| |
| |||||||
Log-Analyse und Auswertung: Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.08.2010, 12:52
| #1 |
| |  Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet Hallo, und auch ich habe dieses Problem, ich habe nun wie beim Kollegen vom 16.8 alle Log Dateien erstellt, in der Hoffnung, dass mir auch weitergeholfen werden kann. Nochmal die kurzfassung, habe mir wohl nen Trojaner eingefangen, es kam immer die Meldung der PC sei infiziert, egal was ich geöffnet habe. Antimalware Doctor etc waren auf dem PC... ich hoffe dass diese nun weg sind. Naja und Wie wohl schon bekannt, sobald der Lan Stecker drin ist kommt die oben genannte Meldung und der PC startet neu. Bitte um eure Hilfe. Vielen Dank HijackThis Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:02:59, on 29.08.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: C:\Windows\system32\g3rbzl2.dll - {B1BA40A2-75F2-51BD-F413-04B13A2C8953} - C:\Windows\system32\g3rbzl2.dll (file missing) O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\AntiVirus\WebFilter\AvkWebIE.dll O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\fudgi\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKLM\..\Policies\Explorer\Run: [2nvtu0] C:\Users\fudgi\AppData\Local\Temp\ui15cr.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe O23 - Service: DirMngr - Unknown owner - C:\Program Files\GNU\GnuPG\dirmngr.exe O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 6900 bytes Code:
ATTFilter OTL logfile created on: 29.08.2010 12:07:57 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\fudgi\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 24,31 Gb Total Space | 2,61 Gb Free Space | 10,74% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 69,77 Gb Total Space | 8,47 Gb Free Space | 12,14% Space Free | Partition Type: NTFS Drive F: | 56,53 Gb Total Space | 9,03 Gb Free Space | 15,97% Space Free | Partition Type: NTFS Drive G: | 22,75 Gb Total Space | 0,70 Gb Free Space | 3,10% Space Free | Partition Type: NTFS H: Drive not present or media not loaded Drive I: | 1,86 Gb Total Space | 1,16 Gb Free Space | 62,39% Space Free | Partition Type: FAT Drive Z: | 441,34 Gb Total Space | 133,37 Gb Free Space | 30,22% Space Free | Partition Type: NTFS Computer Name: FUDGI-PC Current User Name: fudgi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\fudgi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net) PRC - C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) PRC - C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Programme\GNU\GnuPG\dirmngr.exe () PRC - C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Programme\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG) PRC - C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe (G Data Software AG) PRC - C:\Programme\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) PRC - C:\Programme\Foxit Software\Foxit Reader\Foxit Reader.exe () PRC - C:\Programme\Orbitdownloader\orbitnet.exe (Orbitdownloader.com) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Windows\System32\brss01a.exe (brother Industries Ltd) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.) PRC - C:\Users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) PRC - C:\Windows\System32\brsvc01a.exe (brother Industries Ltd) ========== Modules (SafeList) ========== MOD - C:\Users\fudgi\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (DirMngr) -- C:\Program Files\GNU\GnuPG\dirmngr.exe () SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (AVKService) -- C:\Programme\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (AVKWCtl) -- C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe (G Data Software AG) SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (Brother XP spl Service) -- C:\Windows\System32\brsvc01a.exe (brother Industries Ltd) ========== Driver Services (SafeList) ========== DRV - (ALSysIO) -- C:\Users\fudgi\AppData\Local\Temp\ALSysIO.sys File not found DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software) DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG) DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG) DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG) DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G DATA Software AG) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (giveio) -- C:\Windows\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC E9 8E 48 4E 3D CB 01 [binary data] IE - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.6 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.25 19:13:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.18 10:36:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.01 17:05:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.03.03 04:31:41 | 000,000,000 | ---D | M] [2010.04.25 19:13:09 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\mozilla\Extensions [2010.02.13 17:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fudgi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.07.06 17:21:54 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\mozilla\Firefox\Profiles\34xxeldv.default\extensions [2010.04.25 19:14:07 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Users\fudgi\AppData\Roaming\mozilla\Firefox\Profiles\34xxeldv.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe} [2010.08.29 02:25:26 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.29 02:25:26 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.28 22:05:17 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (C:\Windows\system32\g3rbzl2.dll) - {B1BA40A2-75F2-51BD-F413-04B13A2C8953} - C:\Windows\System32\g3rbzl2.dll File not found O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\Webfilter\AvkWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found O4 - HKU\S-1-5-21-344238117-2985730186-2944176282-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-344238117-2985730186-2944176282-1001..\Run: [Octoshape Streaming Services] C:\Users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 2nvtu0 = C:\Users\fudgi\AppData\Local\Temp\ui15cr.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{8fa8654d-0c76-11df-a781-001e8c1f79b5}\Shell - "" = AutoRun O33 - MountPoints2\{8fa8654d-0c76-11df-a781-001e8c1f79b5}\Shell\AutoRun\command - "" = J:\WD SmartWare.exe -- File not found O33 - MountPoints2\{ace01b18-1c25-11df-a3de-001e8c1f79b5}\Shell - "" = AutoRun O33 - MountPoints2\{ace01b18-1c25-11df-a3de-001e8c1f79b5}\Shell\AutoRun\command - "" = H:\SETUP.EXE -- File not found O33 - MountPoints2\{ace01b18-1c25-11df-a3de-001e8c1f79b5}\Shell\configure\command - "" = H:\SETUP.EXE -- File not found O33 - MountPoints2\{ace01b18-1c25-11df-a3de-001e8c1f79b5}\Shell\install\command - "" = H:\SETUP.EXE -- File not found O33 - MountPoints2\{ed96028a-0c5c-11df-aee9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ed96028a-0c5c-11df-aee9-806e6f6e6963}\Shell\AutoRun\command - "" = Y:\AUTOPLAY.EXE id=10000017000003000036 ver=1.0.0.0 -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) MsConfig - StartUpFolder: C:^Users^fudgi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Antimalware Doctor.lnk - C:\Users\fudgi\AppData\Roaming\17598169F3609228271747FA321FC526\mediafix70700en02.exe - File not found MsConfig - StartUpReg: 20W6RLKX65 - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\Kqr.exe File not found MsConfig - StartUpReg: bfrhvhdl - hkey= - key= - C:\Users\fudgi\AppData\Local\fpfxijqof\circmmishdw.exe File not found MsConfig - StartUpReg: bipro - hkey= - key= - C:\Windows\$NtUninstallMTF1011$\mmduch.DLL File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: EWABQAF7KL - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\Kqr.exe File not found MsConfig - StartUpReg: hse897ifdsjf98u3heuidhfdd - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\wnnf9zt40.exe File not found MsConfig - StartUpReg: igigkyxx - hkey= - key= - C:\Users\fudgi\AppData\Local\vcmyiqdvn\cawxhqqshdw.exe File not found MsConfig - StartUpReg: kcpvdifa - hkey= - key= - C:\Users\fudgi\AppData\Local\kpoxiaqfe\cqppwgdshdw.exe File not found MsConfig - StartUpReg: mediafix70700en02.exe - hkey= - key= - C:\Users\fudgi\AppData\Roaming\17598169F3609228271747FA321FC526\mediafix70700en02.exe File not found MsConfig - StartUpReg: morxnsacwe.exe - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\morxnsacwe.exe File not found MsConfig - StartUpReg: NetLog2 - hkey= - key= - C:\Windows\svc2.exe File not found MsConfig - StartUpReg: Speech Recognition - hkey= - key= - C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) MsConfig - StartUpReg: XBV6RD5SZF - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\Kqs.exe File not found MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () ========== Files/Folders - Created Within 30 Days ========== [2010.08.29 12:05:44 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\fudgi\Desktop\OTL.exe [2010.08.29 12:02:07 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.08.29 03:51:10 | 000,000,000 | ---D | C] -- C:\Users\fudgi\AppData\Roaming\Malwarebytes [2010.08.29 03:50:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.29 03:50:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.29 03:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.29 03:50:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.29 02:29:15 | 000,029,992 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2010.08.29 02:25:28 | 000,038,856 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys [2010.08.29 02:25:24 | 000,061,512 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2010.08.29 02:25:24 | 000,033,480 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2010.08.29 02:25:23 | 000,040,904 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2010.08.29 02:25:15 | 000,000,000 | ---D | C] -- C:\Programme\G Data [2010.08.29 02:25:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\G Data [2010.08.29 02:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA [2010.08.29 00:48:47 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.08.28 22:14:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.08.28 21:49:21 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\Windows\Kriced.exe [2010.08.28 21:47:06 | 000,000,000 | ---D | C] -- C:\Users\fudgi\AppData\Local\Octoshape [2010.08.28 21:44:47 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\Windows\Kricec.exe [2010.08.28 21:44:31 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\Windows\Kriceb.exe [2010.08.28 21:40:49 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\Windows\Kricea.exe [2010.08.28 21:40:30 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%USERPROFILE% [2010.08.28 21:40:13 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2010.08.28 21:39:57 | 000,000,000 | ---D | C] -- C:\Users\fudgi\AppData\Local\Windows Server [2010.08.22 01:35:07 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live Safety Center ========== Files - Modified Within 30 Days ========== [2010.08.29 12:12:04 | 002,359,296 | -HS- | M] () -- C:\Users\fudgi\NTUSER.DAT [2010.08.29 12:11:15 | 000,787,456 | ---- | M] () -- C:\Windows\System32\drivers\cxcca.sys [2010.08.29 12:09:31 | 001,480,602 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.29 12:09:31 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.29 12:09:31 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.29 12:09:31 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.29 12:09:31 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.29 12:06:08 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.29 12:06:08 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.29 12:02:07 | 000,002,039 | ---- | M] () -- C:\Users\fudgi\Desktop\HijackThis.lnk [2010.08.29 12:01:13 | 000,001,843 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk [2010.08.29 12:01:08 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.29 12:01:07 | 000,000,021 | ---- | M] () -- C:\Windows\S.dirmngr [2010.08.29 12:01:04 | 001,048,576 | -HS- | M] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.2.regtrans-ms [2010.08.29 12:01:04 | 001,048,576 | -HS- | M] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.1.regtrans-ms [2010.08.29 12:01:04 | 001,048,576 | -HS- | M] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.0.regtrans-ms [2010.08.29 12:01:04 | 000,065,536 | -HS- | M] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.blf [2010.08.29 12:01:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.29 12:00:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.29 12:00:42 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2010.08.29 11:45:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\fudgi\Desktop\OTL.exe [2010.08.29 05:06:50 | 001,534,761 | -H-- | M] () -- C:\Users\fudgi\AppData\Local\IconCache.db [2010.08.29 04:16:08 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-344238117-2985730186-2944176282-1001UA.job [2010.08.29 03:50:30 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.29 02:29:15 | 000,029,992 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2010.08.29 02:25:28 | 000,038,856 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys [2010.08.29 02:25:27 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\G Data AntiVirus 2011.lnk [2010.08.29 02:25:24 | 000,061,512 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2010.08.29 02:25:24 | 000,033,480 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2010.08.29 02:25:23 | 000,040,904 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2010.08.29 02:16:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-344238117-2985730186-2944176282-1001Core.job [2010.08.28 21:52:39 | 000,000,198 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.08.28 21:40:47 | 000,187,392 | ---- | M] (OpenSC Project) -- C:\Windows\Kriced.exe [2010.08.28 21:40:47 | 000,187,392 | ---- | M] (OpenSC Project) -- C:\Windows\Kricec.exe [2010.08.28 21:40:43 | 000,187,392 | ---- | M] (OpenSC Project) -- C:\Windows\Kriceb.exe [2010.08.28 21:40:40 | 000,187,392 | ---- | M] (OpenSC Project) -- C:\Windows\Kricea.exe [2010.08.28 08:01:00 | 050,000,000 | ---- | M] () -- C:\mom-wiitard.r89 [2010.08.24 01:27:25 | 001,078,429 | ---- | M] () -- C:\Users\fudgi\Desktop\Barnitos_Softmod_v0.9.pdf [2010.08.23 18:25:26 | 002,061,393 | ---- | M] () -- C:\Users\fudgi\Documents\heroes.wma [2010.08.23 18:22:07 | 000,570,713 | ---- | M] () -- C:\Users\fudgi\Desktop\Unbenannt.wma [2010.08.23 18:11:03 | 002,564,273 | ---- | M] () -- C:\Users\fudgi\Desktop\blah.wma [2010.08.23 00:54:56 | 000,101,260 | ---- | M] () -- C:\Users\fudgi\Desktop\desktop.jpg [2010.08.22 18:41:56 | 000,100,199 | ---- | M] () -- C:\Users\fudgi\Desktop\joachim.jpg [2010.08.22 18:39:11 | 000,021,076 | ---- | M] () -- C:\Users\fudgi\Desktop\7B9.jpg [2010.08.22 01:34:21 | 018,250,890 | ---- | M] () -- C:\Users\fudgi\Desktop\daniel.zip [2010.08.22 01:33:05 | 018,063,988 | ---- | M] () -- C:\Users\fudgi\Desktop\daniel.rar [2010.08.22 00:02:47 | 000,050,073 | ---- | M] () -- C:\Users\fudgi\Desktop\3806813.s44170954.1c2b73e212c9.jpg [2010.08.21 23:58:21 | 001,182,184 | ---- | M] () -- C:\Users\fudgi\Desktop\CIMG0791.jpg [2010.08.21 12:16:21 | 000,002,397 | ---- | M] () -- C:\Users\fudgi\Desktop\Google Chrome.lnk [2010.08.17 01:19:03 | 000,190,497 | ---- | M] () -- C:\Users\fudgi\Desktop\06082010458.jpeg [2010.08.16 21:08:28 | 000,069,854 | ---- | M] () -- C:\Users\fudgi\Desktop\picture00259.jpg [2010.08.16 18:12:29 | 000,069,539 | ---- | M] () -- C:\Users\fudgi\Desktop\ATT02840.jpg [2010.08.16 17:58:11 | 000,025,066 | ---- | M] () -- C:\Users\fudgi\Desktop\ATT03965.jpg [2010.08.16 17:55:10 | 004,782,208 | ---- | M] () -- C:\wiixx.dol [2010.08.16 17:52:56 | 000,049,091 | ---- | M] () -- C:\Users\fudgi\Desktop\picture142.jpg [2010.08.16 17:52:48 | 000,045,419 | ---- | M] () -- C:\Users\fudgi\Desktop\picture00315.jpg [2010.08.16 17:52:39 | 000,192,536 | ---- | M] () -- C:\Users\fudgi\Desktop\03072010299.jpeg [2010.08.16 17:51:24 | 000,036,651 | ---- | M] () -- C:\Users\fudgi\Desktop\picture133.jpg [2010.08.16 17:50:54 | 002,812,922 | ---- | M] () -- C:\Users\fudgi\Desktop\Video100.avi [2010.08.16 17:48:32 | 000,036,066 | ---- | M] () -- C:\Users\fudgi\Desktop\n1110930796_289982_2174.jpg [2010.08.12 18:46:53 | 000,053,475 | ---- | M] () -- C:\Users\fudgi\Desktop\R01.jpg [2010.08.12 18:14:22 | 000,050,706 | ---- | M] () -- C:\Users\fudgi\Desktop\programm-Aug.pdf [2010.08.12 17:37:15 | 000,066,022 | ---- | M] () -- C:\Users\fudgi\Desktop\scat6.jpg [2010.08.12 17:36:55 | 000,244,483 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0051a.jpg [2010.08.12 17:35:43 | 000,209,244 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0053a.jpg [2010.08.12 17:35:39 | 000,273,806 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0052a.jpg [2010.08.12 17:30:48 | 000,242,641 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0056a.jpg [2010.08.12 17:30:40 | 000,227,249 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0055a.jpg [2010.08.12 17:30:17 | 000,270,167 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0054a.jpg [2010.08.04 01:33:08 | 001,936,320 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0050a.avi ========== Files Created - No Company Name ========== [2010.08.29 12:02:07 | 000,002,039 | ---- | C] () -- C:\Users\fudgi\Desktop\HijackThis.lnk [2010.08.29 12:01:04 | 001,048,576 | -HS- | C] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.2.regtrans-ms [2010.08.29 12:01:04 | 001,048,576 | -HS- | C] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.1.regtrans-ms [2010.08.29 12:01:04 | 001,048,576 | -HS- | C] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.0.regtrans-ms [2010.08.29 12:01:04 | 000,065,536 | -HS- | C] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.blf [2010.08.29 05:04:29 | 000,000,021 | ---- | C] () -- C:\Windows\S.dirmngr [2010.08.29 03:50:30 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.29 02:25:27 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\G Data AntiVirus 2011.lnk [2010.08.28 21:41:18 | 000,787,456 | ---- | C] () -- C:\Windows\System32\drivers\cxcca.sys [2010.08.28 21:40:53 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.28 17:42:30 | 050,000,000 | ---- | C] () -- C:\mom-wiitard.r89 [2010.08.24 01:27:24 | 001,078,429 | ---- | C] () -- C:\Users\fudgi\Desktop\Barnitos_Softmod_v0.9.pdf [2010.08.23 18:25:26 | 002,061,393 | ---- | C] () -- C:\Users\fudgi\Documents\heroes.wma [2010.08.23 18:22:07 | 000,570,713 | ---- | C] () -- C:\Users\fudgi\Desktop\Unbenannt.wma [2010.08.23 18:11:03 | 002,564,273 | ---- | C] () -- C:\Users\fudgi\Desktop\blah.wma [2010.08.23 00:54:56 | 000,101,260 | ---- | C] () -- C:\Users\fudgi\Desktop\desktop.jpg [2010.08.22 18:41:56 | 000,100,199 | ---- | C] () -- C:\Users\fudgi\Desktop\joachim.jpg [2010.08.22 18:39:13 | 000,021,076 | ---- | C] () -- C:\Users\fudgi\Desktop\7B9.jpg [2010.08.22 01:34:18 | 018,250,890 | ---- | C] () -- C:\Users\fudgi\Desktop\daniel.zip [2010.08.22 01:32:55 | 018,063,988 | ---- | C] () -- C:\Users\fudgi\Desktop\daniel.rar [2010.08.22 01:32:37 | 017,586,176 | ---- | C] () -- C:\Users\fudgi\Desktop\daniel.avi [2010.08.22 00:02:47 | 000,050,073 | ---- | C] () -- C:\Users\fudgi\Desktop\3806813.s44170954.1c2b73e212c9.jpg [2010.08.21 23:58:23 | 001,182,184 | ---- | C] () -- C:\Users\fudgi\Desktop\CIMG0791.jpg [2010.08.17 01:19:02 | 000,190,497 | ---- | C] () -- C:\Users\fudgi\Desktop\06082010458.jpeg [2010.08.16 17:59:23 | 000,069,539 | ---- | C] () -- C:\Users\fudgi\Desktop\ATT02840.jpg [2010.08.16 17:58:11 | 000,025,066 | ---- | C] () -- C:\Users\fudgi\Desktop\ATT03965.jpg [2010.08.16 17:58:03 | 000,069,854 | ---- | C] () -- C:\Users\fudgi\Desktop\picture00259.jpg [2010.08.16 17:55:10 | 004,782,208 | ---- | C] () -- C:\wiixx.dol [2010.08.16 17:52:55 | 000,049,091 | ---- | C] () -- C:\Users\fudgi\Desktop\picture142.jpg [2010.08.16 17:52:48 | 000,045,419 | ---- | C] () -- C:\Users\fudgi\Desktop\picture00315.jpg [2010.08.16 17:52:38 | 000,192,536 | ---- | C] () -- C:\Users\fudgi\Desktop\03072010299.jpeg [2010.08.16 17:51:23 | 000,036,651 | ---- | C] () -- C:\Users\fudgi\Desktop\picture133.jpg [2010.08.16 17:50:53 | 002,812,922 | ---- | C] () -- C:\Users\fudgi\Desktop\Video100.avi [2010.08.16 17:48:31 | 000,036,066 | ---- | C] () -- C:\Users\fudgi\Desktop\n1110930796_289982_2174.jpg [2010.08.12 18:46:52 | 000,053,475 | ---- | C] () -- C:\Users\fudgi\Desktop\R01.jpg [2010.08.12 18:14:21 | 000,050,706 | ---- | C] () -- C:\Users\fudgi\Desktop\programm-Aug.pdf [2010.08.12 17:36:54 | 000,244,483 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0051a.jpg [2010.08.12 17:35:42 | 000,209,244 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0053a.jpg [2010.08.12 17:35:38 | 000,273,806 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0052a.jpg [2010.08.12 17:30:47 | 000,242,641 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0056a.jpg [2010.08.12 17:30:39 | 000,227,249 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0055a.jpg [2010.08.12 17:30:15 | 000,270,167 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0054a.jpg [2010.08.04 01:33:07 | 001,936,320 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0050a.avi [2010.07.11 15:41:18 | 000,006,504 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2010.07.11 15:40:16 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll [2010.07.11 15:40:16 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2010.07.11 15:40:14 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys [2010.07.11 15:40:14 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys [2010.07.09 13:11:58 | 000,000,095 | ---- | C] () -- C:\Windows\wininit.ini [2010.07.06 21:55:42 | 000,000,051 | ---- | C] () -- C:\Windows\wdopAutoSort.INI [2010.06.28 13:00:58 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2010.06.20 16:59:20 | 000,000,946 | ---- | C] () -- C:\Users\fudgi\AppData\Local\7F68A003.il [2010.06.20 16:59:20 | 000,000,280 | ---- | C] () -- C:\Users\fudgi\AppData\Local\IndexIE_7F68A003.il [2010.03.16 00:22:06 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.03.16 00:22:06 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.02.18 02:15:43 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.02.08 16:26:08 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini [2010.02.08 16:26:07 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.02.08 16:26:07 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.01.29 01:36:17 | 000,015,360 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2010.04.23 16:39:34 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Ashampoo [2010.02.18 02:40:15 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\DAEMON Tools Lite [2010.08.16 17:44:24 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\gnupg [2010.06.04 01:37:29 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\GrabIt [2010.07.06 17:21:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\GrabPro [2010.07.06 17:20:24 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Gutscheinmieze [2010.01.29 01:21:21 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Helios [2010.07.21 00:26:42 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\ICQ [2010.05.18 15:45:58 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\IrfanView [2010.06.23 22:40:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\NewsLeecher [2010.05.29 21:43:23 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Octoshape [2010.03.08 05:25:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Opera [2010.08.29 12:01:13 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Orbit [2010.06.10 18:21:36 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\PixelPlanet [2010.07.09 12:40:47 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\QuickScan [2010.07.01 13:09:00 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Subversion [2010.02.13 17:20:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Thunderbird [2010.06.30 02:45:37 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\UseNeXT [2010.01.29 01:38:59 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\VanDyke [2009.07.14 06:53:46 | 000,013,732 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.08.29 12:01:08 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.28 21:52:39 | 000,000,198 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.01.29 02:27:27 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Adobe [2010.04.23 16:39:34 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Ashampoo [2010.02.08 16:33:19 | 000,000,000 | R--D | M] -- C:\Users\fudgi\AppData\Roaming\Brother [2010.02.18 02:40:15 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\DAEMON Tools Lite [2010.07.02 02:05:51 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\DivX [2010.08.02 02:43:11 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\dvdcss [2010.08.16 17:44:24 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\gnupg [2010.06.04 01:37:29 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\GrabIt [2010.07.06 17:21:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\GrabPro [2010.01.29 03:25:59 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\GRETECH [2010.07.06 17:20:24 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Gutscheinmieze [2010.01.29 01:21:21 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Helios [2010.07.21 00:26:42 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\ICQ [2010.01.29 00:40:56 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Identities [2010.02.08 16:25:04 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\InstallShield [2010.05.18 15:45:58 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\IrfanView [2010.01.29 02:27:27 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Macromedia [2010.08.29 03:51:10 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Media Center Programs [2010.08.23 18:12:13 | 000,000,000 | --SD | M] -- C:\Users\fudgi\AppData\Roaming\Microsoft [2010.03.26 18:57:19 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Move Networks [2010.05.29 21:43:23 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Mozilla [2010.06.23 22:40:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\NewsLeecher [2010.05.29 21:43:23 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Octoshape [2010.03.08 05:25:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Opera [2010.08.29 12:01:13 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Orbit [2010.06.10 18:21:36 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\PixelPlanet [2010.07.09 12:40:47 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\QuickScan [2010.06.19 11:46:08 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Skype [2010.06.19 08:01:01 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\skypePM [2010.07.01 13:09:00 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Subversion [2010.02.13 17:20:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Thunderbird [2010.07.01 14:13:05 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\TortoiseSVN [2010.06.30 02:45:37 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\UseNeXT [2010.01.29 01:38:59 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\VanDyke [2010.08.02 04:30:51 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\vlc [2010.04.21 19:55:09 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Winamp [2010.07.11 16:15:57 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2007.03.22 12:46:40 | 000,126,976 | ---- | M] () -- C:\Users\fudgi\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe [2010.06.10 18:38:28 | 000,149,360 | R--- | M] (Acresso Software Inc.) -- C:\Users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\ARPPRODUCTICON.exe [2010.06.10 18:38:28 | 000,149,360 | R--- | M] (Acresso Software Inc.) -- C:\Users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\NewShortcut11_1B47E40F0FE04A059EF1DDA8922D0BA2.exe [2010.06.10 18:38:28 | 000,149,360 | R--- | M] (Acresso Software Inc.) -- C:\Users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\NewShortcut1_367DA4EF0C9243128CC33655B17DC263.exe [2010.06.10 18:38:28 | 000,067,440 | R--- | M] (Acresso Software Inc.) -- C:\Users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\NewShortcut2_DD172C74541145868246ADE181F1051F.exe [2010.06.10 18:28:23 | 000,059,368 | R--- | M] (Acresso Software Inc.) -- C:\Users\fudgi\AppData\Roaming\Microsoft\Installer\{D66DBB4B-3E39-4DE9-833E-423EB0DE247C}\ARPPRODUCTICON.exe [2010.03.26 18:57:19 | 000,144,053 | ---- | M] () -- C:\Users\fudgi\AppData\Roaming\Move Networks\uninstall.exe [2010.02.11 21:31:38 | 000,097,216 | ---- | M] () -- C:\Users\fudgi\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.08.29 12:16:21 | 000,787,456 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\cxcca.sys [2010.02.18 02:15:43 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:8779C396 < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.08.2010 12:07:57 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\fudgi\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 24,31 Gb Total Space | 2,61 Gb Free Space | 10,74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 69,77 Gb Total Space | 8,47 Gb Free Space | 12,14% Space Free | Partition Type: NTFS
Drive F: | 56,53 Gb Total Space | 9,03 Gb Free Space | 15,97% Space Free | Partition Type: NTFS
Drive G: | 22,75 Gb Total Space | 0,70 Gb Free Space | 3,10% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 1,86 Gb Total Space | 1,16 Gb Free Space | 62,39% Space Free | Partition Type: FAT
Drive Z: | 441,34 Gb Total Space | 133,37 Gb Free Space | 30,22% Space Free | Partition Type: NTFS
Computer Name: FUDGI-PC
Current User Name: fudgi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-344238117-2985730186-2944176282-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\fudgi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022F6097-A053-4B1B-BE50-3AADE4116B92}" = Opera 10.50
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6A3B5E-D26E-4690-A061-F3E2FB10F0E5}" = TortoiseSVN 1.6.9.19725 (32 bit)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7AD89AAA-31DB-44F6-9440-24F0761E4B72}" = VanDyke Software SecureCRT 6.2
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3A61264-B075-46BE-9C97-376EA4CEEEF5}" = PdfGrabber 6.0
"{A7FB84F1-FA4F-4B50-9AEC-4F83AB1DFEBE}" = G Data AntiVirus 2011
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite DCP-120C
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alt.Binz" = Alt.Binz 0.25.0
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21
"devkitProUpdater" = devkitProUpdater 1.5.0
"DivX Setup.divx.com" = DivX-Setup
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"FTPRush_is1" = FTPRush v1 Unicode
"GOM Player" = GOM Player
"GPG4Win" = Gpg4win (2.0.2)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"HijackThis" = HijackThis 2.0.2
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6)
"NewsLeecher_is1" = NewsLeecher v3.9 Final
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.WORD" = Microsoft Word 2010
"Orbit_is1" = Orbit Downloader
"QuickSFV" = QuickSFV (Remove only)
"SpeedFan" = SpeedFan (remove only)
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.0.5
"watchDirectory version 4_is1" = watchDirectory 4.6.2/2
"WBFS Manager 3.0" = WBFS Manager 3.0
"Wiiload" = Wiiload
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-344238117-2985730186-2944176282-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Octoshape Streaming Services" = Octoshape Streaming Services
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.08.2010 15:49:22 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bbf1b Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16385,
Zeitstempel: 0x4a5bda6f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000de51 ID des fehlerhaften
Prozesses: 0x1f4 Startzeit der fehlerhaften Anwendung: 0x01cb46ea0d9ec680 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\services.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\msvcrt.dll Berichtskennung: 5a4c7180-b2dd-11df-8d0e-001e8c1f79b5
Error - 28.08.2010 15:51:36 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bbf1b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00b3ff41 ID des fehlerhaften
Prozesses: 0x1fc Startzeit der fehlerhaften Anwendung: 0x01cb46ea60820380 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\services.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: aa4e2200-b2dd-11df-b5e8-001e8c1f79b5
Error - 28.08.2010 19:34:36 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bbf1b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00c3ff41 ID des fehlerhaften
Prozesses: 0x200 Startzeit der fehlerhaften Anwendung: 0x01cb47087d9ef900 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\services.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: d1686a20-b2fc-11df-9fa6-001e8c1f79b5
Error - 28.08.2010 19:39:15 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bbf1b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00d4ff41 ID des fehlerhaften
Prozesses: 0x1e0 Startzeit der fehlerhaften Anwendung: 0x01cb4709eb45d860 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\services.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 77a15500-b2fd-11df-9a0e-001e8c1f79b5
Error - 28.08.2010 20:16:07 | Computer Name = fudgi-PC | Source = Google Update | ID = 20
Description =
Error - 28.08.2010 20:34:39 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GDScan.exe, Version: 1.4.10112.839,
Zeitstempel: 0x4bd03a23 Name des fehlerhaften Moduls: xapauthenticodesip.dll, Version:
4.0.50524.0, Zeitstempel: 0x4bf9f4b3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002d66
ID
des fehlerhaften Prozesses: 0xa74 Startzeit der fehlerhaften Anwendung: 0x01cb47111d1896f0
Pfad
der fehlerhaften Anwendung: C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
Berichtskennung:
34794f50-b305-11df-a982-001e8c1f79b5
Error - 28.08.2010 20:57:41 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GDScan.exe, Version: 1.4.10112.839,
Zeitstempel: 0x4bd03a23 Name des fehlerhaften Moduls: xapauthenticodesip.dll, Version:
4.0.50524.0, Zeitstempel: 0x4bf9f4b3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002d66
ID
des fehlerhaften Prozesses: 0xec0 Startzeit der fehlerhaften Anwendung: 0x01cb47130583fd70
Pfad
der fehlerhaften Anwendung: C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
Berichtskennung:
6c50a150-b308-11df-a982-001e8c1f79b5
Error - 28.08.2010 21:01:54 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GDScan.exe, Version: 1.4.10112.839,
Zeitstempel: 0x4bd03a23 Name des fehlerhaften Moduls: xapauthenticodesip.dll, Version:
4.0.50524.0, Zeitstempel: 0x4bf9f4b3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002d66
ID
des fehlerhaften Prozesses: 0x404 Startzeit der fehlerhaften Anwendung: 0x01cb471543e54f90
Pfad
der fehlerhaften Anwendung: C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
Berichtskennung:
03687090-b309-11df-a982-001e8c1f79b5
Error - 28.08.2010 21:16:07 | Computer Name = fudgi-PC | Source = Google Update | ID = 20
Description =
Error - 28.08.2010 22:16:08 | Computer Name = fudgi-PC | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 28.08.2010 18:43:09 | Computer Name = fudgi-PC | Source = DCOM | ID = 10005
Description =
Error - 28.08.2010 18:43:09 | Computer Name = fudgi-PC | Source = DCOM | ID = 10005
Description =
Error - 28.08.2010 18:43:09 | Computer Name = fudgi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 28.08.2010 19:04:06 | Computer Name = fudgi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 28.08.2010 19:37:12 | Computer Name = fudgi-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?08.?2010 um 01:33:38 unerwartet heruntergefahren.
Error - 28.08.2010 20:06:48 | Computer Name = fudgi-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?08.?2010 um 01:38:58 unerwartet heruntergefahren.
Error - 28.08.2010 20:42:13 | Computer Name = fudgi-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "G Data Scanner" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 28.08.2010 20:57:46 | Computer Name = fudgi-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "G Data Scanner" wurde unerwartet beendet. Dies ist bereits
2 Mal passiert.
Error - 28.08.2010 20:58:16 | Computer Name = fudgi-PC | Source = DCOM | ID = 10010
Description =
Error - 28.08.2010 21:01:59 | Computer Name = fudgi-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "G Data Scanner" wurde unerwartet beendet. Dies ist bereits
3 Mal passiert.
< End of report >
|
| Themen zu Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet |
| 32 bit, 4d36e972-e325-11ce-bfc1-08002be10318, 7-zip, alternate, antivirus, awareness, bho, c:\windows\system32\rundll32.exe, c:\windows\system32\services.exe, components, corp./icp, dateisystem, defender, downloader, error, fehler, firefox, flash player, fontcache, format, google, internet, internet explorer, jdownloader, langs, local\temp, location, logfile, media center, microsoft office word, mozilla, mozilla thunderbird, netzwerklistendienst, nvlddmkm.sys, nvstor.sys, oldtimer, otl logfile, otl.exe, plug-in, problem, programdata, registry, rundll, saver, searchplugins, security, senden, services.exe, software, sptd.sys, start menu, studio, system, temp, trojaner, trojaner eingefangen, vlc media player, webcheck, windows, windows wird in einer minute neu gestartet, wrapper |
Baum-Darstellung