\~\startupfolder\C:^Users^fudgi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Antimalware Doctor.lnk]
path=c:\users\fudgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
backup=c:\windows\pss\Antimalware Doctor.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2009-07-14 01:14 51712 ----a-w- c:\windows\Speech\Common\sapisvr.exe
R3 ALSysIO;ALSysIO;c:\users\fudgi\AppData\Local\Temp\ALSysIO.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-18 691696]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2010-08-29 33480]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2010-08-29 61512]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2010-08-29 40904]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-08-29 29992]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-04-07 1146440]
S2 AVKService;G Data Scheduler;c:\program files\G Data\AntiVirus\AVK\AVKService.exe [2010-03-31 410696]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\AntiVirus\AVK\AVKWCtl.exe [2010-03-15 1279816]
S2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [2010-04-12 242176]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2010-04-22 339016]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2010-08-29 38856]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - cxcca
.
Inhalt des "geplante Tasks" Ordners
2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-344238117-2985730186-2944176282-1001Core.job
- c:\users\fudgi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-28 22:56]
2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-344238117-2985730186-2944176282-1001UA.job
- c:\users\fudgi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-28 22:56]
2010-08-28 c:\windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
- c:\windows\Kriced.exe [2010-08-28 19:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\fudgi\AppData\Roaming\Mozilla\Firefox\Profiles\34xxeldv.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\users\fudgi\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-20W6RLKX65 - c:\users\fudgi\AppData\Local\Temp\Kqr.exe
MSConfigStartUp-bfrhvhdl - c:\users\fudgi\AppData\Local\fpfxijqof\circmmishdw.exe
MSConfigStartUp-bipro - c:\windows\$NtUninstallMTF1011$\mmduch.dll
MSConfigStartUp-EWABQAF7KL - c:\users\fudgi\AppData\Local\Temp\Kqr.exe
MSConfigStartUp-hse897ifdsjf98u3heuidhfdd - c:\users\fudgi\AppData\Local\Temp\wnnf9zt40.exe
MSConfigStartUp-igigkyxx - c:\users\fudgi\AppData\Local\vcmyiqdvn\cawxhqqshdw.exe
MSConfigStartUp-kcpvdifa - c:\users\fudgi\AppData\Local\kpoxiaqfe\cqppwgdshdw.exe
MSConfigStartUp-mediafix70700en02 - c:\users\fudgi\AppData\Roaming\17598169F3609228271747FA321FC526\mediafix70700en02.exe
MSConfigStartUp-morxnsacwe - c:\users\fudgi\AppData\Local\Temp\morxnsacwe.exe
MSConfigStartUp-NetLog2 - c:\windows\svc2.exe
MSConfigStartUp-XBV6RD5SZF - c:\users\fudgi\AppData\Local\Temp\Kqs.exe
AddRemove-watchDirectory version 4_is1 - c:\program files\watchDirectory\unins000.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cxcca]
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(1128)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\brsvc01a.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\conhost.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-29 13:08:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-08-29 11:08
Vor Suchlauf: 2.726.907.904 Bytes frei
Nach Suchlauf: 2.622.496.768 Bytes frei
- - End Of File - - A0EF941DA71CCDB7B4782DB5E81BF0BA
Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-29 13:21:35
Windows 6.1.7600
Running: w5k7w7ou.exe; Driver: C:\Users\fudgi\AppData\Local\Temp\pglcypod.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C47AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C47104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C473F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2F634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2F898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C471DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C47958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C476F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C47F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C481A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82860599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82884F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\cxcca.sys Das System kann den angegebenen Pfad nicht finden. !
.text peauth.sys 99E3FC9D 28 Bytes [8F, 3A, 1E, 22, 4F, 9C, 9D, ...]
.text peauth.sys 99E3FCC1 28 Bytes [8F, 3A, 1E, 22, 4F, 9C, 9D, ...]
? C:\Users\fudgi\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 85B74680
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\cxcca@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\cxcca@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\cxcca@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\services\cxcca@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0xF9 0xE9 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x17 0x2B 0xD9 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x67 0xD5 0x16 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\services\cxcca@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\cxcca@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\cxcca@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\services\cxcca@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0xF9 0xE9 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x17 0x2B 0xD9 0x70 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x67 0xD5 0x16 0x33 ...
---- EOF - GMER 1.0.15 ----
|
|
29.08.2010, 22:34
| #3 |
| | Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet keiner da der mir helfen kann?
__________________ |
|
30.08.2010, 09:50
| #4 |
  | Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet Hi, Bitte folgende Files prüfen (notfalls kopiere die Dateien auf einen Stick (OHNE sie AUSZUFÜHREN) und lasse sie dann prüfen): Dateien Online überprüfen lassen:
Code:
ATTFilter c:\windows\Kricec.exe
c:\windows\Kriced.exe
c:\windows\Kriceb.exe
c:\windows\Kricea.exe
c:\windows\System32\Drivers\cxcca.sys
c:\users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\NewShortcut1_367DA4EF0C9243128CC33655B17DC263.exe
Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ (Notfalls auch auf Stick und dann auf den infizierten Rechner kopieren, das gleiche mit OTL...) Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
TDSS-Killer Download und Anweisung unter: http://www.trojaner-board.de/82358-tdsskiller-google-umleitungen-tdss-tdl3-alureon-rootkit-entfernen.html#post640150 Entpacke alle Dateien! Start.bat erstellen: Start->alle Programme->Zubehör->Editor und kopiere folgenden Text rein: Code:
ATTFilter @ECHO OFF
TDSSKiller.exe -l report.txt -v
DEL %0
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
30.08.2010, 20:37
| #5 |
| | Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet da ich ja nicht online gehen kann mit dem infizierten pc, kann ich dort auch keine updates ausführen. bzw musste die dateien, dann auf einem usb rüberkopieren und hier auf dem laptop mit virustotal überprüfen lassen, jedoch cxcca.sys lässt sich leider nicht kopieren. Kricea.exe: Code:
ATTFilter Antivirus Version Last Update Result
AhnLab-V3 2010.08.30.00 2010.08.30 -
AntiVir 8.2.4.46 2010.08.30 -
Antiy-AVL 2.0.3.7 2010.08.30 -
Authentium 5.2.0.5 2010.08.30 W32/Renos.A!Generic
Avast 4.8.1351.0 2010.08.30 Win32:MalOb-BX
Avast5 5.0.594.0 2010.08.30 Win32:MalOb-BX
AVG 9.0.0.851 2010.08.30 Generic19.ABA
BitDefender 7.2 2010.08.30 Gen:Variant.Renos.41
CAT-QuickHeal 11.00 2010.08.30 -
ClamAV 0.96.2.0-git 2010.08.30 -
Comodo 5912 2010.08.30 -
DrWeb 5.0.2.03300 2010.08.30 Trojan.Packed.160
Emsisoft 5.0.0.37 2010.08.30 -
eSafe 7.0.17.0 2010.08.30 -
eTrust-Vet 36.1.7826 2010.08.30 Win32/Renos.D!generic
F-Prot 4.6.1.107 2010.08.30 W32/Renos.A!Generic
F-Secure 9.0.15370.0 2010.08.30 Gen:Variant.Renos.41
Fortinet 4.1.143.0 2010.08.30 -
GData 21 2010.08.30 Gen:Variant.Renos.41
Ikarus T3.1.1.88.0 2010.08.30 -
Jiangmin 13.0.900 2010.08.30 -
K7AntiVirus 9.63.2396 2010.08.30 Virus
Kaspersky 7.0.0.125 2010.08.30 -
McAfee 5.400.0.1158 2010.08.30 Downloader-CEW.b
McAfee-GW-Edition 2010.1B 2010.08.30 Heuristic.BehavesLike.Win32.Suspicious.H
Microsoft 1.6103 2010.08.30 -
NOD32 5409 2010.08.30 a variant of Win32/Kryptik.GKJ
Norman 6.05.11 2010.08.30 -
nProtect 2010-08-30.01 2010.08.30 Gen:Variant.Renos.41
Panda 10.0.2.7 2010.08.30 Suspicious file
PCTools 7.0.3.5 2010.08.30 Trojan.FakeAV
Prevx 3.0 2010.08.30 Medium Risk Malware
Rising 22.63.00.03 2010.08.30 -
Sophos 4.56.0 2010.08.30 Mal/FakeAV-CX
Sunbelt 6813 2010.08.30 VirTool.Win32.Obfuscator.hg!b (v)
SUPERAntiSpyware 4.40.0.1006 2010.08.30 -
Symantec 20101.1.1.7 2010.08.30 Trojan.FakeAV!gen24
TheHacker 6.5.2.1.359 2010.08.30 -
TrendMicro 9.120.0.1004 2010.08.30 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.30 -
VBA32 3.12.14.0 2010.08.30 -
ViRobot 2010.8.9.3978 2010.08.30 -
VirusBuster 5.0.27.0 2010.08.30 -
Additional informationShow all
MD5 : ad11b86e1584a3d35144df63c80d067b
SHA1 : d261141a34def8a229a240b4775b10a26d33bc24
SHA256: 3234e987957cf4fe6339c5c4b0c33b931055b0b277e3cce7d5ad5de2acedb554
ssdeep: 3072:h+qoKM8vUxdqvTCnXOHO+otL4Dg0SuPEcuOAsTSs6Q9SL8:h+qoKMDcTCJtLH0S/uAsTSs
z
File size : 187392 bytes
First seen: 2010-08-30 19:19:50
Last seen : 2010-08-30 19:19:50
TrID:
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: OpenSC Project
copyright....: Opexs
product......: Opex
description..: Opex
original name: Opex.exe
internal name: Opex
file version.: 0.1.3.0
comments.....: OpenEx
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x7FFC
timedatestamp....: 0x4A4B1831 (Wed Jul 01 08:02:57 2009)
machinetype......: 0x14c (I386)
[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xA453, 0xA600, 4.52, 98af9771c603762af96886e3ff16238d
.data, 0xC000, 0x1F211, 0x1F400, 7.49, 8b21f740e151ce9a018ba7c563a45733
.rdata, 0x2C000, 0xD678, 0x800, 0.00, c99a74c555371a433d121f551d6c6398
.idata, 0x3A000, 0x14E, 0x200, 0.00, bf619eac0cdf3f68d496ea9344137e8b
.cdata, 0x3B000, 0x727, 0x800, 0.01, aa74539ff9922dcd498f2a99cc2a2596
.rsrc, 0x3C000, 0x2AD8, 0x2C00, 3.52, c4cd8831bd47a1c0d556bb3466ef7912
[[ 2 import(s) ]]
kernel32.dll: LoadLibraryExA, SetHandleCount, lstrcmpA, LocalAlloc, GetACP, ExitThread, GetModuleHandleA, GetCommandLineA, HeapAlloc, GetVersionExA, GetProcAddress, VirtualAllocEx, GetOEMCP, VirtualAlloc, ExitProcess
USER32.dll: IsWindowVisible, GetScrollRange, IsWindowEnabled, ShowWindow, CharLowerA, DeleteMenu, GetCursor
Prevx Info:
hxxp://info.prevx.com/aboutprogramtext.asp?PX5=7637ADF9006CC73FDCDC02295E0A63008CB99917
Code:
ATTFilter Antivirus Version Last Update Result
AhnLab-V3 2010.08.30.00 2010.08.30 -
AntiVir 8.2.4.46 2010.08.30 -
Antiy-AVL 2.0.3.7 2010.08.30 -
Authentium 5.2.0.5 2010.08.30 W32/Renos.A!Generic
Avast 4.8.1351.0 2010.08.30 Win32:MalOb-BX
Avast5 5.0.594.0 2010.08.30 Win32:MalOb-BX
AVG 9.0.0.851 2010.08.30 Generic19.ABA
BitDefender 7.2 2010.08.30 Gen:Variant.Renos.41
CAT-QuickHeal 11.00 2010.08.30 -
ClamAV 0.96.2.0-git 2010.08.30 -
Comodo 5912 2010.08.30 -
DrWeb 5.0.2.03300 2010.08.30 Trojan.Packed.160
Emsisoft 5.0.0.37 2010.08.30 -
eSafe 7.0.17.0 2010.08.30 -
eTrust-Vet 36.1.7827 2010.08.30 Win32/Renos.D!generic
F-Prot 4.6.1.107 2010.08.30 W32/Renos.A!Generic
F-Secure 9.0.15370.0 2010.08.30 Gen:Variant.Renos.41
Fortinet 4.1.143.0 2010.08.30 -
GData 21 2010.08.30 Gen:Variant.Renos.41
Ikarus T3.1.1.88.0 2010.08.30 -
Jiangmin 13.0.900 2010.08.30 -
K7AntiVirus 9.63.2396 2010.08.30 Virus
Kaspersky 7.0.0.125 2010.08.30 -
McAfee 5.400.0.1158 2010.08.30 Downloader-CEW.b
McAfee-GW-Edition 2010.1B 2010.08.30 Heuristic.BehavesLike.Win32.Suspicious.H
Microsoft 1.6103 2010.08.30 -
NOD32 5410 2010.08.30 a variant of Win32/Kryptik.GKJ
Norman 6.05.11 2010.08.30 -
nProtect 2010-08-30.01 2010.08.30 Gen:Variant.Renos.41
Panda 10.0.2.7 2010.08.30 Suspicious file
PCTools 7.0.3.5 2010.08.30 Trojan.FakeAV
Prevx 3.0 2010.08.30 Medium Risk Malware
Rising 22.63.00.03 2010.08.30 -
Sophos 4.56.0 2010.08.30 Mal/FakeAV-CX
Sunbelt 6813 2010.08.30 VirTool.Win32.Obfuscator.hg!b (v)
SUPERAntiSpyware 4.40.0.1006 2010.08.30 -
Symantec 20101.1.1.7 2010.08.30 Trojan.FakeAV!gen24
TheHacker 6.5.2.1.359 2010.08.30 -
TrendMicro 9.120.0.1004 2010.08.30 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.30 -
VBA32 3.12.14.0 2010.08.30 -
ViRobot 2010.8.9.3978 2010.08.30 -
VirusBuster 5.0.27.0 2010.08.30 -
Additional informationShow all
MD5 : ad11b86e1584a3d35144df63c80d067b
SHA1 : d261141a34def8a229a240b4775b10a26d33bc24
SHA256: 3234e987957cf4fe6339c5c4b0c33b931055b0b277e3cce7d5ad5de2acedb554
ssdeep: 3072:h+qoKM8vUxdqvTCnXOHO+otL4Dg0SuPEcuOAsTSs6Q9SL8:h+qoKMDcTCJtLH0S/uAsTSs
z
File size : 187392 bytes
First seen: 2010-08-30 19:19:50
Last seen : 2010-08-30 19:27:04
TrID:
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: OpenSC Project
copyright....: Opexs
product......: Opex
description..: Opex
original name: Opex.exe
internal name: Opex
file version.: 0.1.3.0
comments.....: OpenEx
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x7FFC
timedatestamp....: 0x4A4B1831 (Wed Jul 01 08:02:57 2009)
machinetype......: 0x14c (I386)
[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xA453, 0xA600, 4.52, 98af9771c603762af96886e3ff16238d
.data, 0xC000, 0x1F211, 0x1F400, 7.49, 8b21f740e151ce9a018ba7c563a45733
.rdata, 0x2C000, 0xD678, 0x800, 0.00, c99a74c555371a433d121f551d6c6398
.idata, 0x3A000, 0x14E, 0x200, 0.00, bf619eac0cdf3f68d496ea9344137e8b
.cdata, 0x3B000, 0x727, 0x800, 0.01, aa74539ff9922dcd498f2a99cc2a2596
.rsrc, 0x3C000, 0x2AD8, 0x2C00, 3.52, c4cd8831bd47a1c0d556bb3466ef7912
[[ 2 import(s) ]]
kernel32.dll: LoadLibraryExA, SetHandleCount, lstrcmpA, LocalAlloc, GetACP, ExitThread, GetModuleHandleA, GetCommandLineA, HeapAlloc, GetVersionExA, GetProcAddress, VirtualAllocEx, GetOEMCP, VirtualAlloc, ExitProcess
USER32.dll: IsWindowVisible, GetScrollRange, IsWindowEnabled, ShowWindow, CharLowerA, DeleteMenu, GetCursor
Prevx Info:
hxxp://info.prevx.com/aboutprogramtext.asp?PX5=7637ADF9006CC73FDCDC02295E0A63008CB99917
Code:
ATTFilter Antivirus Version Last Update Result
AhnLab-V3 2010.08.30.00 2010.08.30 -
AntiVir 8.2.4.46 2010.08.30 -
Antiy-AVL 2.0.3.7 2010.08.30 -
Authentium 5.2.0.5 2010.08.30 W32/Renos.A!Generic
Avast 4.8.1351.0 2010.08.30 Win32:MalOb-BX
Avast5 5.0.594.0 2010.08.30 Win32:MalOb-BX
AVG 9.0.0.851 2010.08.30 Generic19.ABA
BitDefender 7.2 2010.08.30 Gen:Variant.Renos.41
CAT-QuickHeal 11.00 2010.08.30 -
ClamAV 0.96.2.0-git 2010.08.30 -
Comodo 5912 2010.08.30 -
DrWeb 5.0.2.03300 2010.08.30 Trojan.Packed.160
Emsisoft 5.0.0.37 2010.08.30 -
eSafe 7.0.17.0 2010.08.30 -
eTrust-Vet 36.1.7827 2010.08.30 Win32/Renos.D!generic
F-Prot 4.6.1.107 2010.08.30 W32/Renos.A!Generic
F-Secure 9.0.15370.0 2010.08.30 Gen:Variant.Renos.41
Fortinet 4.1.143.0 2010.08.30 -
GData 21 2010.08.30 Gen:Variant.Renos.41
Ikarus T3.1.1.88.0 2010.08.30 -
Jiangmin 13.0.900 2010.08.30 -
K7AntiVirus 9.63.2396 2010.08.30 Virus
Kaspersky 7.0.0.125 2010.08.30 -
McAfee 5.400.0.1158 2010.08.30 Downloader-CEW.b
McAfee-GW-Edition 2010.1B 2010.08.30 Heuristic.BehavesLike.Win32.Suspicious.H
Microsoft 1.6103 2010.08.30 -
NOD32 5410 2010.08.30 a variant of Win32/Kryptik.GKJ
Norman 6.05.11 2010.08.30 -
nProtect 2010-08-30.01 2010.08.30 Gen:Variant.Renos.41
Panda 10.0.2.7 2010.08.30 Suspicious file
PCTools 7.0.3.5 2010.08.30 Trojan.FakeAV
Prevx 3.0 2010.08.30 Medium Risk Malware
Rising 22.63.00.03 2010.08.30 -
Sophos 4.56.0 2010.08.30 Mal/FakeAV-CX
Sunbelt 6813 2010.08.30 VirTool.Win32.Obfuscator.hg!b (v)
SUPERAntiSpyware 4.40.0.1006 2010.08.30 -
Symantec 20101.1.1.7 2010.08.30 Trojan.FakeAV!gen24
TheHacker 6.5.2.1.359 2010.08.30 -
TrendMicro 9.120.0.1004 2010.08.30 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.30 -
VBA32 3.12.14.0 2010.08.30 -
ViRobot 2010.8.9.3978 2010.08.30 -
VirusBuster 5.0.27.0 2010.08.30 -
Additional informationShow all
MD5 : ad11b86e1584a3d35144df63c80d067b
SHA1 : d261141a34def8a229a240b4775b10a26d33bc24
SHA256: 3234e987957cf4fe6339c5c4b0c33b931055b0b277e3cce7d5ad5de2acedb554
ssdeep: 3072:h+qoKM8vUxdqvTCnXOHO+otL4Dg0SuPEcuOAsTSs6Q9SL8:h+qoKMDcTCJtLH0S/uAsTSs
z
File size : 187392 bytes
First seen: 2010-08-30 19:19:50
Last seen : 2010-08-30 19:29:21
TrID:
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: OpenSC Project
copyright....: Opexs
product......: Opex
description..: Opex
original name: Opex.exe
internal name: Opex
file version.: 0.1.3.0
comments.....: OpenEx
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x7FFC
timedatestamp....: 0x4A4B1831 (Wed Jul 01 08:02:57 2009)
machinetype......: 0x14c (I386)
[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xA453, 0xA600, 4.52, 98af9771c603762af96886e3ff16238d
.data, 0xC000, 0x1F211, 0x1F400, 7.49, 8b21f740e151ce9a018ba7c563a45733
.rdata, 0x2C000, 0xD678, 0x800, 0.00, c99a74c555371a433d121f551d6c6398
.idata, 0x3A000, 0x14E, 0x200, 0.00, bf619eac0cdf3f68d496ea9344137e8b
.cdata, 0x3B000, 0x727, 0x800, 0.01, aa74539ff9922dcd498f2a99cc2a2596
.rsrc, 0x3C000, 0x2AD8, 0x2C00, 3.52, c4cd8831bd47a1c0d556bb3466ef7912
[[ 2 import(s) ]]
kernel32.dll: LoadLibraryExA, SetHandleCount, lstrcmpA, LocalAlloc, GetACP, ExitThread, GetModuleHandleA, GetCommandLineA, HeapAlloc, GetVersionExA, GetProcAddress, VirtualAllocEx, GetOEMCP, VirtualAlloc, ExitProcess
USER32.dll: IsWindowVisible, GetScrollRange, IsWindowEnabled, ShowWindow, CharLowerA, DeleteMenu, GetCursor
Prevx Info:
hxxp://info.prevx.com/aboutprogramtext.asp?PX5=7637ADF9006CC73FDCDC02295E0A63008CB99917
Code:
ATTFilter Antivirus Version Last Update Result
AhnLab-V3 2010.08.30.00 2010.08.30 Trojan/Win32.FakeAV
AntiVir 8.2.4.46 2010.08.30 -
Antiy-AVL 2.0.3.7 2010.08.30 -
Authentium 5.2.0.5 2010.08.30 W32/Renos.A!Generic
Avast 4.8.1351.0 2010.08.30 Win32:MalOb-BX
Avast5 5.0.594.0 2010.08.30 Win32:MalOb-BX
AVG 9.0.0.851 2010.08.30 Generic19.ABA
BitDefender 7.2 2010.08.30 Gen:Variant.Renos.41
CAT-QuickHeal 11.00 2010.08.30 -
ClamAV 0.96.2.0-git 2010.08.30 -
Comodo 5912 2010.08.30 -
DrWeb 5.0.2.03300 2010.08.30 Trojan.Packed.160
Emsisoft 5.0.0.37 2010.08.30 -
eSafe 7.0.17.0 2010.08.30 -
eTrust-Vet 36.1.7827 2010.08.30 Win32/Renos.D!generic
F-Prot 4.6.1.107 2010.08.30 W32/Renos.A!Generic
F-Secure 9.0.15370.0 2010.08.30 Gen:Variant.Renos.41
Fortinet 4.1.143.0 2010.08.30 -
GData 21 2010.08.30 Gen:Variant.Renos.41
Ikarus T3.1.1.88.0 2010.08.30 -
Jiangmin 13.0.900 2010.08.30 -
K7AntiVirus 9.63.2396 2010.08.30 Virus
Kaspersky 7.0.0.125 2010.08.30 -
McAfee 5.400.0.1158 2010.08.30 Downloader-CEW.b
McAfee-GW-Edition 2010.1B 2010.08.30 Heuristic.BehavesLike.Win32.Suspicious.H
Microsoft 1.6103 2010.08.30 -
NOD32 5410 2010.08.30 a variant of Win32/Kryptik.GKJ
Norman 6.05.11 2010.08.30 -
nProtect 2010-08-30.01 2010.08.30 Gen:Variant.Renos.41
Panda 10.0.2.7 2010.08.30 Suspicious file
PCTools 7.0.3.5 2010.08.30 Trojan.FakeAV
Prevx 3.0 2010.08.30 Medium Risk Malware
Rising 22.63.00.03 2010.08.30 -
Sophos 4.56.0 2010.08.30 Mal/FakeAV-CX
Sunbelt 6813 2010.08.30 VirTool.Win32.Obfuscator.hg!b (v)
SUPERAntiSpyware 4.40.0.1006 2010.08.30 -
Symantec 20101.1.1.7 2010.08.30 Trojan.FakeAV!gen24
TheHacker 6.5.2.1.359 2010.08.30 -
TrendMicro 9.120.0.1004 2010.08.30 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.30 -
VBA32 3.12.14.0 2010.08.30 -
ViRobot 2010.8.9.3978 2010.08.30 -
VirusBuster 5.0.27.0 2010.08.30 -
Additional informationShow all
MD5 : ad11b86e1584a3d35144df63c80d067b
SHA1 : d261141a34def8a229a240b4775b10a26d33bc24
SHA256: 3234e987957cf4fe6339c5c4b0c33b931055b0b277e3cce7d5ad5de2acedb554
ssdeep: 3072:h+qoKM8vUxdqvTCnXOHO+otL4Dg0SuPEcuOAsTSs6Q9SL8:h+qoKMDcTCJtLH0S/uAsTSs
z
File size : 187392 bytes
First seen: 2010-08-30 19:19:50
Last seen : 2010-08-30 19:33:37
TrID:
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: OpenSC Project
copyright....: Opexs
product......: Opex
description..: Opex
original name: Opex.exe
internal name: Opex
file version.: 0.1.3.0
comments.....: OpenEx
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x7FFC
timedatestamp....: 0x4A4B1831 (Wed Jul 01 08:02:57 2009)
machinetype......: 0x14c (I386)
[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xA453, 0xA600, 4.52, 98af9771c603762af96886e3ff16238d
.data, 0xC000, 0x1F211, 0x1F400, 7.49, 8b21f740e151ce9a018ba7c563a45733
.rdata, 0x2C000, 0xD678, 0x800, 0.00, c99a74c555371a433d121f551d6c6398
.idata, 0x3A000, 0x14E, 0x200, 0.00, bf619eac0cdf3f68d496ea9344137e8b
.cdata, 0x3B000, 0x727, 0x800, 0.01, aa74539ff9922dcd498f2a99cc2a2596
.rsrc, 0x3C000, 0x2AD8, 0x2C00, 3.52, c4cd8831bd47a1c0d556bb3466ef7912
[[ 2 import(s) ]]
kernel32.dll: LoadLibraryExA, SetHandleCount, lstrcmpA, LocalAlloc, GetACP, ExitThread, GetModuleHandleA, GetCommandLineA, HeapAlloc, GetVersionExA, GetProcAddress, VirtualAllocEx, GetOEMCP, VirtualAlloc, ExitProcess
USER32.dll: IsWindowVisible, GetScrollRange, IsWindowEnabled, ShowWindow, CharLowerA, DeleteMenu, GetCursor
Prevx Info:
hxxp://info.prevx.com/aboutprogramtext.asp?PX5=7637ADF9006CC73FDCDC02295E0A63008CB99917
Code:
ATTFilter Antivirus Version Last Update Result
AhnLab-V3 2010.08.30.00 2010.08.30 -
AntiVir 8.2.4.46 2010.08.30 -
Antiy-AVL 2.0.3.7 2010.08.30 -
Authentium 5.2.0.5 2010.08.30 -
Avast 4.8.1351.0 2010.08.30 -
Avast5 5.0.594.0 2010.08.30 -
AVG 9.0.0.851 2010.08.30 -
BitDefender 7.2 2010.08.30 -
CAT-QuickHeal 11.00 2010.08.30 -
ClamAV 0.96.2.0-git 2010.08.30 -
Comodo 5912 2010.08.30 -
DrWeb 5.0.2.03300 2010.08.30 -
Emsisoft 5.0.0.37 2010.08.30 -
eSafe 7.0.17.0 2010.08.30 -
eTrust-Vet 36.1.7827 2010.08.30 -
F-Prot 4.6.1.107 2010.08.30 -
F-Secure 9.0.15370.0 2010.08.30 -
Fortinet 4.1.143.0 2010.08.30 -
GData 21 2010.08.30 -
Ikarus T3.1.1.88.0 2010.08.30 -
Jiangmin 13.0.900 2010.08.30 -
K7AntiVirus 9.63.2396 2010.08.30 -
Kaspersky 7.0.0.125 2010.08.30 -
McAfee 5.400.0.1158 2010.08.30 -
McAfee-GW-Edition 2010.1B 2010.08.30 -
Microsoft 1.6103 2010.08.30 -
NOD32 5410 2010.08.30 -
Norman 6.05.11 2010.08.30 -
nProtect 2010-08-30.01 2010.08.30 -
Panda 10.0.2.7 2010.08.30 -
PCTools 7.0.3.5 2010.08.30 -
Prevx 3.0 2010.08.30 -
Rising 22.63.00.03 2010.08.30 -
Sophos 4.56.0 2010.08.30 -
Sunbelt 6813 2010.08.30 -
SUPERAntiSpyware 4.40.0.1006 2010.08.30 -
Symantec 20101.1.1.7 2010.08.30 -
TheHacker 6.5.2.1.359 2010.08.30 -
TrendMicro 9.120.0.1004 2010.08.30 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.30 -
VBA32 3.12.14.0 2010.08.30 -
ViRobot 2010.8.9.3978 2010.08.30 -
VirusBuster 5.0.27.0 2010.08.30 -
Additional informationShow all
MD5 : ebcce4001d29563f65882a8d62f138a8
SHA1 : 309aee65b3d5b2f2faa9e67ed8f49246a2caa7a6
SHA256: 942958b0f3cfd1e6d72d73152d1748e8e7d848a3af16796ab85c092ce6579502
ssdeep: 768:jMAyAdTmPJbgqcnDcPgq5A+uQ64Yku8w9+3pnfyQF/1J+35rXQVvLKURLXf:jdU81coXQP3
3pnvF/1JS7QVveu
File size : 149360 bytes
First seen: 2010-08-30 19:36:22
Last seen : 2010-08-30 19:36:22
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Acresso Software Inc.
copyright....: Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.
product......: InstallShield
description..: InstallShield
original name: _IsIcoRes.exe
internal name: _IsIcoRes.exe
file version.: 16.0.328
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: Armadillo v1.71
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x1005
timedatestamp....: 0x4A3003A5 (Wed Jun 10 19:04:05 2009)
machinetype......: 0x14c (I386)
[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x35AE, 0x4000, 5.95, 125d4361997b933c25cdfaa441c403f6
.rdata, 0x5000, 0x7A0, 0x1000, 3.17, 15e13969f0737bb4ec50592b029c02f2
.data, 0x6000, 0x29DC, 0x3000, 0.36, 9b57a8510b2e985a48115bbaee120bb5
.rsrc, 0x9000, 0x19CA4, 0x1A000, 4.44, 466b07ce0b673f415e2e0a45df191649
[[ 1 import(s) ]]
KERNEL32.dll: GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, GetCPInfo, GetACP, GetOEMCP, HeapAlloc, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW
|
|
31.08.2010, 07:20
| #6 |
| | Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet Hi, bitte poste noch das OTL-Log... Allerdings können wir bereits mit OTL folgende Dateien zu Leibe rücken: Fix für OTL:
Code:
ATTFilter
:Services
cxcca.sys
:Files
c:\windows\Kricec.exe
c:\windows\Kriced.exe
c:\windows\Kriceb.exe
c:\windows\Kricea.exe
c:\windows\System32\Drivers\cxcca.sys
:OTL
MsConfig - StartUpReg: 20W6RLKX65 - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\Kqr.exe File not found
MsConfig - StartUpReg: bfrhvhdl - hkey= - key= - C:\Users\fudgi\AppData\Local\fpfxijqof\circmmishdw.exe File not found
MsConfig - StartUpReg: bipro - hkey= - key= - C:\Windows\$NtUninstallMTF1011$\mmduch.DLL File not found
MsConfig - StartUpReg: EWABQAF7KL - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\Kqr.exe File not found
MsConfig - StartUpReg: hse897ifdsjf98u3heuidhfdd - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\wnnf9zt40.exe File not found
MsConfig - StartUpReg: igigkyxx - hkey= - key= - C:\Users\fudgi\AppData\Local\vcmyiqdvn\cawxhqqshdw.exe File not found
MsConfig - StartUpReg: kcpvdifa - hkey= - key= - C:\Users\fudgi\AppData\Local\kpoxiaqfe\cqppwgdshdw.exe File not found
MsConfig - StartUpReg: mediafix70700en02.exe - hkey= - key= - C:\Users\fudgi\AppData\Roaming\17598169F3609228271747FA321FC526\mediafix70700en02.exe File not found
MsConfig - StartUpReg: morxnsacwe.exe - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\morxnsacwe.exe File not found
MsConfig - StartUpReg: NetLog2 - hkey= - key= - C:\Windows\svc2.exe File not found
MsConfig - StartUpReg: XBV6RD5SZF - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\Kqs.exe File not found
:Commands
[emptytemp]
[Reboot]
MAM per Hand updaten: Das Update der Signaturdatei findest Du unter: http://www.malwarebytes.org/mbam/database/rules.ref auf einen Stick kopieren und dann auf dem Zielrechner in: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware. Danach Fullscan und alles bereinigen lassen... chris
__________________ --> Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet |
|
| Themen zu Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet |
| 32 bit, 4d36e972-e325-11ce-bfc1-08002be10318, 7-zip, alternate, antivirus, awareness, bho, c:\windows\system32\rundll32.exe, c:\windows\system32\services.exe, components, corp./icp, dateisystem, defender, downloader, error, fehler, firefox, flash player, fontcache, format, google, internet, internet explorer, jdownloader, langs, local\temp, location, logfile, media center, microsoft office word, mozilla, mozilla thunderbird, netzwerklistendienst, nvlddmkm.sys, nvstor.sys, oldtimer, otl logfile, otl.exe, plug-in, problem, programdata, registry, rundll, saver, searchplugins, security, senden, services.exe, software, sptd.sys, start menu, studio, system, temp, trojaner, trojaner eingefangen, vlc media player, webcheck, windows, windows wird in einer minute neu gestartet, wrapper |
Linear-Darstellung
