Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.08.2010, 13:52   #1
fudgi
 
Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet - Ausrufezeichen

Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet



Hallo, und auch ich habe dieses Problem, ich habe nun wie beim Kollegen vom 16.8 alle Log Dateien erstellt, in der Hoffnung, dass mir auch weitergeholfen werden kann. Nochmal die kurzfassung, habe mir wohl nen Trojaner eingefangen, es kam immer die Meldung der PC sei infiziert, egal was ich geöffnet habe. Antimalware Doctor etc waren auf dem PC... ich hoffe dass diese nun weg sind. Naja und Wie wohl schon bekannt, sobald der Lan Stecker drin ist kommt die oben genannte Meldung und der PC startet neu. Bitte um eure Hilfe. Vielen Dank

HijackThis
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:59, on 29.08.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: C:\Windows\system32\g3rbzl2.dll - {B1BA40A2-75F2-51BD-F413-04B13A2C8953} - C:\Windows\system32\g3rbzl2.dll (file missing)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\AntiVirus\WebFilter\AvkWebIE.dll
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\fudgi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Policies\Explorer\Run: [2nvtu0] C:\Users\fudgi\AppData\Local\Temp\ui15cr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe
O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: DirMngr - Unknown owner - C:\Program Files\GNU\GnuPG\dirmngr.exe
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 6900 bytes
         
OTL Log
Code:
ATTFilter
OTL logfile created on: 29.08.2010 12:07:57 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\fudgi\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 24,31 Gb Total Space | 2,61 Gb Free Space | 10,74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 69,77 Gb Total Space | 8,47 Gb Free Space | 12,14% Space Free | Partition Type: NTFS
Drive F: | 56,53 Gb Total Space | 9,03 Gb Free Space | 15,97% Space Free | Partition Type: NTFS
Drive G: | 22,75 Gb Total Space | 0,70 Gb Free Space | 3,10% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 1,86 Gb Total Space | 1,16 Gb Free Space | 62,39% Space Free | Partition Type: FAT
Drive Z: | 441,34 Gb Total Space | 133,37 Gb Free Space | 30,22% Space Free | Partition Type: NTFS
 
Computer Name: FUDGI-PC
Current User Name: fudgi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\fudgi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net)
PRC - C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
PRC - C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Programme\GNU\GnuPG\dirmngr.exe ()
PRC - C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Programme\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe (G Data Software AG)
PRC - C:\Programme\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Foxit Software\Foxit Reader\Foxit Reader.exe ()
PRC - C:\Programme\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Windows\System32\brss01a.exe (brother Industries Ltd)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\Windows\System32\brsvc01a.exe (brother Industries Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\fudgi\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (DirMngr) -- C:\Program Files\GNU\GnuPG\dirmngr.exe ()
SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (AVKService) -- C:\Programme\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (AVKWCtl) -- C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe (G Data Software AG)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Brother XP spl Service) -- C:\Windows\System32\brsvc01a.exe (brother Industries Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ALSysIO) -- C:\Users\fudgi\AppData\Local\Temp\ALSysIO.sys File not found
DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software)
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG)
DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G DATA Software AG)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC E9 8E 48 4E 3D CB 01  [binary data]
IE - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.6
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.25 19:13:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.18 10:36:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.01 17:05:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.03.03 04:31:41 | 000,000,000 | ---D | M]
 
[2010.04.25 19:13:09 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\mozilla\Extensions
[2010.02.13 17:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fudgi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.06 17:21:54 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\mozilla\Firefox\Profiles\34xxeldv.default\extensions
[2010.04.25 19:14:07 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Users\fudgi\AppData\Roaming\mozilla\Firefox\Profiles\34xxeldv.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2010.08.29 02:25:26 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.29 02:25:26 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.28 22:05:17 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (C:\Windows\system32\g3rbzl2.dll) - {B1BA40A2-75F2-51BD-F413-04B13A2C8953} - C:\Windows\System32\g3rbzl2.dll File not found
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\Webfilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKU\S-1-5-21-344238117-2985730186-2944176282-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-344238117-2985730186-2944176282-1001..\Run: [Octoshape Streaming Services] C:\Users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 2nvtu0 = C:\Users\fudgi\AppData\Local\Temp\ui15cr.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-344238117-2985730186-2944176282-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8fa8654d-0c76-11df-a781-001e8c1f79b5}\Shell - "" = AutoRun
O33 - MountPoints2\{8fa8654d-0c76-11df-a781-001e8c1f79b5}\Shell\AutoRun\command - "" = J:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{ace01b18-1c25-11df-a3de-001e8c1f79b5}\Shell - "" = AutoRun
O33 - MountPoints2\{ace01b18-1c25-11df-a3de-001e8c1f79b5}\Shell\AutoRun\command - "" = H:\SETUP.EXE -- File not found
O33 - MountPoints2\{ace01b18-1c25-11df-a3de-001e8c1f79b5}\Shell\configure\command - "" = H:\SETUP.EXE -- File not found
O33 - MountPoints2\{ace01b18-1c25-11df-a3de-001e8c1f79b5}\Shell\install\command - "" = H:\SETUP.EXE -- File not found
O33 - MountPoints2\{ed96028a-0c5c-11df-aee9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ed96028a-0c5c-11df-aee9-806e6f6e6963}\Shell\AutoRun\command - "" = Y:\AUTOPLAY.EXE id=10000017000003000036 ver=1.0.0.0 -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
MsConfig - StartUpFolder: C:^Users^fudgi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Antimalware Doctor.lnk - C:\Users\fudgi\AppData\Roaming\17598169F3609228271747FA321FC526\mediafix70700en02.exe - File not found
MsConfig - StartUpReg: 20W6RLKX65 - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\Kqr.exe File not found
MsConfig - StartUpReg: bfrhvhdl - hkey= - key= - C:\Users\fudgi\AppData\Local\fpfxijqof\circmmishdw.exe File not found
MsConfig - StartUpReg: bipro - hkey= - key= - C:\Windows\$NtUninstallMTF1011$\mmduch.DLL File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: EWABQAF7KL - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\Kqr.exe File not found
MsConfig - StartUpReg: hse897ifdsjf98u3heuidhfdd - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\wnnf9zt40.exe File not found
MsConfig - StartUpReg: igigkyxx - hkey= - key= - C:\Users\fudgi\AppData\Local\vcmyiqdvn\cawxhqqshdw.exe File not found
MsConfig - StartUpReg: kcpvdifa - hkey= - key= - C:\Users\fudgi\AppData\Local\kpoxiaqfe\cqppwgdshdw.exe File not found
MsConfig - StartUpReg: mediafix70700en02.exe - hkey= - key= - C:\Users\fudgi\AppData\Roaming\17598169F3609228271747FA321FC526\mediafix70700en02.exe File not found
MsConfig - StartUpReg: morxnsacwe.exe - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\morxnsacwe.exe File not found
MsConfig - StartUpReg: NetLog2 - hkey= - key= - C:\Windows\svc2.exe File not found
MsConfig - StartUpReg: Speech Recognition - hkey= - key= - C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
MsConfig - StartUpReg: XBV6RD5SZF - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\Kqs.exe File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.29 12:05:44 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\fudgi\Desktop\OTL.exe
[2010.08.29 12:02:07 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.08.29 03:51:10 | 000,000,000 | ---D | C] -- C:\Users\fudgi\AppData\Roaming\Malwarebytes
[2010.08.29 03:50:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.29 03:50:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.29 03:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.29 03:50:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.29 02:29:15 | 000,029,992 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2010.08.29 02:25:28 | 000,038,856 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2010.08.29 02:25:24 | 000,061,512 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2010.08.29 02:25:24 | 000,033,480 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2010.08.29 02:25:23 | 000,040,904 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2010.08.29 02:25:15 | 000,000,000 | ---D | C] -- C:\Programme\G Data
[2010.08.29 02:25:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\G Data
[2010.08.29 02:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2010.08.29 00:48:47 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.08.28 22:14:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.08.28 21:49:21 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\Windows\Kriced.exe
[2010.08.28 21:47:06 | 000,000,000 | ---D | C] -- C:\Users\fudgi\AppData\Local\Octoshape
[2010.08.28 21:44:47 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\Windows\Kricec.exe
[2010.08.28 21:44:31 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\Windows\Kriceb.exe
[2010.08.28 21:40:49 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\Windows\Kricea.exe
[2010.08.28 21:40:30 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%USERPROFILE%
[2010.08.28 21:40:13 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010.08.28 21:39:57 | 000,000,000 | ---D | C] -- C:\Users\fudgi\AppData\Local\Windows Server
[2010.08.22 01:35:07 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live Safety Center
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.29 12:12:04 | 002,359,296 | -HS- | M] () -- C:\Users\fudgi\NTUSER.DAT
[2010.08.29 12:11:15 | 000,787,456 | ---- | M] () -- C:\Windows\System32\drivers\cxcca.sys
[2010.08.29 12:09:31 | 001,480,602 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.29 12:09:31 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.29 12:09:31 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.29 12:09:31 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.29 12:09:31 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.29 12:06:08 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.29 12:06:08 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.29 12:02:07 | 000,002,039 | ---- | M] () -- C:\Users\fudgi\Desktop\HijackThis.lnk
[2010.08.29 12:01:13 | 000,001,843 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[2010.08.29 12:01:08 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.08.29 12:01:07 | 000,000,021 | ---- | M] () -- C:\Windows\S.dirmngr
[2010.08.29 12:01:04 | 001,048,576 | -HS- | M] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.2.regtrans-ms
[2010.08.29 12:01:04 | 001,048,576 | -HS- | M] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.1.regtrans-ms
[2010.08.29 12:01:04 | 001,048,576 | -HS- | M] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.0.regtrans-ms
[2010.08.29 12:01:04 | 000,065,536 | -HS- | M] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.blf
[2010.08.29 12:01:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.29 12:00:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.29 12:00:42 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.29 11:45:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\fudgi\Desktop\OTL.exe
[2010.08.29 05:06:50 | 001,534,761 | -H-- | M] () -- C:\Users\fudgi\AppData\Local\IconCache.db
[2010.08.29 04:16:08 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-344238117-2985730186-2944176282-1001UA.job
[2010.08.29 03:50:30 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.29 02:29:15 | 000,029,992 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2010.08.29 02:25:28 | 000,038,856 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2010.08.29 02:25:27 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\G Data AntiVirus 2011.lnk
[2010.08.29 02:25:24 | 000,061,512 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2010.08.29 02:25:24 | 000,033,480 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2010.08.29 02:25:23 | 000,040,904 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2010.08.29 02:16:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-344238117-2985730186-2944176282-1001Core.job
[2010.08.28 21:52:39 | 000,000,198 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.08.28 21:40:47 | 000,187,392 | ---- | M] (OpenSC Project) -- C:\Windows\Kriced.exe
[2010.08.28 21:40:47 | 000,187,392 | ---- | M] (OpenSC Project) -- C:\Windows\Kricec.exe
[2010.08.28 21:40:43 | 000,187,392 | ---- | M] (OpenSC Project) -- C:\Windows\Kriceb.exe
[2010.08.28 21:40:40 | 000,187,392 | ---- | M] (OpenSC Project) -- C:\Windows\Kricea.exe
[2010.08.28 08:01:00 | 050,000,000 | ---- | M] () -- C:\mom-wiitard.r89
[2010.08.24 01:27:25 | 001,078,429 | ---- | M] () -- C:\Users\fudgi\Desktop\Barnitos_Softmod_v0.9.pdf
[2010.08.23 18:25:26 | 002,061,393 | ---- | M] () -- C:\Users\fudgi\Documents\heroes.wma
[2010.08.23 18:22:07 | 000,570,713 | ---- | M] () -- C:\Users\fudgi\Desktop\Unbenannt.wma
[2010.08.23 18:11:03 | 002,564,273 | ---- | M] () -- C:\Users\fudgi\Desktop\blah.wma
[2010.08.23 00:54:56 | 000,101,260 | ---- | M] () -- C:\Users\fudgi\Desktop\desktop.jpg
[2010.08.22 18:41:56 | 000,100,199 | ---- | M] () -- C:\Users\fudgi\Desktop\joachim.jpg
[2010.08.22 18:39:11 | 000,021,076 | ---- | M] () -- C:\Users\fudgi\Desktop\7B9.jpg
[2010.08.22 01:34:21 | 018,250,890 | ---- | M] () -- C:\Users\fudgi\Desktop\daniel.zip
[2010.08.22 01:33:05 | 018,063,988 | ---- | M] () -- C:\Users\fudgi\Desktop\daniel.rar
[2010.08.22 00:02:47 | 000,050,073 | ---- | M] () -- C:\Users\fudgi\Desktop\3806813.s44170954.1c2b73e212c9.jpg
[2010.08.21 23:58:21 | 001,182,184 | ---- | M] () -- C:\Users\fudgi\Desktop\CIMG0791.jpg
[2010.08.21 12:16:21 | 000,002,397 | ---- | M] () -- C:\Users\fudgi\Desktop\Google Chrome.lnk
[2010.08.17 01:19:03 | 000,190,497 | ---- | M] () -- C:\Users\fudgi\Desktop\06082010458.jpeg
[2010.08.16 21:08:28 | 000,069,854 | ---- | M] () -- C:\Users\fudgi\Desktop\picture00259.jpg
[2010.08.16 18:12:29 | 000,069,539 | ---- | M] () -- C:\Users\fudgi\Desktop\ATT02840.jpg
[2010.08.16 17:58:11 | 000,025,066 | ---- | M] () -- C:\Users\fudgi\Desktop\ATT03965.jpg
[2010.08.16 17:55:10 | 004,782,208 | ---- | M] () -- C:\wiixx.dol
[2010.08.16 17:52:56 | 000,049,091 | ---- | M] () -- C:\Users\fudgi\Desktop\picture142.jpg
[2010.08.16 17:52:48 | 000,045,419 | ---- | M] () -- C:\Users\fudgi\Desktop\picture00315.jpg
[2010.08.16 17:52:39 | 000,192,536 | ---- | M] () -- C:\Users\fudgi\Desktop\03072010299.jpeg
[2010.08.16 17:51:24 | 000,036,651 | ---- | M] () -- C:\Users\fudgi\Desktop\picture133.jpg
[2010.08.16 17:50:54 | 002,812,922 | ---- | M] () -- C:\Users\fudgi\Desktop\Video100.avi
[2010.08.16 17:48:32 | 000,036,066 | ---- | M] () -- C:\Users\fudgi\Desktop\n1110930796_289982_2174.jpg
[2010.08.12 18:46:53 | 000,053,475 | ---- | M] () -- C:\Users\fudgi\Desktop\R01.jpg
[2010.08.12 18:14:22 | 000,050,706 | ---- | M] () -- C:\Users\fudgi\Desktop\programm-Aug.pdf
[2010.08.12 17:37:15 | 000,066,022 | ---- | M] () -- C:\Users\fudgi\Desktop\scat6.jpg
[2010.08.12 17:36:55 | 000,244,483 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0051a.jpg
[2010.08.12 17:35:43 | 000,209,244 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0053a.jpg
[2010.08.12 17:35:39 | 000,273,806 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0052a.jpg
[2010.08.12 17:30:48 | 000,242,641 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0056a.jpg
[2010.08.12 17:30:40 | 000,227,249 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0055a.jpg
[2010.08.12 17:30:17 | 000,270,167 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0054a.jpg
[2010.08.04 01:33:08 | 001,936,320 | ---- | M] () -- C:\Users\fudgi\Desktop\DSCI0050a.avi
 
========== Files Created - No Company Name ==========
 
[2010.08.29 12:02:07 | 000,002,039 | ---- | C] () -- C:\Users\fudgi\Desktop\HijackThis.lnk
[2010.08.29 12:01:04 | 001,048,576 | -HS- | C] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.2.regtrans-ms
[2010.08.29 12:01:04 | 001,048,576 | -HS- | C] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.1.regtrans-ms
[2010.08.29 12:01:04 | 001,048,576 | -HS- | C] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.0.regtrans-ms
[2010.08.29 12:01:04 | 000,065,536 | -HS- | C] () -- C:\Users\fudgi\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.blf
[2010.08.29 05:04:29 | 000,000,021 | ---- | C] () -- C:\Windows\S.dirmngr
[2010.08.29 03:50:30 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.29 02:25:27 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\G Data AntiVirus 2011.lnk
[2010.08.28 21:41:18 | 000,787,456 | ---- | C] () -- C:\Windows\System32\drivers\cxcca.sys
[2010.08.28 21:40:53 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.08.28 17:42:30 | 050,000,000 | ---- | C] () -- C:\mom-wiitard.r89
[2010.08.24 01:27:24 | 001,078,429 | ---- | C] () -- C:\Users\fudgi\Desktop\Barnitos_Softmod_v0.9.pdf
[2010.08.23 18:25:26 | 002,061,393 | ---- | C] () -- C:\Users\fudgi\Documents\heroes.wma
[2010.08.23 18:22:07 | 000,570,713 | ---- | C] () -- C:\Users\fudgi\Desktop\Unbenannt.wma
[2010.08.23 18:11:03 | 002,564,273 | ---- | C] () -- C:\Users\fudgi\Desktop\blah.wma
[2010.08.23 00:54:56 | 000,101,260 | ---- | C] () -- C:\Users\fudgi\Desktop\desktop.jpg
[2010.08.22 18:41:56 | 000,100,199 | ---- | C] () -- C:\Users\fudgi\Desktop\joachim.jpg
[2010.08.22 18:39:13 | 000,021,076 | ---- | C] () -- C:\Users\fudgi\Desktop\7B9.jpg
[2010.08.22 01:34:18 | 018,250,890 | ---- | C] () -- C:\Users\fudgi\Desktop\daniel.zip
[2010.08.22 01:32:55 | 018,063,988 | ---- | C] () -- C:\Users\fudgi\Desktop\daniel.rar
[2010.08.22 01:32:37 | 017,586,176 | ---- | C] () -- C:\Users\fudgi\Desktop\daniel.avi
[2010.08.22 00:02:47 | 000,050,073 | ---- | C] () -- C:\Users\fudgi\Desktop\3806813.s44170954.1c2b73e212c9.jpg
[2010.08.21 23:58:23 | 001,182,184 | ---- | C] () -- C:\Users\fudgi\Desktop\CIMG0791.jpg
[2010.08.17 01:19:02 | 000,190,497 | ---- | C] () -- C:\Users\fudgi\Desktop\06082010458.jpeg
[2010.08.16 17:59:23 | 000,069,539 | ---- | C] () -- C:\Users\fudgi\Desktop\ATT02840.jpg
[2010.08.16 17:58:11 | 000,025,066 | ---- | C] () -- C:\Users\fudgi\Desktop\ATT03965.jpg
[2010.08.16 17:58:03 | 000,069,854 | ---- | C] () -- C:\Users\fudgi\Desktop\picture00259.jpg
[2010.08.16 17:55:10 | 004,782,208 | ---- | C] () -- C:\wiixx.dol
[2010.08.16 17:52:55 | 000,049,091 | ---- | C] () -- C:\Users\fudgi\Desktop\picture142.jpg
[2010.08.16 17:52:48 | 000,045,419 | ---- | C] () -- C:\Users\fudgi\Desktop\picture00315.jpg
[2010.08.16 17:52:38 | 000,192,536 | ---- | C] () -- C:\Users\fudgi\Desktop\03072010299.jpeg
[2010.08.16 17:51:23 | 000,036,651 | ---- | C] () -- C:\Users\fudgi\Desktop\picture133.jpg
[2010.08.16 17:50:53 | 002,812,922 | ---- | C] () -- C:\Users\fudgi\Desktop\Video100.avi
[2010.08.16 17:48:31 | 000,036,066 | ---- | C] () -- C:\Users\fudgi\Desktop\n1110930796_289982_2174.jpg
[2010.08.12 18:46:52 | 000,053,475 | ---- | C] () -- C:\Users\fudgi\Desktop\R01.jpg
[2010.08.12 18:14:21 | 000,050,706 | ---- | C] () -- C:\Users\fudgi\Desktop\programm-Aug.pdf
[2010.08.12 17:36:54 | 000,244,483 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0051a.jpg
[2010.08.12 17:35:42 | 000,209,244 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0053a.jpg
[2010.08.12 17:35:38 | 000,273,806 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0052a.jpg
[2010.08.12 17:30:47 | 000,242,641 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0056a.jpg
[2010.08.12 17:30:39 | 000,227,249 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0055a.jpg
[2010.08.12 17:30:15 | 000,270,167 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0054a.jpg
[2010.08.04 01:33:07 | 001,936,320 | ---- | C] () -- C:\Users\fudgi\Desktop\DSCI0050a.avi
[2010.07.11 15:41:18 | 000,006,504 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2010.07.11 15:40:16 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2010.07.11 15:40:16 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2010.07.11 15:40:14 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2010.07.11 15:40:14 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2010.07.09 13:11:58 | 000,000,095 | ---- | C] () -- C:\Windows\wininit.ini
[2010.07.06 21:55:42 | 000,000,051 | ---- | C] () -- C:\Windows\wdopAutoSort.INI
[2010.06.28 13:00:58 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2010.06.20 16:59:20 | 000,000,946 | ---- | C] () -- C:\Users\fudgi\AppData\Local\7F68A003.il
[2010.06.20 16:59:20 | 000,000,280 | ---- | C] () -- C:\Users\fudgi\AppData\Local\IndexIE_7F68A003.il
[2010.03.16 00:22:06 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.03.16 00:22:06 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.02.18 02:15:43 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.02.08 16:26:08 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2010.02.08 16:26:07 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.02.08 16:26:07 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.01.29 01:36:17 | 000,015,360 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2010.04.23 16:39:34 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Ashampoo
[2010.02.18 02:40:15 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\DAEMON Tools Lite
[2010.08.16 17:44:24 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\gnupg
[2010.06.04 01:37:29 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\GrabIt
[2010.07.06 17:21:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\GrabPro
[2010.07.06 17:20:24 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Gutscheinmieze
[2010.01.29 01:21:21 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Helios
[2010.07.21 00:26:42 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\ICQ
[2010.05.18 15:45:58 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\IrfanView
[2010.06.23 22:40:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\NewsLeecher
[2010.05.29 21:43:23 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Octoshape
[2010.03.08 05:25:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Opera
[2010.08.29 12:01:13 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Orbit
[2010.06.10 18:21:36 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\PixelPlanet
[2010.07.09 12:40:47 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\QuickScan
[2010.07.01 13:09:00 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Subversion
[2010.02.13 17:20:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Thunderbird
[2010.06.30 02:45:37 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\UseNeXT
[2010.01.29 01:38:59 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\VanDyke
[2009.07.14 06:53:46 | 000,013,732 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.29 12:01:08 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.08.28 21:52:39 | 000,000,198 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.01.29 02:27:27 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Adobe
[2010.04.23 16:39:34 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Ashampoo
[2010.02.08 16:33:19 | 000,000,000 | R--D | M] -- C:\Users\fudgi\AppData\Roaming\Brother
[2010.02.18 02:40:15 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\DAEMON Tools Lite
[2010.07.02 02:05:51 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\DivX
[2010.08.02 02:43:11 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\dvdcss
[2010.08.16 17:44:24 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\gnupg
[2010.06.04 01:37:29 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\GrabIt
[2010.07.06 17:21:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\GrabPro
[2010.01.29 03:25:59 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\GRETECH
[2010.07.06 17:20:24 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Gutscheinmieze
[2010.01.29 01:21:21 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Helios
[2010.07.21 00:26:42 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\ICQ
[2010.01.29 00:40:56 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Identities
[2010.02.08 16:25:04 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\InstallShield
[2010.05.18 15:45:58 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\IrfanView
[2010.01.29 02:27:27 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Macromedia
[2010.08.29 03:51:10 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Media Center Programs
[2010.08.23 18:12:13 | 000,000,000 | --SD | M] -- C:\Users\fudgi\AppData\Roaming\Microsoft
[2010.03.26 18:57:19 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Move Networks
[2010.05.29 21:43:23 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Mozilla
[2010.06.23 22:40:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\NewsLeecher
[2010.05.29 21:43:23 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Octoshape
[2010.03.08 05:25:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Opera
[2010.08.29 12:01:13 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Orbit
[2010.06.10 18:21:36 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\PixelPlanet
[2010.07.09 12:40:47 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\QuickScan
[2010.06.19 11:46:08 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Skype
[2010.06.19 08:01:01 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\skypePM
[2010.07.01 13:09:00 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Subversion
[2010.02.13 17:20:52 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Thunderbird
[2010.07.01 14:13:05 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\TortoiseSVN
[2010.06.30 02:45:37 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\UseNeXT
[2010.01.29 01:38:59 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\VanDyke
[2010.08.02 04:30:51 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\vlc
[2010.04.21 19:55:09 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\Winamp
[2010.07.11 16:15:57 | 000,000,000 | ---D | M] -- C:\Users\fudgi\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2007.03.22 12:46:40 | 000,126,976 | ---- | M] () -- C:\Users\fudgi\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
[2010.06.10 18:38:28 | 000,149,360 | R--- | M] (Acresso Software Inc.) -- C:\Users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\ARPPRODUCTICON.exe
[2010.06.10 18:38:28 | 000,149,360 | R--- | M] (Acresso Software Inc.) -- C:\Users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\NewShortcut11_1B47E40F0FE04A059EF1DDA8922D0BA2.exe
[2010.06.10 18:38:28 | 000,149,360 | R--- | M] (Acresso Software Inc.) -- C:\Users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\NewShortcut1_367DA4EF0C9243128CC33655B17DC263.exe
[2010.06.10 18:38:28 | 000,067,440 | R--- | M] (Acresso Software Inc.) -- C:\Users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\NewShortcut2_DD172C74541145868246ADE181F1051F.exe
[2010.06.10 18:28:23 | 000,059,368 | R--- | M] (Acresso Software Inc.) -- C:\Users\fudgi\AppData\Roaming\Microsoft\Installer\{D66DBB4B-3E39-4DE9-833E-423EB0DE247C}\ARPPRODUCTICON.exe
[2010.03.26 18:57:19 | 000,144,053 | ---- | M] () -- C:\Users\fudgi\AppData\Roaming\Move Networks\uninstall.exe
[2010.02.11 21:31:38 | 000,097,216 | ---- | M] () -- C:\Users\fudgi\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.08.29 12:16:21 | 000,787,456 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\cxcca.sys
[2010.02.18 02:15:43 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:8779C396

< End of report >
         
OTL Extras LOG
Code:
ATTFilter
OTL Extras logfile created on: 29.08.2010 12:07:57 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\fudgi\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 24,31 Gb Total Space | 2,61 Gb Free Space | 10,74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 69,77 Gb Total Space | 8,47 Gb Free Space | 12,14% Space Free | Partition Type: NTFS
Drive F: | 56,53 Gb Total Space | 9,03 Gb Free Space | 15,97% Space Free | Partition Type: NTFS
Drive G: | 22,75 Gb Total Space | 0,70 Gb Free Space | 3,10% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 1,86 Gb Total Space | 1,16 Gb Free Space | 62,39% Space Free | Partition Type: FAT
Drive Z: | 441,34 Gb Total Space | 133,37 Gb Free Space | 30,22% Space Free | Partition Type: NTFS
 
Computer Name: FUDGI-PC
Current User Name: fudgi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-344238117-2985730186-2944176282-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\fudgi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022F6097-A053-4B1B-BE50-3AADE4116B92}" = Opera 10.50
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6A3B5E-D26E-4690-A061-F3E2FB10F0E5}" = TortoiseSVN 1.6.9.19725 (32 bit)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7AD89AAA-31DB-44F6-9440-24F0761E4B72}" = VanDyke Software SecureCRT 6.2
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3A61264-B075-46BE-9C97-376EA4CEEEF5}" = PdfGrabber 6.0
"{A7FB84F1-FA4F-4B50-9AEC-4F83AB1DFEBE}" = G Data AntiVirus 2011
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite DCP-120C
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alt.Binz" = Alt.Binz 0.25.0
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21
"devkitProUpdater" = devkitProUpdater 1.5.0
"DivX Setup.divx.com" = DivX-Setup
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"FTPRush_is1" = FTPRush v1 Unicode
"GOM Player" = GOM Player
"GPG4Win" = Gpg4win (2.0.2)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"HijackThis" = HijackThis 2.0.2
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6)
"NewsLeecher_is1" = NewsLeecher v3.9 Final
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.WORD" = Microsoft Word 2010
"Orbit_is1" = Orbit Downloader
"QuickSFV" = QuickSFV (Remove only)
"SpeedFan" = SpeedFan (remove only)
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.0.5
"watchDirectory version 4_is1" = watchDirectory 4.6.2/2
"WBFS Manager 3.0" = WBFS Manager 3.0
"Wiiload" = Wiiload
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-344238117-2985730186-2944176282-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Octoshape Streaming Services" = Octoshape Streaming Services
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.08.2010 15:49:22 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bbf1b  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16385,
 Zeitstempel: 0x4a5bda6f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000de51  ID des fehlerhaften
 Prozesses: 0x1f4  Startzeit der fehlerhaften Anwendung: 0x01cb46ea0d9ec680  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\services.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\msvcrt.dll  Berichtskennung: 5a4c7180-b2dd-11df-8d0e-001e8c1f79b5
 
Error - 28.08.2010 15:51:36 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bbf1b  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00b3ff41  ID des fehlerhaften
 Prozesses: 0x1fc  Startzeit der fehlerhaften Anwendung: 0x01cb46ea60820380  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\services.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: aa4e2200-b2dd-11df-b5e8-001e8c1f79b5
 
Error - 28.08.2010 19:34:36 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bbf1b  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00c3ff41  ID des fehlerhaften
 Prozesses: 0x200  Startzeit der fehlerhaften Anwendung: 0x01cb47087d9ef900  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\services.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: d1686a20-b2fc-11df-9fa6-001e8c1f79b5
 
Error - 28.08.2010 19:39:15 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bbf1b  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00d4ff41  ID des fehlerhaften
 Prozesses: 0x1e0  Startzeit der fehlerhaften Anwendung: 0x01cb4709eb45d860  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\services.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 77a15500-b2fd-11df-9a0e-001e8c1f79b5
 
Error - 28.08.2010 20:16:07 | Computer Name = fudgi-PC | Source = Google Update | ID = 20
Description = 
 
Error - 28.08.2010 20:34:39 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GDScan.exe, Version: 1.4.10112.839,
 Zeitstempel: 0x4bd03a23  Name des fehlerhaften Moduls: xapauthenticodesip.dll, Version:
 4.0.50524.0, Zeitstempel: 0x4bf9f4b3  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002d66
ID
 des fehlerhaften Prozesses: 0xa74  Startzeit der fehlerhaften Anwendung: 0x01cb47111d1896f0
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
Berichtskennung:
 34794f50-b305-11df-a982-001e8c1f79b5
 
Error - 28.08.2010 20:57:41 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GDScan.exe, Version: 1.4.10112.839,
 Zeitstempel: 0x4bd03a23  Name des fehlerhaften Moduls: xapauthenticodesip.dll, Version:
 4.0.50524.0, Zeitstempel: 0x4bf9f4b3  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002d66
ID
 des fehlerhaften Prozesses: 0xec0  Startzeit der fehlerhaften Anwendung: 0x01cb47130583fd70
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
Berichtskennung:
 6c50a150-b308-11df-a982-001e8c1f79b5
 
Error - 28.08.2010 21:01:54 | Computer Name = fudgi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GDScan.exe, Version: 1.4.10112.839,
 Zeitstempel: 0x4bd03a23  Name des fehlerhaften Moduls: xapauthenticodesip.dll, Version:
 4.0.50524.0, Zeitstempel: 0x4bf9f4b3  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002d66
ID
 des fehlerhaften Prozesses: 0x404  Startzeit der fehlerhaften Anwendung: 0x01cb471543e54f90
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
Berichtskennung:
 03687090-b309-11df-a982-001e8c1f79b5
 
Error - 28.08.2010 21:16:07 | Computer Name = fudgi-PC | Source = Google Update | ID = 20
Description = 
 
Error - 28.08.2010 22:16:08 | Computer Name = fudgi-PC | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 28.08.2010 18:43:09 | Computer Name = fudgi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 28.08.2010 18:43:09 | Computer Name = fudgi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 28.08.2010 18:43:09 | Computer Name = fudgi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 28.08.2010 19:04:06 | Computer Name = fudgi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 28.08.2010 19:37:12 | Computer Name = fudgi-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?08.?2010 um 01:33:38 unerwartet heruntergefahren.
 
Error - 28.08.2010 20:06:48 | Computer Name = fudgi-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?08.?2010 um 01:38:58 unerwartet heruntergefahren.
 
Error - 28.08.2010 20:42:13 | Computer Name = fudgi-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "G Data Scanner" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 28.08.2010 20:57:46 | Computer Name = fudgi-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "G Data Scanner" wurde unerwartet beendet. Dies ist bereits
 2 Mal passiert.
 
Error - 28.08.2010 20:58:16 | Computer Name = fudgi-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 28.08.2010 21:01:59 | Computer Name = fudgi-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "G Data Scanner" wurde unerwartet beendet. Dies ist bereits
 3 Mal passiert.
 
 
< End of report >
         

Alt 29.08.2010, 13:54   #2
fudgi
 
Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet - Standard

Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet



Combofix Log
Code:
ATTFilter
ComboFix 10-08-28.01 - fudgi 29.08.2010  12:52:21.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.2046.1402 [GMT 2:00]
ausgeführt von:: c:\users\fudgi\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
 * Im Speicher befindliches AV aktiv.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\fudgi\AppData\Local\Windows Server
c:\users\fudgi\AppData\Local\Windows Server\admin.txt
c:\users\fudgi\AppData\Local\Windows Server\server.dat
c:\windows\system32\%appdata%

Infizierte Kopie von c:\windows\system32\drivers\termdd.sys wurde gefunden und desinfiziert 
Kopie von - Kitty had a snack :p wurde wiederhergestellt 
.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-28 bis 2010-08-29  ))))))))))))))))))))))))))))))
.

2010-08-29 10:02 . 2010-08-29 10:02	--------	d-----w-	c:\program files\Trend Micro
2010-08-29 01:51 . 2010-08-29 01:51	--------	d-----w-	c:\users\fudgi\AppData\Roaming\Malwarebytes
2010-08-29 01:50 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 01:50 . 2010-08-29 01:50	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-29 01:50 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-29 01:50 . 2010-08-29 01:50	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-29 00:29 . 2010-08-29 00:29	29992	----a-w-	c:\windows\system32\drivers\GRD.sys
2010-08-29 00:25 . 2010-08-29 00:25	38856	----a-w-	c:\windows\system32\drivers\HookCentre.sys
2010-08-29 00:25 . 2010-08-29 00:25	61512	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2010-08-29 00:25 . 2010-08-29 00:25	33480	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2010-08-29 00:25 . 2010-08-29 00:25	40904	----a-w-	c:\windows\system32\drivers\gdwfpcd32.sys
2010-08-29 00:25 . 2010-08-29 03:06	--------	d-----w-	c:\programdata\G DATA
2010-08-29 00:25 . 2010-08-29 00:25	--------	d-----w-	c:\program files\Common Files\G Data
2010-08-29 00:25 . 2010-08-29 00:25	--------	d-----w-	c:\program files\G Data
2010-08-28 19:49 . 2010-08-28 19:40	187392	----a-w-	c:\windows\Kriced.exe
2010-08-28 19:47 . 2010-08-28 19:47	--------	d-----w-	c:\users\fudgi\AppData\Local\Octoshape
2010-08-28 19:44 . 2010-08-28 19:40	187392	----a-w-	c:\windows\Kricec.exe
2010-08-28 19:44 . 2010-08-04 11:43	71960	----a-w-	c:\users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1008042-0-npoctoshape.dll
2010-08-28 19:44 . 2010-08-04 11:43	438784	----a-w-	c:\users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1008042-0-libOctoshapeClient.dll
2010-08-28 19:44 . 2010-08-04 11:43	124184	----a-w-	c:\users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1008042-0-apoctoshape.dll
2010-08-28 19:44 . 2010-08-28 19:40	187392	----a-w-	c:\windows\Kriceb.exe
2010-08-28 19:40 . 2010-08-28 19:40	187392	----a-w-	c:\windows\Kricea.exe
2010-08-28 19:40 . 2010-08-28 19:40	--------	d-sh--w-	c:\windows\system32\%USERPROFILE%
2010-08-21 23:35 . 2010-08-21 23:35	--------	d-----w-	c:\program files\Windows Live Safety Center

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 11:03 . 2010-07-06 15:21	--------	d-----w-	c:\users\fudgi\AppData\Roaming\Orbit
2010-08-29 10:57 . 2009-07-14 08:47	647138	----a-w-	c:\windows\system32\perfh007.dat
2010-08-29 10:57 . 2009-07-14 08:47	127198	----a-w-	c:\windows\system32\perfc007.dat
2010-08-26 11:07 . 2010-01-28 22:59	--------	d---a-w-	c:\program files\FTPRush
2010-08-24 21:11 . 2010-02-13 15:20	--------	d-----w-	c:\program files\Mozilla Thunderbird
2010-08-16 15:44 . 2010-05-19 12:48	--------	d-----w-	c:\users\fudgi\AppData\Roaming\gnupg
2010-08-02 02:30 . 2010-03-15 23:10	--------	d-----w-	c:\users\fudgi\AppData\Roaming\vlc
2010-08-02 00:43 . 2010-05-15 21:11	--------	d-----w-	c:\users\fudgi\AppData\Roaming\dvdcss
2010-07-25 21:00 . 2010-07-25 21:00	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-07-25 20:42 . 2010-02-18 00:41	--------	d-----w-	c:\programdata\Microsoft Help
2010-07-20 22:26 . 2010-01-31 09:55	--------	d-----w-	c:\users\fudgi\AppData\Roaming\ICQ
2010-07-18 09:34 . 2010-04-23 11:23	--------	d-----w-	c:\program files\JDownloader
2010-07-15 00:30 . 2010-05-07 21:01	--------	d-----w-	c:\program files\SpeedFan
2010-07-11 13:49 . 2010-07-11 13:40	--------	d-----w-	c:\program files\ASUS
2010-07-11 13:49 . 2010-01-31 09:55	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-11 13:40 . 2010-07-11 13:40	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-07-11 13:07 . 2010-07-11 13:07	--------	d-----w-	c:\program files\Core Temp
2010-07-09 11:12 . 2010-07-09 10:49	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-07-09 10:50 . 2010-07-09 10:49	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-07-09 10:40 . 2010-07-09 10:38	--------	d-----w-	c:\users\fudgi\AppData\Roaming\QuickScan
2010-07-09 10:40 . 2010-07-09 10:40	720896	----a-w-	c:\windows\iun6002.exe
2010-07-06 20:06 . 2010-07-06 15:08	--------	d-----w-	c:\program files\watchDirectory
2010-07-06 15:21 . 2010-07-06 15:21	--------	d-----w-	c:\users\fudgi\AppData\Roaming\GrabPro
2010-07-06 15:21 . 2010-07-06 15:21	--------	d-----w-	c:\program files\Orbitdownloader
2010-07-06 15:20 . 2010-07-06 15:20	--------	d-----w-	c:\users\fudgi\AppData\Roaming\Gutscheinmieze
2010-07-02 00:05 . 2010-07-01 13:06	--------	d-----w-	c:\users\fudgi\AppData\Roaming\DivX
2010-07-01 12:13 . 2010-07-01 12:13	--------	d-----w-	c:\users\fudgi\AppData\Roaming\TortoiseSVN
2010-07-01 11:09 . 2010-07-01 11:09	--------	d-----w-	c:\users\fudgi\AppData\Roaming\Subversion
2010-07-01 11:08 . 2010-07-01 11:08	--------	d-----w-	c:\program files\TortoiseSVN
2010-07-01 11:08 . 2010-07-01 11:08	--------	d-----w-	c:\program files\Common Files\TortoiseOverlays
2010-06-28 11:05 . 2010-06-28 11:05	13430643	----a-w-	C:\ghostpdl-8.71-win32.zip
2010-06-12 14:07 . 2010-01-28 22:49	109216	----a-w-	c:\users\fudgi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-10 16:38 . 2010-06-10 16:38	67440	----a-r-	c:\users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\NewShortcut2_DD172C74541145868246ADE181F1051F.exe
2010-06-10 16:38 . 2010-06-10 16:38	149360	----a-r-	c:\users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\NewShortcut11_1B47E40F0FE04A059EF1DDA8922D0BA2.exe
2010-06-10 16:38 . 2010-06-10 16:38	149360	----a-r-	c:\users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\NewShortcut1_367DA4EF0C9243128CC33655B17DC263.exe
2010-06-10 16:38 . 2010-06-10 16:38	149360	----a-r-	c:\users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\ARPPRODUCTICON.exe
2010-06-10 16:28 . 2010-06-10 16:28	59368	----a-r-	c:\users\fudgi\AppData\Roaming\Microsoft\Installer\{D66DBB4B-3E39-4DE9-833E-423EB0DE247C}\ARPPRODUCTICON.exe
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50	66312	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50	66312	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50	66312	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50	66312	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50	66312	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50	66312	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50	66312	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50	66312	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50	66312	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\fudgi\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-28 135664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Octoshape Streaming Services"="c:\users\fudgi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"G Data AntiVirus Tray Application"="c:\program files\G Data\AntiVirus\AVKTray\AVKTray.exe" [2010-03-31 963144]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2010-7-6 1809680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKLM\~\startupfolder\C:^Users^fudgi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Antimalware Doctor.lnk]
path=c:\users\fudgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
backup=c:\windows\pss\Antimalware Doctor.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50	1144104	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2009-07-14 01:14	51712	----a-w-	c:\windows\Speech\Common\sapisvr.exe

R3 ALSysIO;ALSysIO;c:\users\fudgi\AppData\Local\Temp\ALSysIO.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-18 691696]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2010-08-29 33480]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2010-08-29 61512]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2010-08-29 40904]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2010-08-29 29992]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-04-07 1146440]
S2 AVKService;G Data Scheduler;c:\program files\G Data\AntiVirus\AVK\AVKService.exe [2010-03-31 410696]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\AntiVirus\AVK\AVKWCtl.exe [2010-03-15 1279816]
S2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [2010-04-12 242176]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2010-04-22 339016]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2010-08-29 38856]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - cxcca
.
Inhalt des "geplante Tasks" Ordners

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-344238117-2985730186-2944176282-1001Core.job
- c:\users\fudgi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-28 22:56]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-344238117-2985730186-2944176282-1001UA.job
- c:\users\fudgi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-28 22:56]

2010-08-28 c:\windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
- c:\windows\Kriced.exe [2010-08-28 19:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\fudgi\AppData\Roaming\Mozilla\Firefox\Profiles\34xxeldv.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\users\fudgi\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-20W6RLKX65 - c:\users\fudgi\AppData\Local\Temp\Kqr.exe
MSConfigStartUp-bfrhvhdl - c:\users\fudgi\AppData\Local\fpfxijqof\circmmishdw.exe
MSConfigStartUp-bipro - c:\windows\$NtUninstallMTF1011$\mmduch.dll
MSConfigStartUp-EWABQAF7KL - c:\users\fudgi\AppData\Local\Temp\Kqr.exe
MSConfigStartUp-hse897ifdsjf98u3heuidhfdd - c:\users\fudgi\AppData\Local\Temp\wnnf9zt40.exe
MSConfigStartUp-igigkyxx - c:\users\fudgi\AppData\Local\vcmyiqdvn\cawxhqqshdw.exe
MSConfigStartUp-kcpvdifa - c:\users\fudgi\AppData\Local\kpoxiaqfe\cqppwgdshdw.exe
MSConfigStartUp-mediafix70700en02 - c:\users\fudgi\AppData\Roaming\17598169F3609228271747FA321FC526\mediafix70700en02.exe
MSConfigStartUp-morxnsacwe - c:\users\fudgi\AppData\Local\Temp\morxnsacwe.exe
MSConfigStartUp-NetLog2 - c:\windows\svc2.exe
MSConfigStartUp-XBV6RD5SZF - c:\users\fudgi\AppData\Local\Temp\Kqs.exe
AddRemove-watchDirectory version 4_is1 - c:\program files\watchDirectory\unins000.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cxcca]

.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(1128)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\brsvc01a.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\conhost.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-29  13:08:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-29 11:08

Vor Suchlauf: 2.726.907.904 Bytes frei
Nach Suchlauf: 2.622.496.768 Bytes frei

- - End Of File - - A0EF941DA71CCDB7B4782DB5E81BF0BA
         
gmer Log
Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-29 13:21:35
Windows 6.1.7600 
Running: w5k7w7ou.exe; Driver: C:\Users\fudgi\AppData\Local\Temp\pglcypod.sys


---- System - GMER 1.0.15 ----

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82C47AF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82C47104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82C473F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82C2F634
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82C2F898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82C471DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82C47958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82C476F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82C47F2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82C481A8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                     82860599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82884F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               System32\Drivers\cxcca.sys                                                                                          Das System kann den angegebenen Pfad nicht finden. !
.text           peauth.sys                                                                                                          99E3FC9D 28 Bytes  [8F, 3A, 1E, 22, 4F, 9C, 9D, ...]
.text           peauth.sys                                                                                                          99E3FCC1 28 Bytes  [8F, 3A, 1E, 22, 4F, 9C, 9D, ...]
?               C:\Users\fudgi\AppData\Local\Temp\mbr.sys                                                                           Das System kann die angegebene Datei nicht finden. !
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                          Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              85B74680

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004b                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\cxcca@Type                                                                   1
Reg             HKLM\SYSTEM\CurrentControlSet\services\cxcca@Start                                                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\services\cxcca@ErrorControl                                                           0
Reg             HKLM\SYSTEM\CurrentControlSet\services\cxcca@Group                                                                  Boot Bus Extender
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x40 0xF9 0xE9 0xF9 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x17 0x2B 0xD9 0x70 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x67 0xD5 0x16 0x33 ...
Reg             HKLM\SYSTEM\ControlSet002\services\cxcca@Type                                                                       1
Reg             HKLM\SYSTEM\ControlSet002\services\cxcca@Start                                                                      0
Reg             HKLM\SYSTEM\ControlSet002\services\cxcca@ErrorControl                                                               0
Reg             HKLM\SYSTEM\ControlSet002\services\cxcca@Group                                                                      Boot Bus Extender
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x40 0xF9 0xE9 0xF9 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x17 0x2B 0xD9 0x70 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x67 0xD5 0x16 0x33 ...

---- EOF - GMER 1.0.15 ----
         
__________________


Alt 29.08.2010, 23:34   #3
fudgi
 
Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet - Standard

Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet



keiner da der mir helfen kann?
__________________

Alt 30.08.2010, 10:50   #4
Chris4You
 
Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet - Standard

Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet



Hi,

Bitte folgende Files prüfen (notfalls kopiere die Dateien auf einen Stick (OHNE sie AUSZUFÜHREN) und lasse sie dann prüfen):

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
c:\windows\Kricec.exe
c:\windows\Kriced.exe
c:\windows\Kriceb.exe
c:\windows\Kricea.exe
c:\windows\System32\Drivers\cxcca.sys
c:\users\fudgi\AppData\Roaming\Microsoft\Installer\{A3A61264-B075-46BE-9C97-376EA4CEEEF5}\NewShortcut1_367DA4EF0C9243128CC33655B17DC263.exe
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
(Notfalls auch auf Stick und dann auf den infizierten Rechner kopieren, das gleiche mit OTL...)
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

TDSS-Killer
Download und Anweisung unter: http://www.trojaner-board.de/82358-tdsskiller-google-umleitungen-tdss-tdl3-alureon-rootkit-entfernen.html#post640150
Entpacke alle Dateien!

Start.bat erstellen:
Start->alle Programme->Zubehör->Editor und kopiere folgenden Text rein:
Code:
ATTFilter
@ECHO OFF
TDSSKiller.exe -l report.txt -v
DEL %0
         
chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 30.08.2010, 21:37   #5
fudgi
 
Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet - Standard

Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet



da ich ja nicht online gehen kann mit dem infizierten pc, kann ich dort auch keine updates ausführen. bzw musste die dateien, dann auf einem usb rüberkopieren und hier auf dem laptop mit virustotal überprüfen lassen, jedoch cxcca.sys lässt sich leider nicht kopieren.
Kricea.exe:
Code:
ATTFilter
Antivirus	Version	Last Update	Result
AhnLab-V3	2010.08.30.00	2010.08.30	-
AntiVir	8.2.4.46	2010.08.30	-
Antiy-AVL	2.0.3.7	2010.08.30	-
Authentium	5.2.0.5	2010.08.30	W32/Renos.A!Generic
Avast	4.8.1351.0	2010.08.30	Win32:MalOb-BX
Avast5	5.0.594.0	2010.08.30	Win32:MalOb-BX
AVG	9.0.0.851	2010.08.30	Generic19.ABA
BitDefender	7.2	2010.08.30	Gen:Variant.Renos.41
CAT-QuickHeal	11.00	2010.08.30	-
ClamAV	0.96.2.0-git	2010.08.30	-
Comodo	5912	2010.08.30	-
DrWeb	5.0.2.03300	2010.08.30	Trojan.Packed.160
Emsisoft	5.0.0.37	2010.08.30	-
eSafe	7.0.17.0	2010.08.30	-
eTrust-Vet	36.1.7826	2010.08.30	Win32/Renos.D!generic
F-Prot	4.6.1.107	2010.08.30	W32/Renos.A!Generic
F-Secure	9.0.15370.0	2010.08.30	Gen:Variant.Renos.41
Fortinet	4.1.143.0	2010.08.30	-
GData	21	2010.08.30	Gen:Variant.Renos.41
Ikarus	T3.1.1.88.0	2010.08.30	-
Jiangmin	13.0.900	2010.08.30	-
K7AntiVirus	9.63.2396	2010.08.30	Virus
Kaspersky	7.0.0.125	2010.08.30	-
McAfee	5.400.0.1158	2010.08.30	Downloader-CEW.b
McAfee-GW-Edition	2010.1B	2010.08.30	Heuristic.BehavesLike.Win32.Suspicious.H
Microsoft	1.6103	2010.08.30	-
NOD32	5409	2010.08.30	a variant of Win32/Kryptik.GKJ
Norman	6.05.11	2010.08.30	-
nProtect	2010-08-30.01	2010.08.30	Gen:Variant.Renos.41
Panda	10.0.2.7	2010.08.30	Suspicious file
PCTools	7.0.3.5	2010.08.30	Trojan.FakeAV
Prevx	3.0	2010.08.30	Medium Risk Malware
Rising	22.63.00.03	2010.08.30	-
Sophos	4.56.0	2010.08.30	Mal/FakeAV-CX
Sunbelt	6813	2010.08.30	VirTool.Win32.Obfuscator.hg!b (v)
SUPERAntiSpyware	4.40.0.1006	2010.08.30	-
Symantec	20101.1.1.7	2010.08.30	Trojan.FakeAV!gen24
TheHacker	6.5.2.1.359	2010.08.30	-
TrendMicro	9.120.0.1004	2010.08.30	-
TrendMicro-HouseCall	9.120.0.1004	2010.08.30	-
VBA32	3.12.14.0	2010.08.30	-
ViRobot	2010.8.9.3978	2010.08.30	-
VirusBuster	5.0.27.0	2010.08.30	-
Additional informationShow all
MD5   : ad11b86e1584a3d35144df63c80d067b
SHA1  : d261141a34def8a229a240b4775b10a26d33bc24
SHA256: 3234e987957cf4fe6339c5c4b0c33b931055b0b277e3cce7d5ad5de2acedb554
ssdeep: 3072:h+qoKM8vUxdqvTCnXOHO+otL4Dg0SuPEcuOAsTSs6Q9SL8:h+qoKMDcTCJtLH0S/uAsTSs
z
File size : 187392 bytes
First seen: 2010-08-30 19:19:50
Last seen : 2010-08-30 19:19:50
TrID: 
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck: 
publisher....: OpenSC Project
copyright....: Opexs
product......: Opex
description..: Opex
original name: Opex.exe
internal name: Opex
file version.: 0.1.3.0
comments.....: OpenEx
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x7FFC
timedatestamp....: 0x4A4B1831 (Wed Jul 01 08:02:57 2009)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xA453, 0xA600, 4.52, 98af9771c603762af96886e3ff16238d
.data, 0xC000, 0x1F211, 0x1F400, 7.49, 8b21f740e151ce9a018ba7c563a45733
.rdata, 0x2C000, 0xD678, 0x800, 0.00, c99a74c555371a433d121f551d6c6398
.idata, 0x3A000, 0x14E, 0x200, 0.00, bf619eac0cdf3f68d496ea9344137e8b
.cdata, 0x3B000, 0x727, 0x800, 0.01, aa74539ff9922dcd498f2a99cc2a2596
.rsrc, 0x3C000, 0x2AD8, 0x2C00, 3.52, c4cd8831bd47a1c0d556bb3466ef7912

[[ 2 import(s) ]]
kernel32.dll: LoadLibraryExA, SetHandleCount, lstrcmpA, LocalAlloc, GetACP, ExitThread, GetModuleHandleA, GetCommandLineA, HeapAlloc, GetVersionExA, GetProcAddress, VirtualAllocEx, GetOEMCP, VirtualAlloc, ExitProcess
USER32.dll: IsWindowVisible, GetScrollRange, IsWindowEnabled, ShowWindow, CharLowerA, DeleteMenu, GetCursor
Prevx Info: 
hxxp://info.prevx.com/aboutprogramtext.asp?PX5=7637ADF9006CC73FDCDC02295E0A63008CB99917
         
Kriceb.exe:
Code:
ATTFilter
Antivirus	Version	Last Update	Result
AhnLab-V3	2010.08.30.00	2010.08.30	-
AntiVir	8.2.4.46	2010.08.30	-
Antiy-AVL	2.0.3.7	2010.08.30	-
Authentium	5.2.0.5	2010.08.30	W32/Renos.A!Generic
Avast	4.8.1351.0	2010.08.30	Win32:MalOb-BX
Avast5	5.0.594.0	2010.08.30	Win32:MalOb-BX
AVG	9.0.0.851	2010.08.30	Generic19.ABA
BitDefender	7.2	2010.08.30	Gen:Variant.Renos.41
CAT-QuickHeal	11.00	2010.08.30	-
ClamAV	0.96.2.0-git	2010.08.30	-
Comodo	5912	2010.08.30	-
DrWeb	5.0.2.03300	2010.08.30	Trojan.Packed.160
Emsisoft	5.0.0.37	2010.08.30	-
eSafe	7.0.17.0	2010.08.30	-
eTrust-Vet	36.1.7827	2010.08.30	Win32/Renos.D!generic
F-Prot	4.6.1.107	2010.08.30	W32/Renos.A!Generic
F-Secure	9.0.15370.0	2010.08.30	Gen:Variant.Renos.41
Fortinet	4.1.143.0	2010.08.30	-
GData	21	2010.08.30	Gen:Variant.Renos.41
Ikarus	T3.1.1.88.0	2010.08.30	-
Jiangmin	13.0.900	2010.08.30	-
K7AntiVirus	9.63.2396	2010.08.30	Virus
Kaspersky	7.0.0.125	2010.08.30	-
McAfee	5.400.0.1158	2010.08.30	Downloader-CEW.b
McAfee-GW-Edition	2010.1B	2010.08.30	Heuristic.BehavesLike.Win32.Suspicious.H
Microsoft	1.6103	2010.08.30	-
NOD32	5410	2010.08.30	a variant of Win32/Kryptik.GKJ
Norman	6.05.11	2010.08.30	-
nProtect	2010-08-30.01	2010.08.30	Gen:Variant.Renos.41
Panda	10.0.2.7	2010.08.30	Suspicious file
PCTools	7.0.3.5	2010.08.30	Trojan.FakeAV
Prevx	3.0	2010.08.30	Medium Risk Malware
Rising	22.63.00.03	2010.08.30	-
Sophos	4.56.0	2010.08.30	Mal/FakeAV-CX
Sunbelt	6813	2010.08.30	VirTool.Win32.Obfuscator.hg!b (v)
SUPERAntiSpyware	4.40.0.1006	2010.08.30	-
Symantec	20101.1.1.7	2010.08.30	Trojan.FakeAV!gen24
TheHacker	6.5.2.1.359	2010.08.30	-
TrendMicro	9.120.0.1004	2010.08.30	-
TrendMicro-HouseCall	9.120.0.1004	2010.08.30	-
VBA32	3.12.14.0	2010.08.30	-
ViRobot	2010.8.9.3978	2010.08.30	-
VirusBuster	5.0.27.0	2010.08.30	-
Additional informationShow all
MD5   : ad11b86e1584a3d35144df63c80d067b
SHA1  : d261141a34def8a229a240b4775b10a26d33bc24
SHA256: 3234e987957cf4fe6339c5c4b0c33b931055b0b277e3cce7d5ad5de2acedb554
ssdeep: 3072:h+qoKM8vUxdqvTCnXOHO+otL4Dg0SuPEcuOAsTSs6Q9SL8:h+qoKMDcTCJtLH0S/uAsTSs
z
File size : 187392 bytes
First seen: 2010-08-30 19:19:50
Last seen : 2010-08-30 19:27:04
TrID: 
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck: 
publisher....: OpenSC Project
copyright....: Opexs
product......: Opex
description..: Opex
original name: Opex.exe
internal name: Opex
file version.: 0.1.3.0
comments.....: OpenEx
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x7FFC
timedatestamp....: 0x4A4B1831 (Wed Jul 01 08:02:57 2009)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xA453, 0xA600, 4.52, 98af9771c603762af96886e3ff16238d
.data, 0xC000, 0x1F211, 0x1F400, 7.49, 8b21f740e151ce9a018ba7c563a45733
.rdata, 0x2C000, 0xD678, 0x800, 0.00, c99a74c555371a433d121f551d6c6398
.idata, 0x3A000, 0x14E, 0x200, 0.00, bf619eac0cdf3f68d496ea9344137e8b
.cdata, 0x3B000, 0x727, 0x800, 0.01, aa74539ff9922dcd498f2a99cc2a2596
.rsrc, 0x3C000, 0x2AD8, 0x2C00, 3.52, c4cd8831bd47a1c0d556bb3466ef7912

[[ 2 import(s) ]]
kernel32.dll: LoadLibraryExA, SetHandleCount, lstrcmpA, LocalAlloc, GetACP, ExitThread, GetModuleHandleA, GetCommandLineA, HeapAlloc, GetVersionExA, GetProcAddress, VirtualAllocEx, GetOEMCP, VirtualAlloc, ExitProcess
USER32.dll: IsWindowVisible, GetScrollRange, IsWindowEnabled, ShowWindow, CharLowerA, DeleteMenu, GetCursor
Prevx Info: 
hxxp://info.prevx.com/aboutprogramtext.asp?PX5=7637ADF9006CC73FDCDC02295E0A63008CB99917
         
Kricec.exe:
Code:
ATTFilter
Antivirus	Version	Last Update	Result
AhnLab-V3	2010.08.30.00	2010.08.30	-
AntiVir	8.2.4.46	2010.08.30	-
Antiy-AVL	2.0.3.7	2010.08.30	-
Authentium	5.2.0.5	2010.08.30	W32/Renos.A!Generic
Avast	4.8.1351.0	2010.08.30	Win32:MalOb-BX
Avast5	5.0.594.0	2010.08.30	Win32:MalOb-BX
AVG	9.0.0.851	2010.08.30	Generic19.ABA
BitDefender	7.2	2010.08.30	Gen:Variant.Renos.41
CAT-QuickHeal	11.00	2010.08.30	-
ClamAV	0.96.2.0-git	2010.08.30	-
Comodo	5912	2010.08.30	-
DrWeb	5.0.2.03300	2010.08.30	Trojan.Packed.160
Emsisoft	5.0.0.37	2010.08.30	-
eSafe	7.0.17.0	2010.08.30	-
eTrust-Vet	36.1.7827	2010.08.30	Win32/Renos.D!generic
F-Prot	4.6.1.107	2010.08.30	W32/Renos.A!Generic
F-Secure	9.0.15370.0	2010.08.30	Gen:Variant.Renos.41
Fortinet	4.1.143.0	2010.08.30	-
GData	21	2010.08.30	Gen:Variant.Renos.41
Ikarus	T3.1.1.88.0	2010.08.30	-
Jiangmin	13.0.900	2010.08.30	-
K7AntiVirus	9.63.2396	2010.08.30	Virus
Kaspersky	7.0.0.125	2010.08.30	-
McAfee	5.400.0.1158	2010.08.30	Downloader-CEW.b
McAfee-GW-Edition	2010.1B	2010.08.30	Heuristic.BehavesLike.Win32.Suspicious.H
Microsoft	1.6103	2010.08.30	-
NOD32	5410	2010.08.30	a variant of Win32/Kryptik.GKJ
Norman	6.05.11	2010.08.30	-
nProtect	2010-08-30.01	2010.08.30	Gen:Variant.Renos.41
Panda	10.0.2.7	2010.08.30	Suspicious file
PCTools	7.0.3.5	2010.08.30	Trojan.FakeAV
Prevx	3.0	2010.08.30	Medium Risk Malware
Rising	22.63.00.03	2010.08.30	-
Sophos	4.56.0	2010.08.30	Mal/FakeAV-CX
Sunbelt	6813	2010.08.30	VirTool.Win32.Obfuscator.hg!b (v)
SUPERAntiSpyware	4.40.0.1006	2010.08.30	-
Symantec	20101.1.1.7	2010.08.30	Trojan.FakeAV!gen24
TheHacker	6.5.2.1.359	2010.08.30	-
TrendMicro	9.120.0.1004	2010.08.30	-
TrendMicro-HouseCall	9.120.0.1004	2010.08.30	-
VBA32	3.12.14.0	2010.08.30	-
ViRobot	2010.8.9.3978	2010.08.30	-
VirusBuster	5.0.27.0	2010.08.30	-
Additional informationShow all
MD5   : ad11b86e1584a3d35144df63c80d067b
SHA1  : d261141a34def8a229a240b4775b10a26d33bc24
SHA256: 3234e987957cf4fe6339c5c4b0c33b931055b0b277e3cce7d5ad5de2acedb554
ssdeep: 3072:h+qoKM8vUxdqvTCnXOHO+otL4Dg0SuPEcuOAsTSs6Q9SL8:h+qoKMDcTCJtLH0S/uAsTSs
z
File size : 187392 bytes
First seen: 2010-08-30 19:19:50
Last seen : 2010-08-30 19:29:21
TrID: 
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck: 
publisher....: OpenSC Project
copyright....: Opexs
product......: Opex
description..: Opex
original name: Opex.exe
internal name: Opex
file version.: 0.1.3.0
comments.....: OpenEx
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x7FFC
timedatestamp....: 0x4A4B1831 (Wed Jul 01 08:02:57 2009)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xA453, 0xA600, 4.52, 98af9771c603762af96886e3ff16238d
.data, 0xC000, 0x1F211, 0x1F400, 7.49, 8b21f740e151ce9a018ba7c563a45733
.rdata, 0x2C000, 0xD678, 0x800, 0.00, c99a74c555371a433d121f551d6c6398
.idata, 0x3A000, 0x14E, 0x200, 0.00, bf619eac0cdf3f68d496ea9344137e8b
.cdata, 0x3B000, 0x727, 0x800, 0.01, aa74539ff9922dcd498f2a99cc2a2596
.rsrc, 0x3C000, 0x2AD8, 0x2C00, 3.52, c4cd8831bd47a1c0d556bb3466ef7912

[[ 2 import(s) ]]
kernel32.dll: LoadLibraryExA, SetHandleCount, lstrcmpA, LocalAlloc, GetACP, ExitThread, GetModuleHandleA, GetCommandLineA, HeapAlloc, GetVersionExA, GetProcAddress, VirtualAllocEx, GetOEMCP, VirtualAlloc, ExitProcess
USER32.dll: IsWindowVisible, GetScrollRange, IsWindowEnabled, ShowWindow, CharLowerA, DeleteMenu, GetCursor
Prevx Info: 
hxxp://info.prevx.com/aboutprogramtext.asp?PX5=7637ADF9006CC73FDCDC02295E0A63008CB99917
         
Kriced.exe
Code:
ATTFilter
Antivirus	Version	Last Update	Result
AhnLab-V3	2010.08.30.00	2010.08.30	Trojan/Win32.FakeAV
AntiVir	8.2.4.46	2010.08.30	-
Antiy-AVL	2.0.3.7	2010.08.30	-
Authentium	5.2.0.5	2010.08.30	W32/Renos.A!Generic
Avast	4.8.1351.0	2010.08.30	Win32:MalOb-BX
Avast5	5.0.594.0	2010.08.30	Win32:MalOb-BX
AVG	9.0.0.851	2010.08.30	Generic19.ABA
BitDefender	7.2	2010.08.30	Gen:Variant.Renos.41
CAT-QuickHeal	11.00	2010.08.30	-
ClamAV	0.96.2.0-git	2010.08.30	-
Comodo	5912	2010.08.30	-
DrWeb	5.0.2.03300	2010.08.30	Trojan.Packed.160
Emsisoft	5.0.0.37	2010.08.30	-
eSafe	7.0.17.0	2010.08.30	-
eTrust-Vet	36.1.7827	2010.08.30	Win32/Renos.D!generic
F-Prot	4.6.1.107	2010.08.30	W32/Renos.A!Generic
F-Secure	9.0.15370.0	2010.08.30	Gen:Variant.Renos.41
Fortinet	4.1.143.0	2010.08.30	-
GData	21	2010.08.30	Gen:Variant.Renos.41
Ikarus	T3.1.1.88.0	2010.08.30	-
Jiangmin	13.0.900	2010.08.30	-
K7AntiVirus	9.63.2396	2010.08.30	Virus
Kaspersky	7.0.0.125	2010.08.30	-
McAfee	5.400.0.1158	2010.08.30	Downloader-CEW.b
McAfee-GW-Edition	2010.1B	2010.08.30	Heuristic.BehavesLike.Win32.Suspicious.H
Microsoft	1.6103	2010.08.30	-
NOD32	5410	2010.08.30	a variant of Win32/Kryptik.GKJ
Norman	6.05.11	2010.08.30	-
nProtect	2010-08-30.01	2010.08.30	Gen:Variant.Renos.41
Panda	10.0.2.7	2010.08.30	Suspicious file
PCTools	7.0.3.5	2010.08.30	Trojan.FakeAV
Prevx	3.0	2010.08.30	Medium Risk Malware
Rising	22.63.00.03	2010.08.30	-
Sophos	4.56.0	2010.08.30	Mal/FakeAV-CX
Sunbelt	6813	2010.08.30	VirTool.Win32.Obfuscator.hg!b (v)
SUPERAntiSpyware	4.40.0.1006	2010.08.30	-
Symantec	20101.1.1.7	2010.08.30	Trojan.FakeAV!gen24
TheHacker	6.5.2.1.359	2010.08.30	-
TrendMicro	9.120.0.1004	2010.08.30	-
TrendMicro-HouseCall	9.120.0.1004	2010.08.30	-
VBA32	3.12.14.0	2010.08.30	-
ViRobot	2010.8.9.3978	2010.08.30	-
VirusBuster	5.0.27.0	2010.08.30	-
Additional informationShow all
MD5   : ad11b86e1584a3d35144df63c80d067b
SHA1  : d261141a34def8a229a240b4775b10a26d33bc24
SHA256: 3234e987957cf4fe6339c5c4b0c33b931055b0b277e3cce7d5ad5de2acedb554
ssdeep: 3072:h+qoKM8vUxdqvTCnXOHO+otL4Dg0SuPEcuOAsTSs6Q9SL8:h+qoKMDcTCJtLH0S/uAsTSs
z
File size : 187392 bytes
First seen: 2010-08-30 19:19:50
Last seen : 2010-08-30 19:33:37
TrID: 
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck: 
publisher....: OpenSC Project
copyright....: Opexs
product......: Opex
description..: Opex
original name: Opex.exe
internal name: Opex
file version.: 0.1.3.0
comments.....: OpenEx
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x7FFC
timedatestamp....: 0x4A4B1831 (Wed Jul 01 08:02:57 2009)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xA453, 0xA600, 4.52, 98af9771c603762af96886e3ff16238d
.data, 0xC000, 0x1F211, 0x1F400, 7.49, 8b21f740e151ce9a018ba7c563a45733
.rdata, 0x2C000, 0xD678, 0x800, 0.00, c99a74c555371a433d121f551d6c6398
.idata, 0x3A000, 0x14E, 0x200, 0.00, bf619eac0cdf3f68d496ea9344137e8b
.cdata, 0x3B000, 0x727, 0x800, 0.01, aa74539ff9922dcd498f2a99cc2a2596
.rsrc, 0x3C000, 0x2AD8, 0x2C00, 3.52, c4cd8831bd47a1c0d556bb3466ef7912

[[ 2 import(s) ]]
kernel32.dll: LoadLibraryExA, SetHandleCount, lstrcmpA, LocalAlloc, GetACP, ExitThread, GetModuleHandleA, GetCommandLineA, HeapAlloc, GetVersionExA, GetProcAddress, VirtualAllocEx, GetOEMCP, VirtualAlloc, ExitProcess
USER32.dll: IsWindowVisible, GetScrollRange, IsWindowEnabled, ShowWindow, CharLowerA, DeleteMenu, GetCursor
Prevx Info: 
hxxp://info.prevx.com/aboutprogramtext.asp?PX5=7637ADF9006CC73FDCDC02295E0A63008CB99917
         
Newshortcut....:
Code:
ATTFilter
Antivirus	Version	Last Update	Result
AhnLab-V3	2010.08.30.00	2010.08.30	-
AntiVir	8.2.4.46	2010.08.30	-
Antiy-AVL	2.0.3.7	2010.08.30	-
Authentium	5.2.0.5	2010.08.30	-
Avast	4.8.1351.0	2010.08.30	-
Avast5	5.0.594.0	2010.08.30	-
AVG	9.0.0.851	2010.08.30	-
BitDefender	7.2	2010.08.30	-
CAT-QuickHeal	11.00	2010.08.30	-
ClamAV	0.96.2.0-git	2010.08.30	-
Comodo	5912	2010.08.30	-
DrWeb	5.0.2.03300	2010.08.30	-
Emsisoft	5.0.0.37	2010.08.30	-
eSafe	7.0.17.0	2010.08.30	-
eTrust-Vet	36.1.7827	2010.08.30	-
F-Prot	4.6.1.107	2010.08.30	-
F-Secure	9.0.15370.0	2010.08.30	-
Fortinet	4.1.143.0	2010.08.30	-
GData	21	2010.08.30	-
Ikarus	T3.1.1.88.0	2010.08.30	-
Jiangmin	13.0.900	2010.08.30	-
K7AntiVirus	9.63.2396	2010.08.30	-
Kaspersky	7.0.0.125	2010.08.30	-
McAfee	5.400.0.1158	2010.08.30	-
McAfee-GW-Edition	2010.1B	2010.08.30	-
Microsoft	1.6103	2010.08.30	-
NOD32	5410	2010.08.30	-
Norman	6.05.11	2010.08.30	-
nProtect	2010-08-30.01	2010.08.30	-
Panda	10.0.2.7	2010.08.30	-
PCTools	7.0.3.5	2010.08.30	-
Prevx	3.0	2010.08.30	-
Rising	22.63.00.03	2010.08.30	-
Sophos	4.56.0	2010.08.30	-
Sunbelt	6813	2010.08.30	-
SUPERAntiSpyware	4.40.0.1006	2010.08.30	-
Symantec	20101.1.1.7	2010.08.30	-
TheHacker	6.5.2.1.359	2010.08.30	-
TrendMicro	9.120.0.1004	2010.08.30	-
TrendMicro-HouseCall	9.120.0.1004	2010.08.30	-
VBA32	3.12.14.0	2010.08.30	-
ViRobot	2010.8.9.3978	2010.08.30	-
VirusBuster	5.0.27.0	2010.08.30	-
Additional informationShow all
MD5   : ebcce4001d29563f65882a8d62f138a8
SHA1  : 309aee65b3d5b2f2faa9e67ed8f49246a2caa7a6
SHA256: 942958b0f3cfd1e6d72d73152d1748e8e7d848a3af16796ab85c092ce6579502
ssdeep: 768:jMAyAdTmPJbgqcnDcPgq5A+uQ64Yku8w9+3pnfyQF/1J+35rXQVvLKURLXf:jdU81coXQP3
3pnvF/1JS7QVveu
File size : 149360 bytes
First seen: 2010-08-30 19:36:22
Last seen : 2010-08-30 19:36:22
TrID: 
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck: 
publisher....: Acresso Software Inc.
copyright....: Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.
product......: InstallShield
description..: InstallShield
original name: _IsIcoRes.exe
internal name: _IsIcoRes.exe
file version.: 16.0.328
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: Armadillo v1.71
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1005
timedatestamp....: 0x4A3003A5 (Wed Jun 10 19:04:05 2009)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x35AE, 0x4000, 5.95, 125d4361997b933c25cdfaa441c403f6
.rdata, 0x5000, 0x7A0, 0x1000, 3.17, 15e13969f0737bb4ec50592b029c02f2
.data, 0x6000, 0x29DC, 0x3000, 0.36, 9b57a8510b2e985a48115bbaee120bb5
.rsrc, 0x9000, 0x19CA4, 0x1A000, 4.44, 466b07ce0b673f415e2e0a45df191649

[[ 1 import(s) ]]
KERNEL32.dll: GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, GetCPInfo, GetACP, GetOEMCP, HeapAlloc, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW
         


Alt 31.08.2010, 08:20   #6
Chris4You
 
Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet - Standard

Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet



Hi,

bitte poste noch das OTL-Log...

Allerdings können wir bereits mit OTL folgende Dateien zu Leibe rücken:

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
Code:
ATTFilter
:Services
cxcca.sys

:Files
c:\windows\Kricec.exe
c:\windows\Kriced.exe
c:\windows\Kriceb.exe
c:\windows\Kricea.exe
c:\windows\System32\Drivers\cxcca.sys

:OTL
MsConfig - StartUpReg: 20W6RLKX65 - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\Kqr.exe File not found
MsConfig - StartUpReg: bfrhvhdl - hkey= - key= - C:\Users\fudgi\AppData\Local\fpfxijqof\circmmishdw.exe File not found
MsConfig - StartUpReg: bipro - hkey= - key= - C:\Windows\$NtUninstallMTF1011$\mmduch.DLL File not found
MsConfig - StartUpReg: EWABQAF7KL - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\Kqr.exe File not found
MsConfig - StartUpReg: hse897ifdsjf98u3heuidhfdd - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\wnnf9zt40.exe File not found
MsConfig - StartUpReg: igigkyxx - hkey= - key= - C:\Users\fudgi\AppData\Local\vcmyiqdvn\cawxhqqshdw.exe File not found
MsConfig - StartUpReg: kcpvdifa - hkey= - key= - C:\Users\fudgi\AppData\Local\kpoxiaqfe\cqppwgdshdw.exe File not found
MsConfig - StartUpReg: mediafix70700en02.exe - hkey= - key= - C:\Users\fudgi\AppData\Roaming\17598169F3609228271747FA321FC526\mediafix70700en02.exe File not found
MsConfig - StartUpReg: morxnsacwe.exe - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\morxnsacwe.exe File not found
MsConfig - StartUpReg: NetLog2 - hkey= - key= - C:\Windows\svc2.exe File not found
MsConfig - StartUpReg: XBV6RD5SZF - hkey= - key= - C:\Users\fudgi\AppData\Local\Temp\Kqs.exe File not found


:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

MAM per Hand updaten:
Das Update der Signaturdatei findest Du unter:
http://www.malwarebytes.org/mbam/database/rules.ref
auf einen Stick kopieren und dann auf dem Zielrechner in:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware.
Danach Fullscan und alles bereinigen lassen...

chris
__________________
--> Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet

Antwort

Themen zu Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet
32 bit, 4d36e972-e325-11ce-bfc1-08002be10318, 7-zip, alternate, antivirus, awareness, bho, c:\windows\system32\rundll32.exe, c:\windows\system32\services.exe, components, corp./icp, dateisystem, defender, downloader, error, fehler, firefox, flash player, fontcache, format, google, internet, internet explorer, jdownloader, langs, local\temp, location, logfile, media center, microsoft office word, mozilla, mozilla thunderbird, netzwerklistendienst, nvlddmkm.sys, nvstor.sys, oldtimer, otl logfile, otl.exe, problem, programdata, registry, rundll, saver, searchplugins, security, senden, services.exe, software, sptd.sys, start menu, studio, system, temp, trojaner, trojaner eingefangen, vlc media player, webcheck, windows, windows wird in einer minute neu gestartet



Ähnliche Themen: Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet


  1. ein Kritischer Fehler ist aufgetreten/ Windows Explorer funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 03.01.2015 (14)
  2. TFC killt Systemstabilität: ein kritischer fehler ist aufgetreten...
    Antiviren-, Firewall- und andere Schutzprogramme - 21.11.2014 (3)
  3. Windows7: Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet. Speichern Sie jetzt ihre Daten.
    Log-Analyse und Auswertung - 29.05.2014 (9)
  4. Ein kritischer Fehler ist aufgetreten...
    Plagegeister aller Art und deren Bekämpfung - 19.03.2014 (17)
  5. Das übliche: Windows 7: Kritischer Fehler aufgetreten, Neustart in einer Minute
    Alles rund um Windows - 03.02.2014 (5)
  6. Win 7: "Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet"
    Log-Analyse und Auswertung - 18.09.2013 (9)
  7. Kritischer Fehler, Windows neu gestartet, friert häufiger ein
    Plagegeister aller Art und deren Bekämpfung - 16.11.2012 (0)
  8. Windows- Ein kritischer Fehler ist aufgetreten , Windows wird in einer Minute neugestartet!
    Alles rund um Windows - 07.07.2012 (1)
  9. "Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet."
    Log-Analyse und Auswertung - 24.04.2012 (7)
  10. Fehlermeldung "Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet."
    Log-Analyse und Auswertung - 30.09.2011 (3)
  11. "Ein kritischer Fehler ist aufgetreten. Windows wird in einer Minute neu gestartet."
    Plagegeister aller Art und deren Bekämpfung - 01.03.2011 (7)
  12. Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet (windows vista)
    Log-Analyse und Auswertung - 16.12.2010 (1)
  13. Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet
    Log-Analyse und Auswertung - 29.08.2010 (6)
  14. Ein kritischer Fehler ist aufgetreten...
    Log-Analyse und Auswertung - 26.08.2010 (0)
  15. Fehler in Windows Vista: "Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute..."
    Log-Analyse und Auswertung - 20.08.2010 (0)
  16. Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet
    Log-Analyse und Auswertung - 19.08.2010 (1)
  17. Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet
    Log-Analyse und Auswertung - 17.08.2010 (14)

Zum Thema Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet - Hallo, und auch ich habe dieses Problem, ich habe nun wie beim Kollegen vom 16.8 alle Log Dateien erstellt, in der Hoffnung, dass mir auch weitergeholfen werden kann. Nochmal die - Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet...
Archiv
Du betrachtest: Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.